[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: ssh with ldap authentication
I agree Howard. But I disabled nscd a few days ago.
-----Original Message-----
From: Howard Chu [mailto:hyc@symas.com]
Sent: Wednesday, March 06, 2013 12:23 PM
To: Rodney Simioni; openldap-technical@openldap.org
Subject: Re: ssh with ldap authentication
Rodney Simioni wrote:
> Itâs not fixed, itâs a mystery. I just created new accounts this
> morning and I tried to login and it was unsuccessful, but these accounts may work later today.
>
> Itâs just taking a very long time for the accounts to be enabled
> through ssh login with ldap authentication.
There's nothing in OpenLDAP that would do this. Sounds like your pam or nss config is flaky, but unless you're using OpenLDAP's nssov, then this has nothing to do with OpenLDAP. Most likely you're using nscd.
> *From:*openldap-technical-bounces@OpenLDAP.org
> [mailto:openldap-technical-bounces@OpenLDAP.org] *On Behalf Of *Rodney
> Simioni
> *Sent:* Wednesday, March 06, 2013 10:47 AM
> *To:* openldap-technical@openldap.org
> *Subject:* RE: ssh with ldap authentication
>
> Something new has just transpired. Before leaving work last night, I
> created
> 10 accounts and then tried to ssh in. All the logins failed prompting
> for the password.
>
> I came to work this morning, and now all the accounts are able to
> login successfully.
>
> Why is it taking so long for the accounts to work?
>
> *From:*Rodney Simioni
> *Sent:* Tuesday, March 05, 2013 2:17 PM
> *To:* 'openldap-technical@openldap.org'
> *Subject:* ssh with ldap authentication
>
> Hi,
>
> Iâm new to LDAP. I just created a new user in LDAP and it cannot
> login through ssh. It keeps prompting for the password. Any help will
> be greatly appreciated.
>
> # dude12, people, wh.local
>
> dn: uid=dude12,ou=people,dc=wh,dc=local
>
> uid: dude12
>
> cn: Johnny Appleseed
>
> objectClass: account
>
> objectClass: posixAccount
>
> objectClass: top
>
> objectClass: shadowAccount
>
> userPassword:: e1NTSEF9K2E0YXVTWlYwckMwRUhsVWlNVzBrS2U3MzA1a1JrOVI=
>
> shadowLastChange: 15140
>
> shadowMax: 99999
>
> shadowWarning: 7
>
> uidNumber: 1212
>
> gidNumber: 1212
>
> homeDirectory: /home/dude12
>
> loginShell: /bin/bash
>
> # dude12, group, wh.local
>
> dn: cn=dude12,ou=group,dc=wh,dc=local
>
> objectClass: posixGroup
>
> objectClass: top
>
> cn: dude12
>
> gidNumber: 1212
>
> userPassword:: e0NSWVBUfXg=
>
> # search result
>
> search: 2
>
> result: 0 Success
>
> # numResponses: 220
>
> # numEntries: 219
>
> ###############################
>
> When I created the user, the logs indicated.
>
> ###############################
>
> Mar 5 13:53:18 rodster slapd[2678]: =>
> bdb_dn2id("uid=dude12,ou=people,dc=wh,dc=local")
>
> Mar 5 13:53:18 rodster slapd[2678]: <= bdb_dn2id: get failed:
> DB_NOTFOUND: No matching key/data pair found (-30988)
>
> Mar 5 13:53:18 rodster slapd[2678]: => bdb_dn2id_add 0x628:
> "uid=dude12,ou=people,dc=wh,dc=local"
>
> Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628
> %ou=people,dc=wh,dc=local
>
> Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628
> @ou=people,dc=wh,dc=local
>
> Mar 5 13:53:18 rodster slapd[2678]: <= bdb_dn2id_add 0x628: 0
>
> Mar 5 13:53:18 rodster slapd[2678]: => index_entry_add( 1576,
> "uid=dude12,ou=people,dc=wh,dc=local" )
>
> Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
>
> Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628
>
> Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
>
> Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
>
> Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628
> [7c477315]
>
> Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
>
> Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
>
> Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628
> [1fd53424]
>
> Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
>
> Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
>
> Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628
> [02537054]
>
> Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
>
> Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
>
> Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628
> [53430dd1]
>
> Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
>
> Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
>
> Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628
> [5aef1f7f]
>
> Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
>
> Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
>
> Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628
> [acefc46f]
>
> Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
>
> Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
>
> Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628
> [caca4579]
>
> Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
>
> Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
>
> Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628
> [c37ad51a]
>
> Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
>
> Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
>
> Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628
> [9b3bdeb2]
>
> Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
>
> Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
>
> Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628
> [39ebd2f9]
>
> Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
>
> Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
>
> Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628
>
> Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
>
> Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
>
> Mar 5 13:53:18 rodster slapd[2678]: bdb_idl_insert_key: 628
> [d7851707]
>
> Mar 5 13:53:18 rodster slapd[2678]: <= key_change 0
>
> Mar 5 13:53:18 rodster slapd[2678]: => key_change(ADD,628)
>
> Mar 5 13:54:51 rodster slapd[2678]: connection_get(24)
>
> Mar 5 13:54:51 rodster slapd[2678]: connection_get(24): got
> connid=1903
>
> Mar 5 13:54:51 rodster slapd[2678]: connection_read(24): checking for
> input on id=1903
>
> Mar 5 13:54:51 rodster slapd[2678]: ber_get_next on fd 24 failed
> errno=0
> (Success)
>
> Mar 5 13:54:51 rodster slapd[2678]: connection_close: conn=1903 sd=24
>
> #######################################
>
> When I try to ssh as the user the logs indicates.
>
> #######################################
>
> Mar 5 14:14:30 rodster slapd[2678]: slap_listener_activate(7):
>
> Mar 5 14:14:30 rodster slapd[2678]: >>> slap_listener(ldap:///)
>
> Mar 5 14:14:30 rodster slapd[2678]: connection_get(17)
>
> Mar 5 14:14:30 rodster slapd[2678]: connection_get(17): got
> connid=1910
>
> Mar 5 14:14:30 rodster slapd[2678]: connection_read(17): checking for
> input on id=1910
>
> Mar 5 14:14:30 rodster slapd[2678]: op tag 0x60, time 1362510870
>
> Mar 5 14:14:30 rodster slapd[2678]: conn=1910 op=0 do_bind
>
> Mar 5 14:14:30 rodster slapd[2678]: >>> dnPrettyNormal: <>
>
> Mar 5 14:14:30 rodster slapd[2678]: <<< dnPrettyNormal: <>, <>
>
> Mar 5 14:14:30 rodster slapd[2678]: do_bind: version=3 dn=""
> method=128
>
> Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: conn=1910 op=0
> p=3
>
> Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: err=0 matched="" text=""
>
> Mar 5 14:14:30 rodster slapd[2678]: send_ldap_response: msgid=1
> tag=97 err=0
>
> Mar 5 14:14:30 rodster slapd[2678]: do_bind: v3 anonymous bind
>
> Mar 5 14:14:30 rodster slapd[2678]: connection_get(17)
>
> Mar 5 14:14:30 rodster slapd[2678]: connection_get(17): got
> connid=1910
>
> Mar 5 14:14:30 rodster slapd[2678]: connection_read(17): checking for
> input on id=1910
>
> Mar 5 14:14:30 rodster slapd[2678]: op tag 0x63, time 1362510870
>
> Mar 5 14:14:30 rodster slapd[2678]: conn=1910 op=1 do_search
>
> Mar 5 14:14:30 rodster slapd[2678]: >>> dnPrettyNormal:
> <dc=wh,dc=local>
>
> Mar 5 14:14:30 rodster slapd[2678]: <<< dnPrettyNormal:
> <dc=wh,dc=local>, <dc=wh,dc=local>
>
> Mar 5 14:14:30 rodster slapd[2678]: SRCH "dc=wh,dc=local" 2 0
>
> Mar 5 14:14:30 rodster slapd[2678]: 1 0 0
>
> Mar 5 14:14:30 rodster slapd[2678]: filter: (uid=dude12)
>
> Mar 5 14:14:30 rodster slapd[2678]: attrs:
>
> Mar 5 14:14:30 rodster slapd[2678]: host
>
> Mar 5 14:14:30 rodster slapd[2678]: authorizedService
>
> Mar 5 14:14:30 rodster slapd[2678]: shadowExpire
>
> Mar 5 14:14:30 rodster slapd[2678]: shadowFlag
>
> Mar 5 14:14:30 rodster slapd[2678]: shadowInactive
>
> Mar 5 14:14:30 rodster slapd[2678]: shadowLastChange
>
> Mar 5 14:14:30 rodster slapd[2678]: shadowMax
>
> Mar 5 14:14:30 rodster slapd[2678]: shadowMin
>
> Mar 5 14:14:30 rodster slapd[2678]: shadowWarning
>
> Mar 5 14:14:30 rodster slapd[2678]: uidNumber
>
> Mar 5 14:14:30 rodster slapd[2678]:
>
> Mar 5 14:14:30 rodster slapd[2678]: ==> limits_get: conn=1910 op=1
> self="[anonymous]" this="dc=wh,dc=local"
>
> Mar 5 14:14:30 rodster slapd[2678]: => bdb_search
>
> Mar 5 14:14:30 rodster slapd[2678]: bdb_dn2entry("dc=wh,dc=local")
>
> Mar 5 14:14:30 rodster slapd[2678]: search_candidates: base="dc=wh,dc=local"
> (0x00000001) scope=2
>
> Mar 5 14:14:30 rodster slapd[2678]: => bdb_dn2idl("dc=wh,dc=local")
>
> Mar 5 14:14:30 rodster slapd[2678]: => bdb_equality_candidates
> (objectClass)
>
> Mar 5 14:14:30 rodster slapd[2678]: => key_read
>
> Mar 5 14:14:30 rodster slapd[2678]: bdb_idl_fetch_key: [b49d1940]
>
> Mar 5 14:14:30 rodster slapd[2678]: <= bdb_index_read: failed
> (-30988)
>
> Mar 5 14:14:30 rodster slapd[2678]: <= bdb_equality_candidates: id=0,
> first=0, last=0
>
> Mar 5 14:14:30 rodster slapd[2678]: => bdb_equality_candidates (uid)
>
> Mar 5 14:14:30 rodster slapd[2678]: => key_read
>
> Mar 5 14:14:30 rodster slapd[2678]: bdb_idl_fetch_key: [7c477315]
>
> Mar 5 14:14:30 rodster slapd[2678]: <= bdb_index_read 1 candidates
>
> Mar 5 14:14:30 rodster slapd[2678]: <= bdb_equality_candidates: id=1,
> first=1578, last=1578
>
> Mar 5 14:14:30 rodster slapd[2678]: bdb_search_candidates: id=1
> first=1578
> last=1578
>
> Mar 5 14:14:30 rodster slapd[2678]: => send_search_entry: conn 1910
> dn="uid=dude12,ou=people,dc=wh,dc=local"
>
> Mar 5 14:14:30 rodster slapd[2678]: <= send_search_entry: conn 1910 exit.
>
> Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: conn=1910 op=1
> p=3
>
> Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: err=0 matched="" text=""
>
> Mar 5 14:14:30 rodster slapd[2678]: send_ldap_response: msgid=2
> tag=101 err=0
>
> Mar 5 14:14:30 rodster slapd[2678]: connection_get(17)
>
> Mar 5 14:14:30 rodster slapd[2678]: connection_get(17): got
> connid=1910
>
> Mar 5 14:14:30 rodster slapd[2678]: connection_read(17): checking for
> input on id=1910
>
> Mar 5 14:14:30 rodster slapd[2678]: op tag 0x60, time 1362510870
>
> Mar 5 14:14:30 rodster slapd[2678]: conn=1910 op=2 do_bind
>
> Mar 5 14:14:30 rodster slapd[2678]: >>> dnPrettyNormal:
> <uid=dude12,ou=people,dc=wh,dc=local>
>
> Mar 5 14:14:30 rodster slapd[2678]: <<< dnPrettyNormal:
> <uid=dude12,ou=people,dc=wh,dc=local>,
> <uid=dude12,ou=people,dc=wh,dc=local>
>
> Mar 5 14:14:30 rodster slapd[2678]: do_bind: version=3
> dn="uid=dude12,ou=people,dc=wh,dc=local" method=128
>
> Mar 5 14:14:30 rodster slapd[2678]: ==> bdb_bind: dn:
> uid=dude12,ou=people,dc=wh,dc=local
>
> Mar 5 14:14:30 rodster slapd[2678]:
> bdb_dn2entry("uid=dude12,ou=people,dc=wh,dc=local")
>
> Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: conn=1910 op=2
> p=3
>
> Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: err=49 matched="" text=""
>
> Mar 5 14:14:30 rodster slapd[2678]: send_ldap_response: msgid=3
> tag=97 err=49
>
> Mar 5 14:14:30 rodster slapd[2678]: connection_get(17)
>
> Mar 5 14:14:30 rodster slapd[2678]: connection_get(17): got
> connid=1910
>
> Mar 5 14:14:30 rodster slapd[2678]: connection_read(17): checking for
> input on id=1910
>
> Mar 5 14:14:30 rodster slapd[2678]: op tag 0x60, time 1362510870
>
> Mar 5 14:14:30 rodster slapd[2678]: conn=1910 op=3 do_bind
>
> Mar 5 14:14:30 rodster slapd[2678]: >>> dnPrettyNormal: <>
>
> Mar 5 14:14:30 rodster slapd[2678]: <<< dnPrettyNormal: <>, <>
>
> Mar 5 14:14:30 rodster slapd[2678]: do_bind: version=3 dn=""
> method=128
>
> Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: conn=1910 op=3
> p=3
>
> Mar 5 14:14:30 rodster slapd[2678]: send_ldap_result: err=0 matched="" text=""
>
> Mar 5 14:14:30 rodster slapd[2678]: send_ldap_response: msgid=4
> tag=97 err=0
>
> Mar 5 14:14:30 rodster slapd[2678]: do_bind: v3 anonymous bind
>
>
> This email message is intended for the use of the person to whom it
> has been sent, and may contain information that is confidential or legally protected.
> If you are not the intended recipient or have received this message in
> error, you are not authorized to copy, distribute, or otherwise use
> this message or its attachments. Please notify the sender immediately
> by return e-mail and permanently delete this message and any
> attachments. Verio Inc. makes no warranty that this email is error or virus free. Thank you.
>
>
> This email message is intended for the use of the person to whom it
> has been sent, and may contain information that is confidential or legally protected.
> If you are not the intended recipient or have received this message in
> error, you are not authorized to copy, distribute, or otherwise use
> this message or its attachments. Please notify the sender immediately
> by return e-mail and permanently delete this message and any
> attachments. Verio Inc. makes no warranty that this email is error or virus free. Thank you.
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio Inc. makes no warranty that this email is error or virus free. Thank you.