the problem was that i never bothered to restart nscd, it now works.
/me has learnt an important lesson On 5/13/07, Gavin Henry <[EMAIL PROTECTED]> wrote:
Did you get this solved in #ldap? May 12 16:14:05 chat slapd[5084]: conn=4 op=2 RESULT tag=97 err=49 text= Is bad password. What about perms on *.conf files? -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E [EMAIL PROTECTED] Open Source. Open Solutions(tm). http://www.suretecsystems.com/ <quote who="Almir Karic"> > i'm trying to get ldap to server system users, i don't have the > slightest idea what am i doing wrong, please help. > > > btw, i'm on debian. > > > > [EMAIL PROTECTED] etc # egrep --exclude='*.bak' -v '^#|^$' pam.d/common-* > nsswitch.conf pam_ldap.conf libnss-ldap.conf > ldap/{ldap.conf,slapd.conf} > pam.d/common-account:account requisite pam_unix.so > pam.d/common-account:account sufficient pam_localuser.so > pam.d/common-account:account required pam_ldap.so > pam.d/common-auth:auth required pam_env.so > pam.d/common-auth:auth sufficient pam_unix.so likeauth nullok shadow > pam.d/common-auth:auth sufficient pam_ldap.so use_first_pass > pam.d/common-auth:auth required pam_deny.so > pam.d/common-password:password required pam_cracklib.so retry=3 > pam.d/common-password:password sufficient pam_unix.so nullok > use_authtok shadow md5 > pam.d/common-password:password sufficient pam_ldap.so use_authtok > use_first_pass > pam.d/common-password:password required pam_deny.so > pam.d/common-session:session required pam_limits.so > pam.d/common-session:session required pam_unix.so > pam.d/common-session:session required pam_mkhomedir.so > skel=/etc/skel/ umask=0066 > pam.d/common-session:session optional pam_ldap.so > nsswitch.conf:passwd: files ldap > nsswitch.conf:group: files ldap > nsswitch.conf:shadow: files ldap > nsswitch.conf:hosts: files dns > nsswitch.conf:networks: files > nsswitch.conf:protocols: db files > nsswitch.conf:services: db files > nsswitch.conf:ethers: db files > nsswitch.conf:rpc: db files > nsswitch.conf:netgroup: nis > pam_ldap.conf:base dc=kiberpipa,dc=org > pam_ldap.conf:uri ldap://127.0.0.1/ > pam_ldap.conf:ldap_version 3 > pam_ldap.conf:pam_password exop > libnss-ldap.conf:base dc=kiberpipa,dc=org > libnss-ldap.conf:uri ldap://127.0.0.1/ > libnss-ldap.conf:ldap_version 3 > ldap/ldap.conf:BASE dc=kiberpipa, dc=org > ldap/ldap.conf:URI ldap://localhost > ldap/slapd.conf:modulepath /usr/lib/ldap > ldap/slapd.conf:moduleload back_bdb > ldap/slapd.conf:moduleload ppolicy.la > ldap/slapd.conf:include /etc/ldap/schema/core.schema > ldap/slapd.conf:include /etc/ldap/schema/cosine.schema > ldap/slapd.conf:include /etc/ldap/schema/nis.schema > ldap/slapd.conf:include /etc/ldap/schema/inetorgperson.schema > ldap/slapd.conf:include /etc/ldap/schema/ppolicy.schema > ldap/slapd.conf:pidfile /var/run/slapd/slapd.pid > ldap/slapd.conf:argsfile /var/run/slapd/slapd.args > ldap/slapd.conf:loglevel 256 > ldap/slapd.conf:sizelimit 500 > ldap/slapd.conf:tool-threads 1 > ldap/slapd.conf:backend bdb > ldap/slapd.conf:checkpoint 512 30 > ldap/slapd.conf:database bdb > ldap/slapd.conf:suffix "dc=kiberpipa,dc=org" > ldap/slapd.conf:rootdn "cn=admin,dc=kiberpipa,dc=org" > ldap/slapd.conf:directory "/var/lib/ldap" > ldap/slapd.conf:dbconfig set_cachesize 0 2097152 0 > ldap/slapd.conf:dbconfig set_lk_max_objects 1500 > ldap/slapd.conf:dbconfig set_lk_max_locks 1500 > ldap/slapd.conf:dbconfig set_lk_max_lockers 1500 > ldap/slapd.conf:index objectClass eq > ldap/slapd.conf:index uid eq > ldap/slapd.conf:rootpw {MD5}<censored>== > ldap/slapd.conf:lastmod on > ldap/slapd.conf:access to attrs=userPassword,shadowLastChange > ldap/slapd.conf: by dn="cn=admin,dc=kiberpipa,dc=org" write > ldap/slapd.conf: by anonymous auth > ldap/slapd.conf: by self write > ldap/slapd.conf: by * none > ldap/slapd.conf:access to dn.base="" by * read > ldap/slapd.conf:access to * > ldap/slapd.conf: by dn="cn=admin,dc=kiberpipa,dc=org" write > ldap/slapd.conf: by * read > [EMAIL PROTECTED] etc # ldapsearch -x -LLL -w123456 -D > 'uid=redduck666,ou=people,dc=kiberpipa,dc=org' 'uid=redduck666' > dn: uid=redduck666,ou=People,dc=kiberpipa,dc=org > uid: redduck666 > cn: redduck666 > sn: redduck666 > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: top > objectClass: shadowAccount > userPassword:: e2NyeXB0fSQxJDlKOVNXbXA3JGN3SE40M3ZDMkFFYTZxVHhrQzNwZC4= > shadowLastChange: 13645 > shadowMax: 99999 > shadowWarning: 7 > loginShell: /bin/bash > uidNumber: 1000 > gidNumber: 1000 > homeDirectory: /home/redduck666 > gecos: ,,, > > [EMAIL PROTECTED] etc # getent passwd | grep redduck666 > redduck666:x:1000:1000:,,,:/home/redduck666:/bin/bash > [EMAIL PROTECTED] etc # getent passwd redduck666 > [EMAIL PROTECTED] etc # su - redduck666 > Unknown id: redduck666 > > > > > ##this logs are generated when i try to ssh to the machine in question > with username ''redduck666'' and password ''123456'' > > auth.log: > May 12 16:14:02 chat sshd[5183]: Invalid user redduck666 from > 195.246.11.18 > May 12 16:14:02 chat sshd[5183]: Failed none for invalid user > redduck666 from 195.246.11.18 port 64170 ssh2 > May 12 16:14:05 chat sshd[5183]: (pam_unix) check pass; user unknown > May 12 16:14:05 chat sshd[5183]: (pam_unix) authentication failure; > logname= uid=0 euid=0 tty=ssh ruser= rhost=195.246.11.18 > May 12 16:14:05 chat sshd[5183]: pam_ldap: error trying to bind as > user "uid=redduck666,ou=People,dc=kiberpipa,dc=org" (Invalid > credentials) > May 12 16:14:07 chat sshd[5183]: Failed password for invalid user > redduck666 from 195.246.11.18 port 64170 ssh2 > > > ldap.log: > > May 12 16:14:05 chat slapd[5084]: conn=4 fd=12 ACCEPT from > IP=127.0.0.1:44720 (IP=0.0.0.0:389) > May 12 16:14:05 chat slapd[5084]: conn=4 op=0 BIND dn="" method=128 > May 12 16:14:05 chat slapd[5084]: conn=4 op=0 RESULT tag=97 err=0 text= > May 12 16:14:05 chat slapd[5084]: conn=4 op=1 SRCH > base="dc=kiberpipa,dc=org" scope=2 deref=0 filter="(uid=redduck666)" > May 12 16:14:05 chat slapd[5084]: conn=4 op=1 SEARCH RESULT tag=101 > err=0 nentries=1 text= > May 12 16:14:05 chat slapd[5084]: conn=4 op=2 BIND > dn="uid=redduck666,ou=People,dc=kiberpipa,dc=org" method=128 > May 12 16:14:05 chat slapd[5084]: conn=4 op=2 RESULT tag=97 err=49 text= > May 12 16:14:05 chat slapd[5084]: conn=4 op=3 BIND dn="" method=128 > May 12 16:14:05 chat slapd[5084]: conn=4 op=3 RESULT tag=97 err=0 text= > > > > -- > almir > > --- > You are currently subscribed to [email protected] as: > [EMAIL PROTECTED] > To unsubscribe send email to [EMAIL PROTECTED] with the word > UNSUBSCRIBE as the SUBJECT of the message. >
-- almir --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
