[gentoo-user] OpenLDAP Authentication

Fri, 12 Dec 2003 14:33:09 -0800 

Hi,

I've been trying to get LDAP auth'n going for many hours
and now I must ask for help !

I have read everthing I could find - and tryed most but still not
working, could someone please give me a pointer as to what could be wrong ?

TIA,
        Frank.

cat /var/log/auth.log

Dec 12 15:56:24 lserver2 sshd[28207]: Failed password for illegal user 
testuser1 from 192.168.1.128 port 38446 ssh2
Dec 12 15:56:25 lserver2 last message repeated 2 times
Dec 12 16:03:41 lserver2 sshd[28227]: Illegal user testuser1 from 
192.168.1.128
Dec 12 16:03:41 lserver2 sshd[28227]: Failed none for illegal user testuser1 
from 192.168.1.128 port 38447 ssh2
Dec 12 16:03:43 lserver2 sshd[28227]: Failed password for illegal user 
testuser1 from 192.168.1.128 port 38447 ssh2

cat /var/log/syslog

Dec 12 15:57:06 lserver2 slapd[27743]: daemon: conn=60 fd=15 connection from 
IP=127.0.0.1:32935 (IP=0.0.0.0:389) accepted.
Dec 12 15:57:06 lserver2 slapd[27751]: conn=60 op=0 BIND 
dn="CN=ROOT,DC=DDI,DC=ORG" method=128
Dec 12 15:57:06 lserver2 slapd[27751]: conn=60 op=0 RESULT tag=97 err=0 text=
Dec 12 15:57:06 lserver2 slapd[27752]: conn=60 op=1 SRCH 
base="ou=Users,dc=DDI,dc=ORG" scope=2 filter="(objectClass=posixAccount)"
Dec 12 15:57:06 lserver2 slapd[27752]: conn=60 op=1 SEARCH RESULT tag=101 
err=0 text=
Dec 12 15:57:06 lserver2 slapd[27743]: conn=-1 fd=15 closed
Dec 12 16:00:00 lserver2 CRON[28215]: (root) CMD (rm -f 
/var/spool/cron/lastrun/cron.hourly)
Dec 12 16:00:00 lserver2 CRON[28216]: (root) CMD (test -x /usr/sbin/run-crons 
&& /usr/sbin/run-crons )

BUT:  getent passwd
<snip>
amavis:x:1003:408:added by portage for amavisd-new:/var/lib/amavis:/bin/false
sshd:x:22:22:sshd:/var/empty:/dev/null
hacluster:x:1004:100::/home/hacluster:/bin/bash
ldap:x:439:439::/usr/lib/openldap:/dev/null
testuser1:x:1005:100:System User:/home/testuser1:/bin/bash
^^^^^^^^^^^^  smbldap-useradd'ed user ^^^^^^^^^^^^^

cat /etc/pam.d/system-auth

#%PAM-1.0

auth       required     /lib/security/pam_env.so
auth       sufficient   /lib/security/pam_unix.so likeauth nullok
auth       sufficient   /lib/security/pam_ldap.so use_first_pass
auth       required     /lib/security/pam_deny.so
account    required     /lib/security/pam_unix.so
account    sufficient   /lib/security/pam_ldap.so
password   required     /lib/security/pam_cracklib.so retry=3 type=
password   sufficient   /lib/security/pam_unix.so nullok md5 shadow 
use_authtok
password   sufficient   /lib/security/pam_ldap.so use_authtok
password   required     /lib/security/pam_deny.so
session    required     /lib/security/pam_limits.so
session    required     /lib/security/pam_unix.so
session    optional     /lib/security/pam_ldap.so

cat /etc/pam.d/sshd

#%PAM-1.0

auth       required     pam_stack.so service=system-auth
auth       required     pam_shells.so
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth

cat /etc/openldap/slapd.conf

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/samba.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

#######################################################################
# ldbm database definitions
#######################################################################

database        ldbm
suffix          "dc=DDI,dc=ORG"
#suffix         "o=My Organization Name,c=US"
rootdn          "cn=root,dc=DDI,dc=ORG"
#rootdn         "cn=Manager,o=My Organization Name,c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          {SSHA}QEbFv4478Ig4g7UmaflnM7diN/3nv8iTZO
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory       /var/lib/openldap-ldbm
# Indices to maintain
index   objectClass     eq


# smbldap-usershow.pl testuser1

dn: uid=testuser1,ou=Users,dc=DDI,dc=ORG
objectClass: top
objectClass: account
objectClass: posixAccount
cn: testuser1
uid: testuser1
uidNumber: 1005
gidNumber: 100
homeDirectory: /home/testuser1
loginShell: /bin/bash
gecos: System User
description: System User
userPassword:: e1NTSEF9c0ZVYmN6bDdJemN1YWRDWElZY2FkQjQrd0xJbmFNUkw=

cat /etc/nsswitch.conf

# /etc/nsswitch.conf:
# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/nsswitch.conf,v 1.4 
2002/11/18 19:39:22 azarah Exp $

passwd:    files ldap nisplus
shadow:    files ldap nisplus
group:     files ldap nisplus

hosts:       files dns
networks:    files dns

services:    db files
protocols:   db files
rpc:         db files
ethers:      db files
netmasks:    files
netgroup:    files
bootparams:  files

automount:   files
aliases:     files





--
[EMAIL PROTECTED] mailing list

Reply via email to