[Date Prev][Date Next] [Chronological] [Thread] [Top]

Invalid credentials



Ok, sorry for the long post but i want to post as much complete
information as possible. My configuration is that i have an openldap
server (2.1.23 on redhat 8) running using TLS for communication.  I use
SASL for authentication which uses pam authentication via radius.

When i try and authenticate via ldapsearch it works just fine.  However
when i try to ssh in using pam_ldap, authentication fails for some
reason (invalid credentials in messages file).  can someone try and shed
some light as to what is happening here?  Here are my log output for
both the ldapsearch (successful) and the ssh attempt (failure).


LDAPSEARCH ATTEMPT
************************************************************
#ldapsearch -H ldap://ldap.ops.testdomain.com/ -Uadenenberg  -b
"dc=testdomain,dc=com" -YPLAIN  -LLL -ZZ "(uid=adenenberg)"

saslauthd log
--------------------------------
saslauthd[19752] :get_accept_lock : acquired accept lock
saslauthd[19749] :rel_accept_lock : released accept lock
saslauthd[19749] :do_auth         : auth success: [user=adenenberg]
[service=ldap] [realm=] [mech=pam]
saslauthd[19749] :do_request      : response: OK


slapd log
----------------------------------------------------------------
Nov 13 05:40:26 pgate1 slapd[19726]: conn=17 fd=13 ACCEPT from
IP=10.35.2.250:33109 (IP=0.0.0.0:389)
Nov 13 05:40:27 pgate1 slapd[19733]: conn=17 op=1 BIND dn="" method=163
Nov 13 05:40:27 pgate1 slapd[19733]: SASL [conn=17] Failure: Invalid
credentials
Nov 13 05:40:27 pgate1 slapd[19733]: conn=17 op=1 BIND
authcid="adenenberg"
Nov 13 05:40:27 pgate1 slapd[19733]: conn=17 op=1 BIND
dn="uid=adenenberg,cn=plain,cn=auth" mech=PLAIN ssf=0
Nov 13 05:40:27 pgate1 slapd[19726]: deferring operation
Nov 13 05:40:27 pgate1 slapd[19733]: conn=17 op=2 SRCH
base="dc=testdomain,dc=com" scope=2 filter="(uid=adenenberg)"
Nov 13 05:40:27 pgate1 slapd[19733]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Nov 13 05:40:27 pgate1 slapd[19733]: conn=17 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text=
Nov 13 05:40:27 pgate1 slapd[19743]: conn=17 op=3 UNBIND
Nov 13 05:40:27 pgate1 slapd[19743]: conn=17 fd=13 closed

  and now when i ssh ..

SSH ATTEMPT
********************************************************************
/var/log/messages
--------------------
Nov 14 01:02:32 pgate1 sshd[20145]: pam_ldap: error trying to bind as
user "uid=adenenberg,ou=DataCenter,o=PIRT,dc=testdomain,dc=com" (Invalid
credentials)


saslauth log
-------------

empty


sldap.log
------------
Nov 14 01:02:26 pgate1 slapd[20139]: conn=0 fd=12 ACCEPT from
IP=10.35.2.250:33152 (IP=0.0.0.0:389)
Nov 14 01:02:26 pgate1 slapd[20144]: conn=0 op=1 BIND dn="" method=128
Nov 14 01:02:26 pgate1 slapd[20144]: conn=0 op=1 RESULT tag=97 err=0
text=
Nov 14 01:02:26 pgate1 slapd[20144]: conn=0 op=2 SRCH
base="dc=testdomain,dc=com" scope=2
filter="(&(objectClass=posixAccount)(uid=adenenberg))"
Nov 14 01:02:26 pgate1 slapd[20144]: conn=0 op=2 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass
Nov 14 01:02:26 pgate1 slapd[20144]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Nov 14 01:02:26 pgate1 slapd[20144]: conn=0 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text=
Nov 14 01:02:26 pgate1 slapd[20144]: conn=0 op=3 SRCH
base="dc=testdomain,dc=com" scope=2 filter="(uid=adenenberg)"
Nov 14 01:02:26 pgate1 slapd[20144]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Nov 14 01:02:26 pgate1 slapd[20144]: conn=0 op=3 SEARCH RESULT tag=101
err=0 nentries=1 text=
Nov 14 01:02:26 pgate1 slapd[20144]: conn=0 op=4 SRCH
base="dc=testdomain,dc=com" scope=2
filter="(&(objectClass=posixGroup)(|(memberUid=adenenberg)(uniqueMember=uid=adenenberg,ou=datacenter,o=pirt,dc=testdomain,dc=com)))"
Nov 14 01:02:26 pgate1 slapd[20144]: conn=0 op=4 SRCH attr=cn
userPassword memberUid uniqueMember gidNumber
Nov 14 01:02:26 pgate1 slapd[20144]: <= bdb_equality_candidates:
(memberUid) index_param failed (18)
Nov 14 01:02:26 pgate1 slapd[20144]: <= bdb_equality_candidates:
(uniqueMember) index_param failed (18)
Nov 14 01:02:26 pgate1 slapd[20144]: conn=0 op=4 SEARCH RESULT tag=101
err=0 nentries=0 text=
Nov 14 01:02:32 pgate1 slapd[20139]: conn=1 fd=14 ACCEPT from
IP=10.35.2.250:33153 (IP=0.0.0.0:389)
Nov 14 01:02:32 pgate1 slapd[20144]: conn=1 op=1 BIND dn="" method=128
Nov 14 01:02:32 pgate1 slapd[20144]: conn=1 op=1 RESULT tag=97 err=0
text=
Nov 14 01:02:32 pgate1 slapd[20144]: conn=1 op=2 SRCH
base="dc=testdomain,dc=com" scope=2 filter="(uid=adenenberg)"
Nov 14 01:02:32 pgate1 slapd[20144]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Nov 14 01:02:32 pgate1 slapd[20144]: conn=1 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text=
Nov 14 01:02:32 pgate1 slapd[20144]: conn=1 op=3 BIND
dn="uid=adenenberg,ou=DataCenter,o=PIRT,dc=testdomain,dc=com" method=128
Nov 14 01:02:32 pgate1 slapd[20144]: conn=1 op=3 RESULT tag=97 err=49
text=
Nov 14 01:02:32 pgate1 slapd[20144]: conn=1 op=4 BIND dn="" method=128
Nov 14 01:02:32 pgate1 slapd[20144]: conn=1 op=4 RESULT tag=97 err=0
text=
Nov 14 01:02:32 pgate1 slapd[20139]: conn=2 fd=15 ACCEPT from
IP=10.35.2.250:33154 (IP=0.0.0.0:389)
Nov 14 01:02:32 pgate1 slapd[20144]: conn=2 op=1 BIND dn="" method=128
Nov 14 01:02:32 pgate1 slapd[20144]: conn=2 op=1 RESULT tag=97 err=0
text=
Nov 14 01:02:32 pgate1 slapd[20144]: conn=2 op=2 SRCH
base="dc=testdomain,dc=com" scope=2
filter="(&(objectClass=posixAccount)(uid=adenenberg))"
Nov 14 01:02:32 pgate1 slapd[20144]: conn=2 op=2 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass
Nov 14 01:02:32 pgate1 slapd[20144]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Nov 14 01:02:32 pgate1 slapd[20144]: conn=2 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text=
Nov 14 01:02:32 pgate1 slapd[20146]: conn=2 op=3 SRCH
base="dc=testdomain,dc=com" scope=2
filter="(&(objectClass=shadowAccount)(uid=adenenberg))"
Nov 14 01:02:32 pgate1 slapd[20146]: conn=2 op=3 SRCH attr=uid
userPassword shadowLastChange shadowMax shadowMin shadowWarning
shadowInactive shadowExpire
Nov 14 01:02:32 pgate1 slapd[20146]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Nov 14 01:02:32 pgate1 slapd[20146]: conn=2 op=3 SEARCH RESULT tag=101
err=0 nentries=1 text=
Nov 14 01:02:32 pgate1 slapd[20144]: conn=2 op=4 SRCH
base="dc=testdomain,dc=com" scope=2
filter="(&(objectClass=posixAccount)(uid=adenenberg))"
Nov 14 01:02:32 pgate1 slapd[20144]: conn=2 op=4 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass
Nov 14 01:02:32 pgate1 slapd[20144]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Nov 14 01:02:32 pgate1 slapd[20144]: conn=2 op=4 SEARCH RESULT tag=101
err=0 nentries=1 text=
Nov 14 01:02:32 pgate1 slapd[20146]: conn=2 op=5 SRCH
base="dc=testdomain,dc=com" scope=2
filter="(&(objectClass=shadowAccount)(uid=adenenberg))"
Nov 14 01:02:32 pgate1 slapd[20146]: conn=2 op=5 SRCH attr=uid
userPassword shadowLastChange shadowMax shadowMin shadowWarning
shadowInactive shadowExpire
Nov 14 01:02:32 pgate1 slapd[20146]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Nov 14 01:02:32 pgate1 slapd[20146]: conn=2 op=5 SEARCH RESULT tag=101
err=0 nentries=1 text=
Nov 14 01:02:34 pgate1 slapd[20139]: conn=1 fd=14 closed
Nov 14 01:02:34 pgate1 slapd[20139]: conn=2 fd=15 closed


thanks for the help
adam