Your message dated Thu, 3 Aug 2023 07:52:11 +0200 with message-id <[email protected]> and subject line Re: LDAP user authentication of students/teachers does not work has caused the Debian Bug report #1041613, regarding LDAP user authentication of students/teachers does not work to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 1041613: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041613 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: debian-edu-config Version: 2.12.32 Currently authentication of student/teacher users on a workstation does not work. Steps to reproduce: - currently it is not possible to create a student/teacher via gosa due to bugs #1039698 and #1039699, thus the following example student needs to be imported into LDAP: dn: uid=mamus,ou=people,ou=Students,dc=skole,dc=skolelinux,dc=no sn: Mustermann givenName: Max uid: mamus cn: Max Mustermann homeDirectory: /skole/tjener/home0/mamus loginShell: /bin/bash uidNumber: 1003 gidNumber: 1003 gecos: Max Mustermann krbPwdPolicyReference: cn=users,cn=INTERN,cn=kerberos,dc=skole,dc=skolelinux,dc=no objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: gosaAccount objectClass: posixAccount objectClass: shadowAccount objectClass: krbPrincipalAux objectClass: krbTicketPolicyAux krbLoginFailedCount: 0 krbTicketFlags: 128 krbPasswordExpiration: 19700101000000Z dn: cn=mamus,ou=group,ou=Students,dc=skole,dc=skolelinux,dc=no cn: mamus description: Gruppe des Benutzers Max Mustermann gidNumber: 1003 objectClass: top objectClass: posixGroup - then the gosa postcreate hook needs to be invoked manually: sudo /usr/share/debian-edu-config/tools/gosa-create mamus - afterwards the password needs to be set inside gosa - finally try to log in as user "mamus" from a workstation The following is logged on tjener: 2023-07-21T13:27:34.471977+02:00 tjener sshd[39837]: Connection closed by 127.0.0.1 port 34704 [preauth] 2023-07-21T13:27:46.857328+02:00 tjener krb5kdc[1457]: AS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23), camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 10.0.16.22: CLIENT_NOT_FOUND: mamus@INTERN für krbtgt/INTERN@INTERN, Client nicht in der Kerberos-Datenbank gefunden 2023-07-21T13:27:46.861321+02:00 tjener krb5kdc[1457]: AS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23), camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 10.0.16.22: CLIENT_NOT_FOUND: mamus@INTERN für krbtgt/INTERN@INTERN, Client nicht in der Kerberos-Datenbank gefunden 2023-07-21T13:27:46+02:00 am-00163e227b5e lightdm: pam_krb5(lightdm:auth): authentication failure; logname=mamus uid=0 euid=0 tty=:0 ruser= rhost= 2023-07-21T13:27:46+02:00 am-00163e227b5e lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=mamus 2023-07-21T13:27:46+02:00 am-00163e227b5e lightdm: pam_ldap(lightdm:auth): Authentication failure; user=mamus The following is logged on the workstation: Jul 21 13:27:46 am-00163e227b5e.intern lightdm[1990]: pam_krb5(lightdm:auth): authentication failure; logname=mamus uid=0 euid=0 tty=:0 ruser= rhost= Jul 21 13:27:46 am-00163e227b5e.intern nslcd[1007]: [b141f2] <passwd="pam_unix_non_existent:"> request denied by validnames option Jul 21 13:27:46 am-00163e227b5e.intern lightdm[1990]: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=mamus Jul 21 13:27:46 am-00163e227b5e.intern nslcd[1007]: [e2a9e3] <authc="mamus"> uid=mamus,ou=people,ou=Students,dc=skole,dc=skolelinux,dc=no: Invalid credentials Jul 21 13:27:46 am-00163e227b5e.intern lightdm[1990]: pam_ldap(lightdm:auth): Authentication failure; user=mamus -- Guido Berhoerster
--- End Message ---
--- Begin Message ---After discovering and fixing the ldap-createuser-krb5 script (see bug #1042456) authentication of added students/teachers does work, so this is not a bug but I was apparently missing something when creating accounts in LDAP/Kerberos. -- Guido Berhoerster
--- End Message ---

