[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: difference between /etc/ldap.conf /etc/openldap/ldap.conf

To: GanGan <gangan@zalteam.com>
Subject: RE: difference between /etc/ldap.conf /etc/openldap/ldap.conf
From: Lynn York <lyork@inetu.net>
Date: Wed, 29 Oct 2008 12:19:56 -0400
Accept-language: en-US
Acceptlanguage: en-US
Cc: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>, Openldap technical <openldap-technical@openldap.org>
Content-language: en-US
In-reply-to: <58a288d36a3c1924c8673e3f30e10201@zalteam.com>
References: <d75c6e2fd9082499fcb5ddd736b50490@zalteam.com> <hbf.20081029jbqa@bombur.uio.no> <0707c48b6b114c1f1dea04263e6496d5@zalteam.com> <8A078DE012712B4B994EA55129479D2A0574133F94@int-exch1.int.inetu.net> <58a288d36a3c1924c8673e3f30e10201@zalteam.com>
Thread-index: Ack538m6TGGyFCYQSHy5B5tr3LpLhAAAljEQ
Thread-topic: difference between /etc/ldap.conf /etc/openldap/ldap.conf

You also should check the sshd_config and make sure you have "UsePAM yes" in 
the config

-----Original Message-----
From: GanGan [mailto:gangan@zalteam.com]
Sent: Wednesday, October 29, 2008 12:03 PM
To: Lynn York
Cc: Hallvard B Furuseth; Openldap technical
Subject: RE: difference between /etc/ldap.conf /etc/openldap/ldap.conf



I did not touch so I do not think it comes from this files



On Wed, 29 Oct 2008 11:55:29 -0400, Lynn York <lyork@inetu.net> wrote:
> Make sure have configured PAM properly.  Here is an example of a
> system-auth-ac file that I use that works properly:
>
> [ /etc/pam.d/system-auth-ac ]
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth        required      pam_env.so
> auth        sufficient    pam_unix.so nullok try_first_pass
> auth        sufficient    pam_ldap.so use_first_pass
> auth        required      pam_deny.so
>
> account     required      pam_unix.so broken_shadow
> account     sufficient    pam_localuser.so
> account     sufficient    pam_succeed_if.so uid < 500 quiet
> account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
> account     required      pam_permit.so
>
> password    requisite     pam_cracklib.so try_first_pass retry=3
> password    sufficient    pam_unix.so md5 shadow nullok try_first_pass
> use_authtok
> password    sufficient    pam_ldap.so use_authtok
> password    required      pam_deny.so
>
> session     optional      pam_keyinit.so revoke
> session     required      pam_limits.so
> session     [success=1 default=ignore] pam_succeed_if.so service in crond

> quiet use_uid
> session     required      pam_unix.so
> session     optional      pam_ldap.so
> [ end /etc/pam.d/system-auth-ac ]
>
>
> -----Original Message-----
> From: openldap-technical-bounces+lyork=inetu.net@openldap.org
> [mailto:openldap-technical-bounces+lyork=inetu.net@openldap.org] On
Behalf
> Of
> GanGan
> Sent: Wednesday, October 29, 2008 11:28 AM
> To: Hallvard B Furuseth
> Cc: Openldap technical
> Subject: Re: difference between /etc/ldap.conf /etc/openldap/ldap.conf
>
>
> thank you
>
> I have a problem with my users authentication.
>
> getent passwd
> gives me my 4 users ldap
>
> [...]
>
> videl:x:503:1000:videl:/home/videl:/bin/bash
> azerty:x:501:1000:azerty:/home/azerty:/bin/bash
> wizz:x:515:1000:wizz:/home/wizz:/bin/bash
> shen:x:509:1000:shen:/home/shen:/bin/bash
>
> but impossible to connect.
>
> [root@clitest3 /]# ssh videl@srvtest3.test.org
> videl@srvtest3.test.org's password:
> Permission denied, please try again.
> videl@srvtest3.test.org's password:
> Permission denied, please try again.
> videl@srvtest3.test.org's password:
> Permission denied (publickey,password).
>
> log ldap server (srvtest3):
>
> Oct 29 16:25:41 srvtest3 slapd[1947]: conn=19 fd=14 ACCEPT from
> IP=127.0.0.1:40706 (IP=0.0.0.0:389)
> Oct 29 16:25:41 srvtest3 slapd[1947]: conn=19 op=0 STARTTLS
> Oct 29 16:25:41 srvtest3 slapd[1947]: conn=19 fd=14 TLS established
> tls_ssf=256 ssf=256
> Oct 29 16:25:41 srvtest3 slapd[1947]: conn=19 op=0 RESULT oid= err=0
text=
> Oct 29 16:25:41 srvtest3 slapd[1947]: conn=19 op=1 BIND dn="" method=128
> Oct 29 16:25:41 srvtest3 slapd[1947]: conn=19 op=1 RESULT tag=97 err=0
> text=
> Oct 29 16:25:41 srvtest3 slapd[1947]: conn=19 op=2 SRCH
> base="ou=user,dc=midian,dc=org" scope=2 deref=0
> filter="(&(objectClass=posixAccount)(uid=videl))"
> Oct 29 16:25:41 srvtest3 slapd[1947]: conn=19 op=2 SRCH attr=uid
> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
> description objectClass
> Oct 29 16:25:41 srvtest3 slapd[1947]: conn=19 op=2 SEARCH RESULT tag=101
> err=0 nentries=0 text=
> Oct 29 16:25:45 srvtest3 slapd[1947]: conn=19 op=3 SRCH
> base="ou=user,dc=midian,dc=org" scope=2 deref=0
> filter="(&(objectClass=posixAccount)(uid=videl))"
> Oct 29 16:25:45 srvtest3 slapd[1947]: conn=19 op=3 SRCH attr=uid
> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
> description objectClass
> Oct 29 16:25:45 srvtest3 slapd[1947]: conn=19 op=3 SEARCH RESULT tag=101
> err=0 nentries=0 text=
> Oct 29 16:25:45 srvtest3 slapd[1947]: conn=20 fd=17 ACCEPT from
> IP=127.0.0.1:40707 (IP=0.0.0.0:389)
> Oct 29 16:25:45 srvtest3 slapd[1947]: conn=20 op=0 STARTTLS
> Oct 29 16:25:45 srvtest3 slapd[1947]: conn=20 op=0 RESULT oid= err=0
text=
> Oct 29 16:25:45 srvtest3 slapd[1947]: conn=20 fd=17 TLS established
> tls_ssf=256 ssf=256
> Oct 29 16:25:45 srvtest3 slapd[1947]: conn=20 op=1 BIND dn="" method=128
> Oct 29 16:25:45 srvtest3 slapd[1947]: conn=20 op=1 RESULT tag=97 err=0
> text=
> Oct 29 16:25:45 srvtest3 slapd[1947]: conn=20 op=2 SRCH
> base="ou=user,dc=midian,dc=org" scope=2 deref=0
> filter="(&(host=srvtest3.test.org)(uid=videl))"
> Oct 29 16:25:45 srvtest3 slapd[1947]: <= bdb_equality_candidates: (host)
> index_param failed (18)
> Oct 29 16:25:45 srvtest3 slapd[1947]: conn=20 op=2 SEARCH RESULT tag=101
> err=0 nentries=0 text=
>
> I do not understand why it is not working. :(
> any idea ?
--
- GanGan -
www.system-linux.eu merci pour le clique sur la pub :p

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Follow-Ups:
- RE: difference between /etc/ldap.conf /etc/openldap/ldap.conf
  - From: GanGan <gangan@zalteam.com>

References:
- difference between /etc/ldap.conf /etc/openldap/ldap.conf
  - From: GanGan <gangan@zalteam.com>
- Re: difference between /etc/ldap.conf /etc/openldap/ldap.conf
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: difference between /etc/ldap.conf /etc/openldap/ldap.conf
  - From: GanGan <gangan@zalteam.com>
- RE: difference between /etc/ldap.conf /etc/openldap/ldap.conf
  - From: Lynn York <lyork@inetu.net>
- RE: difference between /etc/ldap.conf /etc/openldap/ldap.conf
  - From: GanGan <gangan@zalteam.com>

Prev by Date: RE: difference between /etc/ldap.conf /etc/openldap/ldap.conf
Next by Date: RE: difference between /etc/ldap.conf /etc/openldap/ldap.conf
Index(es):
- Chronological
- Thread