[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: nss_ldap error

redhat 8 is my OS.

nsswitch.conf: 
passwd:     files ldap
shadow:     files ldap
group:      files ldap


 here is some output, maybe you can shed some light.  I do have openssh
built with pam, but i am not using pam since I was hoping to just use
nss libs and have the builtin nss libs query ldap using SASL which would
in turn query RADIUS for authentication.  Am i missing something?

thanks
adam


[root@pgate1 root]# finger adenenberg
Login: adenenberg                       Name: Adam Denenberg
Directory: /home/adenenberg             Shell: /bin/bash
Last login Thu Dec  4 22:19 (EST) on pts/4 from nagate2.ops.domain.com
No mail.
No Plan.
[root@pgate1 root]# su - adenenberg
You are required to change your password immediately (root enforced)
su: incorrect password
[root@pgate1 root]#


On Fri, 2003-12-05 at 14:22, Jeff Gamsby wrote:
> What OS are you running? What does your nsswitch.conf look like? I had a 
> similar problem, and it was because on the new Openssh builds, you have 
> to turn on PAM=yes in sshd_config. Is it only ssh logins that are giving 
> you problems? Can you "su" to the  ldap users? Just some ideas, 
> hopefully this helps.
> 
> Jeff Gamsby
> 
> Adam Denenberg wrote:
> 
> >Hello,
> >
> > i have openldap using tls running and nss_ldap libs successfully
> >installed.  I can do a finger username and get all the info back so i
> >know nss_ldap and openldap can communicate fine.  However when i try to
> >ssh in, i get the following error (from a tcpdump).
> >
> >Invalid LDAP message  (Cant't parse sequence header:  Wrong type for
> >that item).  
> >
> >Can anybody shed some light here?  
> >
> >thanks
> >adam
> >
> > here is my slapd logfile output..
> >
> >Dec  6 02:13:04 pgate1 slapd[20498]: conn=18 fd=12 ACCEPT from
> >IP=10.35.2.250:33501 (IP=0.0.0.0:389)
> >Dec  6 02:13:04 pgate1 slapd[20505]: conn=18 op=1 BIND dn="" method=128
> >Dec  6 02:13:04 pgate1 slapd[20505]: conn=18 op=1 RESULT tag=97 err=0
> >text=
> >Dec  6 02:13:04 pgate1 slapd[20500]: conn=18 op=2 SRCH
> >base="dc=thepirtgroup,dc=com" scope=2
> >filter="(&(objectClass=posixAccount)(uid=adenenberg))"
> >Dec  6 02:13:04 pgate1 slapd[20500]: conn=18 op=2 SRCH attr=uid
> >userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
> >description objectClass
> >Dec  6 02:13:04 pgate1 slapd[20500]: <= bdb_equality_candidates: (uid)
> >index_param failed (18)
> >Dec  6 02:13:04 pgate1 slapd[20500]: conn=18 op=2 SEARCH RESULT tag=101
> >err=0 nentries=1 text=
> >Dec  6 02:13:04 pgate1 slapd[20505]: conn=18 op=3 SRCH
> >base="dc=thepirtgroup,dc=com" scope=2 filter="(uid=adenenberg)"
> >Dec  6 02:13:04 pgate1 slapd[20505]: <= bdb_equality_candidates: (uid)
> >index_param failed (18)
> >Dec  6 02:13:04 pgate1 slapd[20505]: conn=18 op=3 SEARCH RESULT tag=101
> >err=0 nentries=1 text=
> >Dec  6 02:13:04 pgate1 slapd[20500]: conn=18 op=4 SRCH
> >base="dc=thepirtgroup,dc=com" scope=2
> >filter="(&(objectClass=posixGroup)(|(memberUid=adenenberg)(uniqueMember=uid=adenenberg,ou=datacenter,o=pirt,dc=thepirtgroup,dc=com)))"
> >Dec  6 02:13:04 pgate1 slapd[20500]: conn=18 op=4 SRCH attr=cn
> >userPassword memberUid uniqueMember gidNumber
> >Dec  6 02:13:04 pgate1 slapd[20500]: <= bdb_equality_candidates:
> >(memberUid) index_param failed (18)
> >Dec  6 02:13:04 pgate1 slapd[20500]: <= bdb_equality_candidates:
> >(uniqueMember) index_param failed (18)
> >Dec  6 02:13:04 pgate1 slapd[20500]: conn=18 op=4 SEARCH RESULT tag=101
> >err=0 nentries=0 text=
> >Dec  6 02:13:04 pgate1 slapd[20498]: conn=19 fd=14 ACCEPT from
> >IP=10.35.2.250:33502 (IP=0.0.0.0:389)
> >Dec  6 02:13:04 pgate1 slapd[20500]: conn=19 op=1 BIND dn="" method=128
> >Dec  6 02:13:04 pgate1 slapd[20500]: conn=19 op=1 RESULT tag=97 err=0
> >text=
> >Dec  6 02:13:04 pgate1 slapd[20498]: deferring operation
> >Dec  6 02:13:04 pgate1 slapd[20505]: conn=19 op=2 SRCH
> >base="dc=thepirtgroup,dc=com" scope=2
> >filter="(&(objectClass=posixAccount)(uid=adenenberg))"
> >Dec  6 02:13:04 pgate1 slapd[20505]: conn=19 op=2 SRCH attr=uid
> >userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
> >description objectClass
> >Dec  6 02:13:04 pgate1 slapd[20505]: <= bdb_equality_candidates: (uid)
> >index_param failed (18)
> >Dec  6 02:13:04 pgate1 slapd[20505]: conn=19 op=2 SEARCH RESULT tag=101
> >err=0 nentries=1 text=
> >Dec  6 02:13:04 pgate1 slapd[20500]: conn=19 op=3 SRCH
> >base="dc=thepirtgroup,dc=com" scope=2
> >filter="(&(objectClass=shadowAccount)(uid=adenenberg))"
> >Dec  6 02:13:04 pgate1 slapd[20500]: conn=19 op=3 SRCH attr=uid
> >userPassword shadowLastChange shadowMax shadowMin shadowWarning
> >shadowInactive shadowExpire
> >Dec  6 02:13:04 pgate1 slapd[20500]: <= bdb_equality_candidates: (uid)
> >index_param failed (18)
> >Dec  6 02:13:04 pgate1 slapd[20500]: conn=19 op=3 SEARCH RESULT tag=101
> >err=0 nentries=1 text=
> >Dec  6 02:13:04 pgate1 slapd[20498]: conn=19 fd=14 closed
> >Dec  6 02:13:05 pgate1 slapd[20505]: conn=18 op=5 SRCH
> >base="dc=thepirtgroup,dc=com" scope=2
> >filter="(&(objectClass=shadowAccount)(uid=adenenberg))"
> >Dec  6 02:13:05 pgate1 slapd[20505]: conn=18 op=5 SRCH attr=uid
> >userPassword shadowLastChange shadowMax shadowMin shadowWarning
> >shadowInactive shadowExpire
> >Dec  6 02:13:05 pgate1 slapd[20505]: <= bdb_equality_candidates: (uid)
> >index_param failed (18)
> >Dec  6 02:13:05 pgate1 slapd[20505]: conn=18 op=5 SEARCH RESULT tag=101
> >err=0 nentries=1 text=
> >
> >
> >
> >  
> >
>