[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: nss_ldap error



Have you run authconfig?
I don't know much about pam except that it's used in RedHat when you configure LDAP user authentication. At least that's how it works on my system. I use LDAP as a passdb backend for a Samba PDC, and to authenticate postfix and imap users. I do not use SASL, so I won't be much help. Good luck.

Adam Denenberg wrote:
redhat 8 is my OS. 

nsswitch.conf: 
passwd:     files ldap
shadow:     files ldap
group:      files ldap


 here is some output, maybe you can shed some light.  I do have openssh
built with pam, but i am not using pam since I was hoping to just use
nss libs and have the builtin nss libs query ldap using SASL which would
in turn query RADIUS for authentication.  Am i missing something?

thanks
adam


[root@pgate1 root]# finger adenenberg
Login: adenenberg                       Name: Adam Denenberg
Directory: /home/adenenberg             Shell: /bin/bash
Last login Thu Dec  4 22:19 (EST) on pts/4 from nagate2.ops.domain.com
No mail.
No Plan.
[root@pgate1 root]# su - adenenberg
You are required to change your password immediately (root enforced)
su: incorrect password
[root@pgate1 root]#


On Fri, 2003-12-05 at 14:22, Jeff Gamsby wrote:
  
What OS are you running? What does your nsswitch.conf look like? I had a 
similar problem, and it was because on the new Openssh builds, you have 
to turn on PAM=yes in sshd_config. Is it only ssh logins that are giving 
you problems? Can you "su" to the  ldap users? Just some ideas, 
hopefully this helps.

Jeff Gamsby

Adam Denenberg wrote:

    
Hello,

i have openldap using tls running and nss_ldap libs successfully
installed.  I can do a finger username and get all the info back so i
know nss_ldap and openldap can communicate fine.  However when i try to
ssh in, i get the following error (from a tcpdump).

Invalid LDAP message  (Cant't parse sequence header:  Wrong type for
that item).  

Can anybody shed some light here?  

thanks
adam

here is my slapd logfile output..

Dec  6 02:13:04 pgate1 slapd[20498]: conn=18 fd=12 ACCEPT from
IP=10.35.2.250:33501 (IP=0.0.0.0:389)
Dec  6 02:13:04 pgate1 slapd[20505]: conn=18 op=1 BIND dn="" method=128
Dec  6 02:13:04 pgate1 slapd[20505]: conn=18 op=1 RESULT tag=97 err=0
text=
Dec  6 02:13:04 pgate1 slapd[20500]: conn=18 op=2 SRCH
base="dc=thepirtgroup,dc=com" scope=2
filter="(&(objectClass=posixAccount)(uid=adenenberg))"
Dec  6 02:13:04 pgate1 slapd[20500]: conn=18 op=2 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass
Dec  6 02:13:04 pgate1 slapd[20500]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Dec  6 02:13:04 pgate1 slapd[20500]: conn=18 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text=
Dec  6 02:13:04 pgate1 slapd[20505]: conn=18 op=3 SRCH
base="dc=thepirtgroup,dc=com" scope=2 filter="(uid=adenenberg)"
Dec  6 02:13:04 pgate1 slapd[20505]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Dec  6 02:13:04 pgate1 slapd[20505]: conn=18 op=3 SEARCH RESULT tag=101
err=0 nentries=1 text=
Dec  6 02:13:04 pgate1 slapd[20500]: conn=18 op=4 SRCH
base="dc=thepirtgroup,dc=com" scope=2
filter="(&(objectClass=posixGroup)(|(memberUid=adenenberg)(uniqueMember=uid=adenenberg,ou=datacenter,o=pirt,dc=thepirtgroup,dc=com)))"
Dec  6 02:13:04 pgate1 slapd[20500]: conn=18 op=4 SRCH attr=cn
userPassword memberUid uniqueMember gidNumber
Dec  6 02:13:04 pgate1 slapd[20500]: <= bdb_equality_candidates:
(memberUid) index_param failed (18)
Dec  6 02:13:04 pgate1 slapd[20500]: <= bdb_equality_candidates:
(uniqueMember) index_param failed (18)
Dec  6 02:13:04 pgate1 slapd[20500]: conn=18 op=4 SEARCH RESULT tag=101
err=0 nentries=0 text=
Dec  6 02:13:04 pgate1 slapd[20498]: conn=19 fd=14 ACCEPT from
IP=10.35.2.250:33502 (IP=0.0.0.0:389)
Dec  6 02:13:04 pgate1 slapd[20500]: conn=19 op=1 BIND dn="" method=128
Dec  6 02:13:04 pgate1 slapd[20500]: conn=19 op=1 RESULT tag=97 err=0
text=
Dec  6 02:13:04 pgate1 slapd[20498]: deferring operation
Dec  6 02:13:04 pgate1 slapd[20505]: conn=19 op=2 SRCH
base="dc=thepirtgroup,dc=com" scope=2
filter="(&(objectClass=posixAccount)(uid=adenenberg))"
Dec  6 02:13:04 pgate1 slapd[20505]: conn=19 op=2 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass
Dec  6 02:13:04 pgate1 slapd[20505]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Dec  6 02:13:04 pgate1 slapd[20505]: conn=19 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text=
Dec  6 02:13:04 pgate1 slapd[20500]: conn=19 op=3 SRCH
base="dc=thepirtgroup,dc=com" scope=2
filter="(&(objectClass=shadowAccount)(uid=adenenberg))"
Dec  6 02:13:04 pgate1 slapd[20500]: conn=19 op=3 SRCH attr=uid
userPassword shadowLastChange shadowMax shadowMin shadowWarning
shadowInactive shadowExpire
Dec  6 02:13:04 pgate1 slapd[20500]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Dec  6 02:13:04 pgate1 slapd[20500]: conn=19 op=3 SEARCH RESULT tag=101
err=0 nentries=1 text=
Dec  6 02:13:04 pgate1 slapd[20498]: conn=19 fd=14 closed
Dec  6 02:13:05 pgate1 slapd[20505]: conn=18 op=5 SRCH
base="dc=thepirtgroup,dc=com" scope=2
filter="(&(objectClass=shadowAccount)(uid=adenenberg))"
Dec  6 02:13:05 pgate1 slapd[20505]: conn=18 op=5 SRCH attr=uid
userPassword shadowLastChange shadowMax shadowMin shadowWarning
shadowInactive shadowExpire
Dec  6 02:13:05 pgate1 slapd[20505]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Dec  6 02:13:05 pgate1 slapd[20505]: conn=18 op=5 SEARCH RESULT tag=101
err=0 nentries=1 text=