i'm trying to get ldap to server system users, i don't have the
slightest idea what am i doing wrong, please help.
btw, i'm on debian.
[EMAIL PROTECTED] etc # egrep --exclude='*.bak' -v '^#|^$' pam.d/common-*
nsswitch.conf pam_ldap.conf libnss-ldap.conf
ldap/{ldap.conf,slapd.conf}
pam.d/common-account:account requisite pam_unix.so
pam.d/common-account:account sufficient pam_localuser.so
pam.d/common-account:account required pam_ldap.so
pam.d/common-auth:auth required pam_env.so
pam.d/common-auth:auth sufficient pam_unix.so likeauth nullok shadow
pam.d/common-auth:auth sufficient pam_ldap.so use_first_pass
pam.d/common-auth:auth required pam_deny.so
pam.d/common-password:password required pam_cracklib.so retry=3
pam.d/common-password:password sufficient pam_unix.so nullok
use_authtok shadow md5
pam.d/common-password:password sufficient pam_ldap.so use_authtok
use_first_pass
pam.d/common-password:password required pam_deny.so
pam.d/common-session:session required pam_limits.so
pam.d/common-session:session required pam_unix.so
pam.d/common-session:session required pam_mkhomedir.so
skel=/etc/skel/ umask=0066
pam.d/common-session:session optional pam_ldap.so
nsswitch.conf:passwd: files ldap
nsswitch.conf:group: files ldap
nsswitch.conf:shadow: files ldap
nsswitch.conf:hosts: files dns
nsswitch.conf:networks: files
nsswitch.conf:protocols: db files
nsswitch.conf:services: db files
nsswitch.conf:ethers: db files
nsswitch.conf:rpc: db files
nsswitch.conf:netgroup: nis
pam_ldap.conf:base dc=kiberpipa,dc=org
pam_ldap.conf:uri ldap://127.0.0.1/
pam_ldap.conf:ldap_version 3
pam_ldap.conf:pam_password exop
libnss-ldap.conf:base dc=kiberpipa,dc=org
libnss-ldap.conf:uri ldap://127.0.0.1/
libnss-ldap.conf:ldap_version 3
ldap/ldap.conf:BASE dc=kiberpipa, dc=org
ldap/ldap.conf:URI ldap://localhost
ldap/slapd.conf:modulepath /usr/lib/ldap
ldap/slapd.conf:moduleload back_bdb
ldap/slapd.conf:moduleload ppolicy.la
ldap/slapd.conf:include /etc/ldap/schema/core.schema
ldap/slapd.conf:include /etc/ldap/schema/cosine.schema
ldap/slapd.conf:include /etc/ldap/schema/nis.schema
ldap/slapd.conf:include /etc/ldap/schema/inetorgperson.schema
ldap/slapd.conf:include /etc/ldap/schema/ppolicy.schema
ldap/slapd.conf:pidfile /var/run/slapd/slapd.pid
ldap/slapd.conf:argsfile /var/run/slapd/slapd.args
ldap/slapd.conf:loglevel 256
ldap/slapd.conf:sizelimit 500
ldap/slapd.conf:tool-threads 1
ldap/slapd.conf:backend bdb
ldap/slapd.conf:checkpoint 512 30
ldap/slapd.conf:database bdb
ldap/slapd.conf:suffix "dc=kiberpipa,dc=org"
ldap/slapd.conf:rootdn "cn=admin,dc=kiberpipa,dc=org"
ldap/slapd.conf:directory "/var/lib/ldap"
ldap/slapd.conf:dbconfig set_cachesize 0 2097152 0
ldap/slapd.conf:dbconfig set_lk_max_objects 1500
ldap/slapd.conf:dbconfig set_lk_max_locks 1500
ldap/slapd.conf:dbconfig set_lk_max_lockers 1500
ldap/slapd.conf:index objectClass eq
ldap/slapd.conf:index uid eq
ldap/slapd.conf:rootpw {MD5}<censored>==
ldap/slapd.conf:lastmod on
ldap/slapd.conf:access to attrs=userPassword,shadowLastChange
ldap/slapd.conf: by dn="cn=admin,dc=kiberpipa,dc=org" write
ldap/slapd.conf: by anonymous auth
ldap/slapd.conf: by self write
ldap/slapd.conf: by * none
ldap/slapd.conf:access to dn.base="" by * read
ldap/slapd.conf:access to *
ldap/slapd.conf: by dn="cn=admin,dc=kiberpipa,dc=org" write
ldap/slapd.conf: by * read
[EMAIL PROTECTED] etc # ldapsearch -x -LLL -w123456 -D
'uid=redduck666,ou=people,dc=kiberpipa,dc=org' 'uid=redduck666'
dn: uid=redduck666,ou=People,dc=kiberpipa,dc=org
uid: redduck666
cn: redduck666
sn: redduck666
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJDlKOVNXbXA3JGN3SE40M3ZDMkFFYTZxVHhrQzNwZC4=
shadowLastChange: 13645
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/redduck666
gecos: ,,,
[EMAIL PROTECTED] etc # getent passwd | grep redduck666
redduck666:x:1000:1000:,,,:/home/redduck666:/bin/bash
[EMAIL PROTECTED] etc # getent passwd redduck666
[EMAIL PROTECTED] etc # su - redduck666
Unknown id: redduck666
##this logs are generated when i try to ssh to the machine in question
with username ''redduck666'' and password ''123456''
auth.log:
May 12 16:14:02 chat sshd[5183]: Invalid user redduck666 from 195.246.11.18
May 12 16:14:02 chat sshd[5183]: Failed none for invalid user
redduck666 from 195.246.11.18 port 64170 ssh2
May 12 16:14:05 chat sshd[5183]: (pam_unix) check pass; user unknown
May 12 16:14:05 chat sshd[5183]: (pam_unix) authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=195.246.11.18
May 12 16:14:05 chat sshd[5183]: pam_ldap: error trying to bind as
user "uid=redduck666,ou=People,dc=kiberpipa,dc=org" (Invalid
credentials)
May 12 16:14:07 chat sshd[5183]: Failed password for invalid user
redduck666 from 195.246.11.18 port 64170 ssh2
ldap.log:
May 12 16:14:05 chat slapd[5084]: conn=4 fd=12 ACCEPT from
IP=127.0.0.1:44720 (IP=0.0.0.0:389)
May 12 16:14:05 chat slapd[5084]: conn=4 op=0 BIND dn="" method=128
May 12 16:14:05 chat slapd[5084]: conn=4 op=0 RESULT tag=97 err=0 text=
May 12 16:14:05 chat slapd[5084]: conn=4 op=1 SRCH
base="dc=kiberpipa,dc=org" scope=2 deref=0 filter="(uid=redduck666)"
May 12 16:14:05 chat slapd[5084]: conn=4 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
May 12 16:14:05 chat slapd[5084]: conn=4 op=2 BIND
dn="uid=redduck666,ou=People,dc=kiberpipa,dc=org" method=128
May 12 16:14:05 chat slapd[5084]: conn=4 op=2 RESULT tag=97 err=49 text=
May 12 16:14:05 chat slapd[5084]: conn=4 op=3 BIND dn="" method=128
May 12 16:14:05 chat slapd[5084]: conn=4 op=3 RESULT tag=97 err=0 text=
--
almir
---
You are currently subscribed to [email protected] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
