the problem was that i never bothered to restart nscd, it now works.

/me has learnt an important lesson

On 5/13/07, Gavin Henry <[EMAIL PROTECTED]> wrote:
Did you get this solved in #ldap?

May 12 16:14:05 chat slapd[5084]: conn=4 op=2 RESULT tag=97 err=49 text=

Is bad password.

What about perms on *.conf files?

--
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E [EMAIL PROTECTED]

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

<quote who="Almir Karic">
> i'm trying to get ldap to server system users, i don't have the
> slightest idea what am i doing wrong, please help.
>
>
> btw, i'm on debian.
>
>
>
> [EMAIL PROTECTED] etc # egrep --exclude='*.bak' -v '^#|^$' pam.d/common-*
> nsswitch.conf pam_ldap.conf libnss-ldap.conf
> ldap/{ldap.conf,slapd.conf}
> pam.d/common-account:account requisite  pam_unix.so
> pam.d/common-account:account sufficient pam_localuser.so
> pam.d/common-account:account required   pam_ldap.so
> pam.d/common-auth:auth    required    pam_env.so
> pam.d/common-auth:auth    sufficient  pam_unix.so likeauth nullok shadow
> pam.d/common-auth:auth    sufficient  pam_ldap.so use_first_pass
> pam.d/common-auth:auth    required    pam_deny.so
> pam.d/common-password:password    required pam_cracklib.so retry=3
> pam.d/common-password:password    sufficient pam_unix.so nullok
> use_authtok shadow md5
> pam.d/common-password:password    sufficient pam_ldap.so use_authtok
> use_first_pass
> pam.d/common-password:password    required pam_deny.so
> pam.d/common-session:session required    pam_limits.so
> pam.d/common-session:session required    pam_unix.so
> pam.d/common-session:session required    pam_mkhomedir.so
> skel=/etc/skel/ umask=0066
> pam.d/common-session:session optional    pam_ldap.so
> nsswitch.conf:passwd:         files ldap
> nsswitch.conf:group:          files ldap
> nsswitch.conf:shadow:         files ldap
> nsswitch.conf:hosts:          files dns
> nsswitch.conf:networks:       files
> nsswitch.conf:protocols:      db files
> nsswitch.conf:services:       db files
> nsswitch.conf:ethers:         db files
> nsswitch.conf:rpc:            db files
> nsswitch.conf:netgroup:       nis
> pam_ldap.conf:base dc=kiberpipa,dc=org
> pam_ldap.conf:uri ldap://127.0.0.1/
> pam_ldap.conf:ldap_version 3
> pam_ldap.conf:pam_password exop
> libnss-ldap.conf:base dc=kiberpipa,dc=org
> libnss-ldap.conf:uri ldap://127.0.0.1/
> libnss-ldap.conf:ldap_version 3
> ldap/ldap.conf:BASE     dc=kiberpipa, dc=org
> ldap/ldap.conf:URI      ldap://localhost
> ldap/slapd.conf:modulepath      /usr/lib/ldap
> ldap/slapd.conf:moduleload      back_bdb
> ldap/slapd.conf:moduleload      ppolicy.la
> ldap/slapd.conf:include         /etc/ldap/schema/core.schema
> ldap/slapd.conf:include         /etc/ldap/schema/cosine.schema
> ldap/slapd.conf:include         /etc/ldap/schema/nis.schema
> ldap/slapd.conf:include         /etc/ldap/schema/inetorgperson.schema
> ldap/slapd.conf:include         /etc/ldap/schema/ppolicy.schema
> ldap/slapd.conf:pidfile         /var/run/slapd/slapd.pid
> ldap/slapd.conf:argsfile        /var/run/slapd/slapd.args
> ldap/slapd.conf:loglevel        256
> ldap/slapd.conf:sizelimit 500
> ldap/slapd.conf:tool-threads 1
> ldap/slapd.conf:backend         bdb
> ldap/slapd.conf:checkpoint 512 30
> ldap/slapd.conf:database        bdb
> ldap/slapd.conf:suffix          "dc=kiberpipa,dc=org"
> ldap/slapd.conf:rootdn          "cn=admin,dc=kiberpipa,dc=org"
> ldap/slapd.conf:directory       "/var/lib/ldap"
> ldap/slapd.conf:dbconfig set_cachesize 0 2097152 0
> ldap/slapd.conf:dbconfig set_lk_max_objects 1500
> ldap/slapd.conf:dbconfig set_lk_max_locks 1500
> ldap/slapd.conf:dbconfig set_lk_max_lockers 1500
> ldap/slapd.conf:index           objectClass eq
> ldap/slapd.conf:index           uid eq
> ldap/slapd.conf:rootpw          {MD5}<censored>==
> ldap/slapd.conf:lastmod         on
> ldap/slapd.conf:access to attrs=userPassword,shadowLastChange
> ldap/slapd.conf:        by dn="cn=admin,dc=kiberpipa,dc=org" write
> ldap/slapd.conf:        by anonymous auth
> ldap/slapd.conf:        by self write
> ldap/slapd.conf:        by * none
> ldap/slapd.conf:access to dn.base="" by * read
> ldap/slapd.conf:access to *
> ldap/slapd.conf:        by dn="cn=admin,dc=kiberpipa,dc=org" write
> ldap/slapd.conf:        by * read
> [EMAIL PROTECTED] etc # ldapsearch -x -LLL -w123456 -D
> 'uid=redduck666,ou=people,dc=kiberpipa,dc=org' 'uid=redduck666'
> dn: uid=redduck666,ou=People,dc=kiberpipa,dc=org
> uid: redduck666
> cn: redduck666
> sn: redduck666
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> userPassword:: e2NyeXB0fSQxJDlKOVNXbXA3JGN3SE40M3ZDMkFFYTZxVHhrQzNwZC4=
> shadowLastChange: 13645
> shadowMax: 99999
> shadowWarning: 7
> loginShell: /bin/bash
> uidNumber: 1000
> gidNumber: 1000
> homeDirectory: /home/redduck666
> gecos: ,,,
>
> [EMAIL PROTECTED] etc # getent passwd | grep redduck666
> redduck666:x:1000:1000:,,,:/home/redduck666:/bin/bash
> [EMAIL PROTECTED] etc # getent passwd redduck666
> [EMAIL PROTECTED] etc # su - redduck666
> Unknown id: redduck666
>
>
>
>
> ##this logs are generated when i try to ssh to the machine in question
> with username ''redduck666'' and password ''123456''
>
> auth.log:
> May 12 16:14:02 chat sshd[5183]: Invalid user redduck666 from
> 195.246.11.18
> May 12 16:14:02 chat sshd[5183]: Failed none for invalid user
> redduck666 from 195.246.11.18 port 64170 ssh2
> May 12 16:14:05 chat sshd[5183]: (pam_unix) check pass; user unknown
> May 12 16:14:05 chat sshd[5183]: (pam_unix) authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=195.246.11.18
> May 12 16:14:05 chat sshd[5183]: pam_ldap: error trying to bind as
> user "uid=redduck666,ou=People,dc=kiberpipa,dc=org" (Invalid
> credentials)
> May 12 16:14:07 chat sshd[5183]: Failed password for invalid user
> redduck666 from 195.246.11.18 port 64170 ssh2
>
>
> ldap.log:
>
> May 12 16:14:05 chat slapd[5084]: conn=4 fd=12 ACCEPT from
> IP=127.0.0.1:44720 (IP=0.0.0.0:389)
> May 12 16:14:05 chat slapd[5084]: conn=4 op=0 BIND dn="" method=128
> May 12 16:14:05 chat slapd[5084]: conn=4 op=0 RESULT tag=97 err=0 text=
> May 12 16:14:05 chat slapd[5084]: conn=4 op=1 SRCH
> base="dc=kiberpipa,dc=org" scope=2 deref=0 filter="(uid=redduck666)"
> May 12 16:14:05 chat slapd[5084]: conn=4 op=1 SEARCH RESULT tag=101
> err=0 nentries=1 text=
> May 12 16:14:05 chat slapd[5084]: conn=4 op=2 BIND
> dn="uid=redduck666,ou=People,dc=kiberpipa,dc=org" method=128
> May 12 16:14:05 chat slapd[5084]: conn=4 op=2 RESULT tag=97 err=49 text=
> May 12 16:14:05 chat slapd[5084]: conn=4 op=3 BIND dn="" method=128
> May 12 16:14:05 chat slapd[5084]: conn=4 op=3 RESULT tag=97 err=0 text=
>
>
>
> --
> almir
>
> ---
> You are currently subscribed to [email protected] as:
> [EMAIL PROTECTED]
> To unsubscribe send email to [EMAIL PROTECTED] with the word
> UNSUBSCRIBE as the SUBJECT of the message.
>




--
almir

---
You are currently subscribed to [email protected] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the 
SUBJECT of the message.

Reply via email to