[Date Prev][Date Next] [Chronological] [Thread] [Top]

Authentication issue into a ubuntu client: `finger` and `id` commands working but no `su`

To: openldap-technical@openldap.org
Subject: Authentication issue into a ubuntu client: `finger` and `id` commands working but no `su`
From: carolina fernandez <fbcarola@gmail.com>
Date: Fri, 10 Apr 2009 12:28:43 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=DGMNXYJzqtBvOqgWG7fmMn9YlKShpz84yWYWlllR28s=; b=uG7g9+24dU1RctKoPWvXmECGu0tsmisg9S8WNw56LReAjQi5vjjA9IXKawPSAxW0ES McG+Zih2haQiJxf33FePk3VigKnRJ1bGxhuzZ1lT63wn1oh9bRDlWYK1+OuCKyianWRr WwbAZFZxIz4vTztUVaCFgymdojZBwXW6HvPvg=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=pys82LXNyX/Ny/f7ryV2h04JEOtLsQe+NsLIjHZ/7C8d+jd33CY3Q70o1RkMX8mFnQ ABEe2P+emL57I6XvWMnM4grAqRvNQ2fshxmK5fs7olaKvYhW/BxijVMaDuK9M5KUjrht 1/3u2m6a9kotorcucX0IBsRpe16N9IPRhTBgU=

Hello,

I'm trying to configure a Ubuntu 8.10 client to authenticate
againts a openldap directory.

The client configuration (PAM, NSS and /etc/ldap.conf) is here:
    http://pastebin.com/mc279767

I performed some test getting the following results:

`ldapsearch -xLLL`, `id $USER`, `finger $USER`
    Those three commands work fine. See the ouput here:
    http://pastebin.com/d43add436

`su $USER`
    Prompts twice for a password and then fails.
    See the output with a debug level 1:
    http://pastebin.com/m390ab435

My main question is:

    Line 12 from `su $USER` output says:

        "ldap_connect_to_host: TCP localhost:389"

    It seems like it were trying to connect to the localhost but I
    specified "host 192.168.0.10" and "uri ldap://192.168.0.10/" at the
    /etc/ldap.conf file.

    Maybe I need to specify a bind domain name but if I'm not wrong
    the query will be permormed as anonymous and I have the followings
    credentials at the server /etc/ldap/slapd.conf:

          access to attrs=userPassword,shadowLastChange
                by dn="cn=admin,dc=carolina,dc=es" write
                  by anonymous auth
                   by self write
                   by * none

          access to *
                  by dn="cn=admin,dc=carolina,dc=es" write
                  by * read

Any idea to solve this? Any one can enlight me?
Thank you in advance,

Carolina F. Bravo

Prev by Date: Re: pam_ldap: error trying to bind (Server is unwilling to perform)
Next by Date: ./scripts/test021-certificate failed
Index(es):
- Chronological
- Thread