[Date Prev][Date Next] [Chronological] [Thread] [Top]

Authentication problem

To: openldap-technical@openldap.org
Subject: Authentication problem
From: Jean-Charles <jcs@netexpansion.com>
Date: Fri, 20 Dec 2013 12:30:53 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0

Hello

I have a problem authenticating from a client RedHat 6.3 to a server RedHat 6.3
Connection is ok

I can change user when I am root with su paula with no problem

When I change from non root to paula su paula : I am requested a password,
but I get an incorrect password message despite the password bieng correct

Here are the details :

SERVER Configuration (obtained with slapcat)

The first database does not allow slapcat; using the first available one (2)
bdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap: (2).
Expect poor performance for suffix "dc=jcs-PC,dc=home".
dn: dc=jcs-PC,dc=home
dc: jcs-PC
objectClass: dcObject
objectClass: organization
o: NETEXPANSION
structuralObjectClass: organization
entryUUID: b9dcdb1e-f628-1032-8eef-4f234421cd34
creatorsName: cn=ldapadmin,dc=jcs-PC,dc=home
createTimestamp: 20131210205228Z
entryCSN: 20131210205228.791640Z#000000#000#000000
modifiersName: cn=ldapadmin,dc=jcs-PC,dc=home
modifyTimestamp: 20131210205228Z

dn: ou=employes,dc=jcs-PC,dc=home
objectClass: organizationalUnit
ou: employes
structuralObjectClass: organizationalUnit
entryUUID: 2008d924-f629-1032-8ef0-4f234421cd34
creatorsName: cn=ldapadmin,dc=jcs-PC,dc=home
createTimestamp: 20131210205520Z
entryCSN: 20131210205520.207551Z#000000#000#000000
modifiersName: cn=ldapadmin,dc=jcs-PC,dc=home
modifyTimestamp: 20131210205520Z

dn: cn=Paula Bionda,ou=employes,dc=jcs-PC,dc=home
cn: Paula Bionda
sn: Bionda
uid: paula
uidNumber: 503
gidNumber: 1100
gecos: Paula Bionda
homeDirectory: /home/paula
shadowLastChange: 10877
shadowMin: 0
shadowMax: 999999
shadowWarning: 7
shadowInactive: -1
shadowExpire: -1
shadowFlag: 0
structuralObjectClass: person
entryUUID: e4f37848-f930-1032-985a-91cf669ea788
creatorsName: cn=ldapadmin,dc=jcs-PC,dc=home
createTimestamp: 20131214172830Z
loginShell: /bin/bash
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
userPassword:: e1NTSEF9aEFzWFZFejlIa2xQSUpFSFF2SnpoZmo1cTYzdzRLUlg=
entryCSN: 20131219155524.533147Z#000000#000#000000
modifiersName: cn=Paula Bionda,ou=employes,dc=jcs-PC,dc=home
modifyTimestamp: 20131219155524Z

dn: ou=groups,dc=jcs-PC,dc=home
objectClass: organizationalUnit
ou: groups
structuralObjectClass: organizationalUnit
entryUUID: e1a8545a-fa85-1032-84b7-a9514c4c1551
creatorsName: cn=ldapadmin,dc=jcs-PC,dc=home
createTimestamp: 20131216100923Z
entryCSN: 20131216100923.403228Z#000000#000#000000
modifiersName: cn=ldapadmin,dc=jcs-PC,dc=home
modifyTimestamp: 20131216100923Z

dn: cn=mygroup,ou=groups,dc=jcs-PC,dc=home
objectClass: top
objectClass: posixGroup
cn: mygroup
gidNumber: 1100
memberUid: paula
memberUid: giuseppe
structuralObjectClass: posixGroup
entryUUID: c26713a0-fa9f-1032-8b7d-155dd966052d
creatorsName: cn=ldapadmin,dc=jcs-PC,dc=home
createTimestamp: 20131216131437Z
entryCSN: 20131216131437.881194Z#000000#000#000000
modifiersName: cn=ldapadmin,dc=jcs-PC,dc=home
modifyTimestamp: 20131216131437Z

CLIENT Configuration

authconfig-tui gives
[] Cache Infomation
[*] Use LDAP
[] Use NIS
[] Use IPAV2
[] Use WinBind
[*] Use MD5 Passwords
[*] Use Shadow Passwords
[*] Use LDAP Authentication
[] Use Kerboros
[*] Use Fingerprint Reader
[] Use Windbind Authentication
[*] Local Authorization is sufficient

[] Use TLS
ldap://192.168.1.12/
Base DN: dc=jcs-PC,dc=home

Result su paula

a) when I am logged in as root, su paula logs me into paula : no problem

b) when I am not logged in as root and I do su paula
I am requested a password (as expected), but then I get incorrect password despite the password being correct

Here is the log

Dec 19 18:49:50 jcs-PC slapd[6441]: => slap_access_allowed: backend default read access granted to "(anonymous)"

Dec 19 18:49:50 jcs-PC slapd[6441]: => access_allowed: read access granted by read(=rscxd)
Dec 19 18:49:50 jcs-PC slapd[6441]: conn=1005 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Dec 19 18:49:50 jcs-PC slapd[6441]: conn=1006 fd=21 ACCEPT from IP=192.168.1.17:56000 (IP=0.0.0.0:389)
Dec 19 18:49:50 jcs-PC slapd[6441]: conn=1006 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Dec 19 18:49:50 jcs-PC slapd[6441]: conn=1006 op=0 STARTTLS
Dec 19 18:49:50 jcs-PC slapd[6441]: conn=1006 op=0 RESULT oid= err=0 text=
Dec 19 18:49:50 jcs-PC slapd[6441]: conn=1006 fd=21 closed (TLS negotiation failure)
Dec 19 19:04:43 jcs-PC slapd[6441]: conn=1005 op=4 UNBIND
Dec 19 19:04:43 jcs-PC slapd[6441]: conn=1005 fd=14 closed

And these are the last 2 lines of wireshark

Source                            Destination                                               Protocol      Info
192.168.1.17(Client)      192.168.1.12 (Server)                                LDAP         ExtendedReq     LDAP_START_TLS_OID
192.168.1.12                192.168.1.17                                              LDAP        ExtendedResp   LDAP_START_TLS_OID responseName missing

I am surprised about STARTLS because there seems to be nothing in my configuration files about TLS

Thank you

Axel

Prev by Date: Re: ADDING OBJECT CLASS
Next by Date: RE: ADDING OBJECT CLASS
Index(es):
- Chronological
- Thread