Hello I have a problem authenticating from a client RedHat 6.3 to a server RedHat 6.3 Connection is ok
I can change user when I am root with *su paula* with no problem When I change from non root to paula *su paula* : I am requested a password, but I get an incorrect password message despite the password bieng correct Here are the details : _*SERVER Configuration (obtained with slapcat) *_ The first database does not allow slapcat; using the first available one (2) bdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap: (2). Expect poor performance for suffix "dc=jcs-PC,dc=home". dn: dc=jcs-PC,dc=home dc: jcs-PC objectClass: dcObject objectClass: organization o: NETEXPANSION structuralObjectClass: organization entryUUID: b9dcdb1e-f628-1032-8eef-4f234421cd34 creatorsName: cn=ldapadmin,dc=jcs-PC,dc=home createTimestamp: 20131210205228Z entryCSN: 20131210205228.791640Z#000000#000#000000 modifiersName: cn=ldapadmin,dc=jcs-PC,dc=home modifyTimestamp: 20131210205228Z dn: ou=employes,dc=jcs-PC,dc=home objectClass: organizationalUnit ou: employes structuralObjectClass: organizationalUnit entryUUID: 2008d924-f629-1032-8ef0-4f234421cd34 creatorsName: cn=ldapadmin,dc=jcs-PC,dc=home createTimestamp: 20131210205520Z entryCSN: 20131210205520.207551Z#000000#000#000000 modifiersName: cn=ldapadmin,dc=jcs-PC,dc=home modifyTimestamp: 20131210205520Z dn: cn=Paula Bionda,ou=employes,dc=jcs-PC,dc=home cn: Paula Bionda sn: Bionda uid: paula uidNumber: 503 gidNumber: 1100 gecos: Paula Bionda homeDirectory: /home/paula shadowLastChange: 10877 shadowMin: 0 shadowMax: 999999 shadowWarning: 7 shadowInactive: -1 shadowExpire: -1 shadowFlag: 0 structuralObjectClass: person entryUUID: e4f37848-f930-1032-985a-91cf669ea788 creatorsName: cn=ldapadmin,dc=jcs-PC,dc=home createTimestamp: 20131214172830Z loginShell: /bin/bash objectClass: top objectClass: person objectClass: posixAccount objectClass: shadowAccount userPassword:: e1NTSEF9aEFzWFZFejlIa2xQSUpFSFF2SnpoZmo1cTYzdzRLUlg= entryCSN: 20131219155524.533147Z#000000#000#000000 modifiersName: cn=Paula Bionda,ou=employes,dc=jcs-PC,dc=home modifyTimestamp: 20131219155524Z dn: ou=groups,dc=jcs-PC,dc=home objectClass: organizationalUnit ou: groups structuralObjectClass: organizationalUnit entryUUID: e1a8545a-fa85-1032-84b7-a9514c4c1551 creatorsName: cn=ldapadmin,dc=jcs-PC,dc=home createTimestamp: 20131216100923Z entryCSN: 20131216100923.403228Z#000000#000#000000 modifiersName: cn=ldapadmin,dc=jcs-PC,dc=home modifyTimestamp: 20131216100923Z dn: cn=mygroup,ou=groups,dc=jcs-PC,dc=home objectClass: top objectClass: posixGroup cn: mygroup gidNumber: 1100 memberUid: paula memberUid: giuseppe structuralObjectClass: posixGroup entryUUID: c26713a0-fa9f-1032-8b7d-155dd966052d creatorsName: cn=ldapadmin,dc=jcs-PC,dc=home createTimestamp: 20131216131437Z entryCSN: 20131216131437.881194Z#000000#000#000000 modifiersName: cn=ldapadmin,dc=jcs-PC,dc=home modifyTimestamp: 20131216131437Z _*CLIENT C*__*onfiguration *_ authconfig-tui gives [] Cache Infomation [*] Use LDAP [] Use NIS [] Use IPAV2 [] Use WinBind [*] Use MD5 Passwords [*] Use Shadow Passwords [*] Use LDAP Authentication [] Use Kerboros [*] Use Fingerprint Reader [] Use Windbind Authentication [*] Local Authorization is sufficient [] Use TLS ldap://192.168.1.12/ Base DN: dc=jcs-PC,dc=home _*Result su paula *_ a) when I am logged in as root, *su paula* logs me into paula : no problem b) when I am not logged in as root and I do *su paula* I am requested a password (as expected), but then I get incorrect password despite the password being correct Here is the log Dec 19 18:49:50 jcs-PC slapd[6441]: => slap_access_allowed: backend default read access granted to "(anonymous)" Dec 19 18:49:50 jcs-PC slapd[6441]: => access_allowed: read access granted by read(=rscxd) Dec 19 18:49:50 jcs-PC slapd[6441]: conn=1005 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 19 18:49:50 jcs-PC slapd[6441]: conn=1006 fd=21 ACCEPT from IP=192.168.1.17:56000 (IP=0.0.0.0:389) Dec 19 18:49:50 jcs-PC slapd[6441]: conn=1006 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Dec 19 18:49:50 jcs-PC slapd[6441]: conn=1006 op=0 STARTTLS Dec 19 18:49:50 jcs-PC slapd[6441]: conn=1006 op=0 RESULT oid= err=0 text= Dec 19 18:49:50 jcs-PC slapd[6441]: conn=1006 fd=21 closed (TLS negotiation failure) Dec 19 19:04:43 jcs-PC slapd[6441]: conn=1005 op=4 UNBIND Dec 19 19:04:43 jcs-PC slapd[6441]: conn=1005 fd=14 closed And these are the last 2 lines of wireshark _Source_ _Destination_ _Protocol_ _Info_ 192.168.1.17(Client) 192.168.1.12 (Server) LDAP ExtendedReq LDAP_START_TLS_OID 192.168.1.12 192.168.1.17 LDAP ExtendedResp LDAP_START_TLS_OID responseName missing I am surprised about STARTLS because there seems to be nothing in my configuration files about TLS Thank you Axel --
