[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication still...



Robert Harris wrote:
> 
> On my client I try to log in on the console with a user in LDAP.
> 
> On the client I get this in auth.log:
> Sep 10 14:43:09 spirit login[4182]: pam_ldap: ldap_simple_bind_s
> Insufficient access
> Sep 10 14:43:09 spirit PAM_unix[4182]: check pass; user unknown
> Sep 10 14:43:12 spirit login[4182]: TOO MANY LOGIN TRIES (3) on `tty1' FOR
> `UNKNOWN'
> Sep 10 14:43:12 spirit PAM_unix[4182]: (login) session closed for user
> rharris
> 
> On my server I'm getting this in the /var/log/debug.log:
> Sep 10 14:46:00 ghost slapd[29654]: => access_allowed: auth access to
> "uid=rharris,ou=people,dc=raindance,dc=com" "userPassword" requested
> Sep 10 14:46:00 ghost slapd[29654]: => acl_get: [1] check attr userPassword
> Sep 10 14:46:00 ghost slapd[29654]: <= acl_get: [1] acl
> uid=rharris,ou=people,dc=raindance,dc=com attr: userPassword
> Sep 10 14:46:00 ghost slapd[29654]: => acl_mask: access to entry
> "uid=rharris,ou=people,dc=raindance,dc=com", attr "userPassword" requested
> Sep 10 14:46:00 ghost slapd[29654]: => acl_mask: to all values by "", (=n)
> Sep 10 14:46:00 ghost slapd[29654]: <= check a_dn_pat:
> cn=manager,dc=raindance,dc=com
> Sep 10 14:46:00 ghost slapd[29654]: <= acl_mask: no more <who> clauses,
> returning =n (stop)
> Sep 10 14:46:00 ghost slapd[29654]: => access_allowed: auth access denied by
> =n
> 
> This is a 2.0.X server compiled on a debian sid box.

I guess you need "auth" access on "userPassword". Be sure
you have something like

access to attrs=userpassword
	by * auth

very early in the "access" stack.

Pierangelo

-- 
Dr. Pierangelo Masarati               | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale                | fax:   +39 02 2399 8334
Politecnico di Milano                 | mailto:masarati@aero.polimi.it
via La Masa 34, 20156 Milano, Italy   |
http://www.aero.polimi.it/~masarati