Thank you very much for your support I really appreciate it, sorry for the delay in my answer, I've been very busy. I'll remove ssh from checking the ldap pam module.
Thanks. 2008/1/16, Pierangelo Masarati <[EMAIL PROTECTED]>: > > Net Warrior wrote: > > Well, this is the relevant part or the log, I could not post all the log > cuz > > it's too large and I get bouce. > > Jan 13 17:51:48 netwarrior slapd[2307]: daemon: activity on 1 descriptor > > Jan 13 17:51:48 netwarrior slapd[2307]: daemon: activity on: > > Jan 13 17:51:48 netwarrior slapd[2307]: > > Jan 13 17:51:48 netwarrior slapd[2307]: daemon: listen=7, new connection > on > > 13 > > Jan 13 17:51:48 netwarrior slapd[2307]: daemon: added 13r > > Jan 13 17:51:48 netwarrior slapd[2307]: conn=1 fd=13 ACCEPT from IP= > > 172.16.4.120:52794 (IP=0.0.0.0:389) > ... > > Jan 13 17:51:55 netwarrior slapd[2307]: conn=3 op=1 SEARCH RESULT > tag=101 > > err=0 nentries=1 text= > > Jan 13 17:51:55 netwarrior sshd[2326]: error: PAM: Authentication > failure > > for hormiga from 172.16.4.100 > > > > I'm authenticating from 172.16.4.100 and not from 120 > ... > > Do not know why it says > > ACCEPT from IP=172.16.4.120:52796 (IP=0.0.0.0:389) > > Does this means that is accepting connections from that IP instead if > .100? > > Ok, now pam comes into play. You never mentioned you were connecting > with ssh, so I my crystal ball made me believe you were directly > connecting to slapd with a LDAP client. Now my crystal ball is working > much better, so I'll try to make it as simple as possible. > > You connect with an ssh client from 172.16.4.100 to a sshd on > 172.16.4.120. The sshd uses pam_ldap to auth on slapd, which is > anywhere. So the LDAP connection is from the pam_ldap layer under the > sshd, which is located on 172.16.4.120, and slapd sees the LDAP > connection coming from 172.16.4.120. Simple enough? > > Perhaps, since you trust so much ACLs by IP, you should at least know > what path your connections follow. > > p. > > > > Ing. Pierangelo Masarati > OpenLDAP Core Team > > SysNet s.r.l. > via Dossi, 8 - 27100 Pavia - ITALIA > http://www.sys-net.it > --------------------------------------- > Office: +39 02 23998309 > Mobile: +39 333 4963172 > Email: [EMAIL PROTECTED] > --------------------------------------- > > > --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
