[lsc-users] LSC Password Issue

Wed, 19 Nov 2014 11:45:18 -0800 

Hi List,

I am setting up LSC to sync AD to OpenLDAP.  Everything looks fine except the 
password does not work.

The backgrounds:

Source: Windows 2008 R2 Active Directory, 64-bit
Destination: OpenLDAP: 2.4.23, 64-bit running on CentOS 6.5, 64-bit
LSC: 2.1.1
JDK: Oracle/Sun 1.7.0_71
Password: Use AD as the main password store, configure the OpenLDAP directory 
server to redirect authentications there, via SASL and LDAP binds per 
instructions

The CentOS is configured to allow SSH login only.  After sync OpenLDAP with AD, 
I got all users' information with userPassword of SASL format.  I can login to 
CentOS system with SSH key but not with password.  Running sudo also failed 
because the password is not recognized.  When I run "su -" command the system 
asks me twice, see below, for root password before I can su to root.

I have provided the following information for your reference.  Could someone 
please take a look and let me know what I have done incorrectly?

Thanks,

Wei

login as: lscuser
Authenticating with public key "imported-openssh-key"
Last login: Fri Nov 14 09:35:33 2014 from pc.domain.net

$ cat /etc/redhat-release
CentOS release 6.5 (Final)

$ uname -a
Linux lsc.domain.net 2.6.32-431.11.2.el6.x86_64 #1 SMP Tue Mar 25 19:59:55 UTC 
2014 x86_64 x86_64 x86_64 GNU/Linux

$ getent passwd lscuser
lscuser:*:25017:10:LSC User:/home/lscuser:/bin/bash

$ su -
Password:
LDAP Password:

# testsaslauthd -u lscuser -p P@ssw0rd
0: OK "Success."

$ ldapsearch -x -hlocalhost -bdc=domain,dc=net uid=iscuser
...
...
userPassword:: e1NBU0x9d2hvQGJvYXJkdmFudGFnZS5uZXQ=

$ sudo su -
[sudo] password for lscuser:
Sorry, try again.
[sudo] password for lscuser:
Sorry, try again.
[sudo] password for lscuser:
Sorry, try again.
sudo: 3 incorrect password attempts

$ saslauthd -v
saslauthd 2.1.23
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap
                                          
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Reply via email to