Sorry for the delay, I've been busy.
Client - FreeBSD Host rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> inet 172.16.4.100 netmask 0xffff0000 broadcast 172.16.255.255 ether 00:e0:7d:92:ad:be media: Ethernet autoselect (100baseTX <full-duplex>) status: active The Server SLES10 eth0 Link encap:Ethernet HWaddr 00:C0:DF:10:A5:B0 inet addr:172.16.4.120 Bcast:172.16.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:27 errors:0 dropped:0 overruns:0 frame:0 TX packets:82 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4347 (4.2 Kb) TX bytes:11017 (10.7 Kb) Interrupt:11 Base address:0xcf00 The ACL This is the first ACL, so this must match first access to attrs=userPassword,shadowLastChange by by peername.ip=172.16.4.100 auth by users write by * none The Log Jan 12 17:11:04 netwarrior slapd[2334]: => access_allowed: auth access to "uid=hormiga,ou=Users,dc=netwarrior,dc=com,dc=uy" "userPassword" requested Jan 12 17:11:04 netwarrior slapd[2334]: => acl_get: [2] attr userPassword Jan 12 17:11:04 netwarrior slapd[2334]: access_allowed: no res from state (userPassword) Jan 12 17:11:04 netwarrior slapd[2334]: => acl_mask: access to entry "uid=hormiga,ou=Users,dc=netwarrior,dc=com,dc=uy", attr "userPassword" requested Jan 12 17:11:04 netwarrior slapd[2334]: => acl_mask: to value by "", (=0) Jan 12 17:11:04 netwarrior slapd[2334]: <= acl_mask: [1] applying (stop) Jan 12 17:11:04 netwarrior slapd[2334]: <= acl_mask: [1] mask: =0 Jan 12 17:11:04 netwarrior slapd[2334]: => access_allowed: auth access denied by =0 Jan 12 17:11:04 netwarrior sshd[2346]: pam_ldap: error trying to bind as user "uid=hormiga,ou=Users,dc=netwarrior,dc=com,dc=uy" (Invalid credentials) Jan 12 17:11:06 netwarrior slapd[2334]: => access_allowed: search access to "uid=hormiga,ou=Users,dc=netwarrior,dc=com,dc=uy" "objectClass" requested Jan 12 17:11:06 netwarrior slapd[2334]: <= root access granted Jan 12 17:11:06 netwarrior slapd[2334]: => access_allowed: search access to "uid=hormiga,ou=Users,dc=netwarrior,dc=com,dc=uy" "uid" requested Jan 12 17:11:06 netwarrior slapd[2334]: <= root access granted Jan 12 17:11:06 netwarrior slapd[2334]: => access_allowed: read access to "uid=hormiga,ou=Users,dc=netwarrior,dc=com,dc=uy" "entry" requested Jan 12 17:11:06 netwarrior slapd[2334]: <= root access granted Jan 12 17:11:06 netwarrior slapd[2334]: => access_allowed: read access to "uid=hormiga,ou=Users,dc=netwarrior,dc=com,dc=uy" "uid" requested Jan 12 17:11:06 netwarrior slapd[2334]: <= root access granted Jan 12 17:11:06 netwarrior slapd[2334]: => access_allowed: read access to "uid=hormiga,ou=Users,dc=netwarrior,dc=com,dc=uy" "userPassword" requested Jan 12 17:11:06 netwarrior slapd[2334]: <= root access granted Jan 12 17:11:06 netwarrior sshd[2342]: error: PAM: Authentication failure for hormiga from 172.16.4.100 --- pam_ldap: error trying to bind as user "uid=hormiga,ou=Users,dc=netwarrior,dc=com,dc=uy" (Invalid credentials) Did I miss something? Invalid credentials? If I enable anonymous auth I can login. Thanks for your time. Best regards. 2008/1/10, Pierangelo Masarati <[EMAIL PROTECTED]>: > > Net Warrior wrote: > > HI Masarati. > > > >> I assume the wrapping of those lines is caused by your mailer; remember > >> that continuation lines in slapd have to start with a blank (space, > tab) > > That's true > > > >> This "set" statement contains an error: a closing bracket ")" is > >> missing; I believe this is breaking your ACL. To check, remove the > >> "set" clause and leave just the "peername" clause (in general: before > >> assuming the error in one place, remove all possible cruft from 'round > >> it, to remove all possible noise). > > > > Thanks you for pointing that out, corrected. > > > >> To check, remove the > >> "set" clause and leave just the "peername" clause > > > > Done > > access to attrs=userPassword,shadhowLastChange > > by peername.ip=172.16.4.100 auth > > by self write > > by * none > > > > And cannot login, I've configured acl log, do you want to post some of > them? > > What I noted is that if I add by anoynymous auth I can login, but if I > > change for example > > by peername.ip=172.16.4.100 none, is the same, is seems as if it did not > > take into account the first rule. > > Going back too your initial message, it appears that incoming > connections are issued by 172.16.4.120, not 172.16.4.100: > > Jan 1 17:56:48 netwarrior slapd[2498]: conn=9 fd=13 ACCEPT from > IP=172.16.4.120:53861 (IP=0.0.0.0:636) > > Can you re-check this? > > p. > > > > Ing. Pierangelo Masarati > OpenLDAP Core Team > > SysNet s.r.l. > via Dossi, 8 - 27100 Pavia - ITALIA > http://www.sys-net.it > --------------------------------------- > Office: +39 02 23998309 > Mobile: +39 333 4963172 > Email: [EMAIL PROTECTED] > --------------------------------------- > > > --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
