[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Invalid credentials
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Adam Denenberg schrieb:
| Ok, sorry for the long post but i want to post as much complete
| information as possible. My configuration is that i have an openldap
| server (2.1.23 on redhat 8) running using TLS for communication. I use
| SASL for authentication which uses pam authentication via radius.
|
| When i try and authenticate via ldapsearch it works just fine. However
| when i try to ssh in using pam_ldap, authentication fails for some
| reason (invalid credentials in messages file). can someone try and shed
| some light as to what is happening here? Here are my log output for
| both the ldapsearch (successful) and the ssh attempt (failure).
|
|
| LDAPSEARCH ATTEMPT
| ************************************************************
| #ldapsearch -H ldap://ldap.ops.testdomain.com/ -Uadenenberg -b
| "dc=testdomain,dc=com" -YPLAIN -LLL -ZZ "(uid=adenenberg)"
|
Hi,
your result isn't too surprising in the LDAP case you don't authenticate
~ to the LDAP server at all, but you are using a SASL mechanism to
authenticate to an external source.
pam_lda, in contrast, tries to authenticate to the LDAP directory (it
performs a simple bind what is actually the same as if you were doing a
ldapsearch with the -x -D and -W parameters instead oif -U and -Y). If
you want to authenticate your ssh-connection against the readius server
you would need some pam_radius or the like (if this exists).
Yours
Stephan Siano
- --
- ----------------------------------------------------------------------
Dr. Stephan Siano, Consultant
SUSE LINUX AG, Mergenthalerallee 45-47, D-65760 Eschborn
T: +49 (0) 6196 5095131
F: +49 (0) 6196 409607 - stephan.siano@suse.com
- ----------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/tIgMyNxjFYe4G+cRAhy7AKCJyane+UpVrPg1uWaJ2s7eZsD1mACdHutk
6r0a50MXe7E/rgKYHih4HWU=
=nXDo
-----END PGP SIGNATURE-----