Opa!!!
Segue... # /etc/nsswitch.conf passwd: compat ldap group: compat ldap shadow: compat ldap hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: ldap # /etc/ldap/ldap.conf BASE dc=aticenter,dc=com,dc=br URI ldap://<IP do Servidor>:389 # /etc/pam_ldap.conf base dc=aticenter,dc=com,br uri ldap://<IP do Servidor> ldap_version 3 rootbinddn cn=toor,dc=aticenter,dc=com,dc=br pam_password crypt # /etc/pam.d/common-account account sufficient pam_ldap.so account required pam_unix.so try_first_pass # /etc/pam.d/common-auth auth sufficient pam_ldap.so auth required pam_unix.so nullok_secure use_first_pass # /etc/pam.d/common-password password sufficient pam_ldap.so password required pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass # /etc/pam.d/common-session session sufficient pam_ldap.so session optional pam_mkhomedir.so skel=/etc/skel umask=0027 Falta mais algum arquivo para configurar? Abs, On Thu, Feb 24, 2011 at 8:51 PM, Psycho Mantys <[email protected]>wrote: > 2011/2/24 Jessé Spinho <[email protected]>: > > > > Senhores, tudo tranquilo?!? > > > > > > Os arquivos para configuração do Client (autenticação no servidor LDAP) > são > > só estes: nsswitch.conf, pam_ldap.conf e ldap.conf? > > Criei um usuário para autenticar tanto no servidor LDAP como no servidor > > Client e não funcionou. Só consigo autenticar no servidor LDAP. Creio que > > esteja faltando alguma configuração de "liberação", pois quando utilizo o > > "ldapsearch -x" funciona normal nos dois servidores (autenticação PAM e > > registro nos logs do servidor LDAP funcionais com relação ao Client). > > > > Debug... > > > > Feb 24 16:39:22 labtest slapd[29328]: conn=178 op=1 SEARCH RESULT tag=101 > > err=34 nentries=0 text=invalid DN > > Feb 24 16:39:31 labtest slapd[29328]: conn=179 fd=18 ACCEPT from > > IP=172.25.0.156:50167 (IP=0.0.0.0:389) > > Feb 24 16:39:31 labtest slapd[29328]: conn=179 op=0 BIND > > dn="cn=toor,dc=aticenter,dc=com,dc=br" method=128 > > Feb 24 16:39:31 labtest slapd[29328]: conn=179 op=0 BIND > > dn="cn=toor,dc=aticenter,dc=com,dc=br" mech=SIMPLE ssf=0 > > Feb 24 16:39:31 labtest slapd[29328]: conn=179 op=0 RESULT tag=97 err=0 > > text= > > Feb 24 16:39:31 labtest slapd[29328]: conn=179 op=1 do_search: invalid dn > > (dc=aticenter,dc=com,br) > > Feb 24 16:39:31 labtest slapd[29328]: conn=179 op=1 SEARCH RESULT tag=101 > > err=34 nentries=0 text=invalid DN > > Feb 24 16:39:32 labtest slapd[29328]: conn=1 op=61 SRCH > > base="dc=aticenter,dc=com,dc=br" scope=2 deref=0 > > filter="(&(objectClass=posixAccount)(uid=caolho))" > > Feb 24 16:39:32 labtest slapd[29328]: conn=1 op=61 SRCH attr=uid > > userPassword uidNumber gidNumber cn homeDirectory loginShell gecos > > description objectClass > > Feb 24 16:39:32 labtest slapd[29328]: <= bdb_equality_candidates: (uid) > not > > indexed > > Feb 24 16:39:32 labtest slapd[29328]: conn=1 op=61 SEARCH RESULT tag=101 > > err=0 nentries=1 text= > > Feb 24 16:39:55 labtest slapd[29328]: conn=179 op=2 BIND anonymous > > mech=implicit ssf=0 > > Feb 24 16:39:55 labtest slapd[29328]: conn=179 op=2 BIND > > dn="cn=toor,dc=aticenter,dc=com,dc=br" method=128 > > Feb 24 16:39:55 labtest slapd[29328]: conn=179 op=2 BIND > > dn="cn=toor,dc=aticenter,dc=com,dc=br" mech=SIMPLE ssf=0 > > Feb 24 16:39:55 labtest slapd[29328]: conn=179 op=2 RESULT tag=97 err=0 > > text= > > Feb 24 16:39:55 labtest slapd[29328]: conn=179 op=3 do_search: invalid dn > > (dc=aticenter,dc=com,br) > > Feb 24 16:39:55 labtest slapd[29328]: conn=179 op=3 SEARCH RESULT tag=101 > > err=34 nentries=0 text=invalid DN > > Feb 24 16:40:00 labtest slapd[29328]: conn=179 op=4 BIND anonymous > > mech=implicit ssf=0 > > Feb 24 16:40:00 labtest slapd[29328]: conn=179 op=4 BIND > > dn="cn=toor,dc=aticenter,dc=com,dc=br" method=128 > > Feb 24 16:40:00 labtest slapd[29328]: conn=179 op=4 BIND > > dn="cn=toor,dc=aticenter,dc=com,dc=br" mech=SIMPLE ssf=0 > > Feb 24 16:40:00 labtest slapd[29328]: conn=179 op=4 RESULT tag=97 err=0 > > text= > > Feb 24 16:40:00 labtest slapd[29328]: conn=179 op=5 do_search: invalid dn > > (dc=aticenter,dc=com,br) > > Feb 24 16:40:00 labtest slapd[29328]: conn=179 op=5 SEARCH RESULT tag=101 > > err=34 nentries=0 text=invalid DN > > Feb 24 16:40:00 labtest slapd[29328]: conn=178 op=2 do_search: invalid dn > > (dc=aticenter,dc=com,br) > > Feb 24 16:40:00 labtest slapd[29328]: conn=178 op=2 SEARCH RESULT tag=101 > > err=34 nentries=0 text=invalid DN > > Feb 24 16:40:02 labtest slapd[29328]: conn=179 op=6 UNBIND > > Feb 24 16:40:02 labtest slapd[29328]: conn=179 fd=18 closed > > Feb 24 16:41:50 labtest slapd[29328]: conn=180 fd=18 ACCEPT from > > IP=172.25.0.156:50168 (IP=0.0.0.0:389) > > Feb 24 16:41:50 labtest slapd[29328]: conn=180 op=0 BIND > > dn="cn=toor,dc=aticenter,dc=com,dc=br" method=128 > > Feb 24 16:41:50 labtest slapd[29328]: conn=180 op=0 BIND > > dn="cn=toor,dc=aticenter,dc=com,dc=br" mech=SIMPLE ssf=0 > > Feb 24 16:41:50 labtest slapd[29328]: conn=180 op=0 RESULT tag=97 err=0 > > text= > > Feb 24 16:41:50 labtest slapd[29328]: conn=180 op=1 do_search: invalid dn > > (dc=aticenter,dc=com,br) > > Feb 24 16:41:50 labtest slapd[29328]: conn=180 op=1 SEARCH RESULT tag=101 > > err=34 nentries=0 text=invalid DN > > Feb 24 16:41:50 labtest slapd[29328]: conn=180 op=2 UNBIND > > Feb 24 16:41:50 labtest slapd[29328]: conn=180 fd=18 closed > > Feb 24 16:44:47 labtest slapd[29328]: conn=1 op=62 SRCH > > base="dc=aticenter,dc=com,dc=br" scope=2 deref=0 > > filter="(&(objectClass=posixAccount)(uid=noel))" > > Feb 24 16:44:47 labtest slapd[29328]: conn=1 op=62 SRCH attr=uid > > userPassword uidNumber gidNumber cn homeDirectory loginShell gecos > > description objectClass > > Feb 24 16:44:47 labtest slapd[29328]: <= bdb_equality_candidates: (uid) > not > > indexed > > Feb 24 16:44:47 labtest slapd[29328]: conn=1 op=62 SEARCH RESULT tag=101 > > err=0 nentries=1 text= > > > > -- > > > > ######################################################################################################### > > > Voce quer dizer que o pam da maquina nao esta autenticando usando o ldap? > > > Se for isso, acho bom vc revisar as regras do pam. Manda ai os > arquivos de configuração que fica melhor de ver qual o erro. > > > -- > Mi blog eres su blog: https://www.lccv.ufal.br/~psycho/ > @psycho_mantys : http://twitter.com/psycho_mantys > http://www.slackware.com > U.L. : 450347 > Fnord > > -- > GUS-BR - Grupo de Usuários de Slackware Brasil > http://www.slackwarebrasil.org/ > http://groups.google.com/group/slack-users-br > > Antes de perguntar: > http://www.istf.com.br/perguntas/ > > Para sair da lista envie um e-mail para: > [email protected] -- Jessé Spinho _________________________ *"**Humanidade acima de tudo... **Juntos por um mundo mais digno!!!" * -- GUS-BR - Grupo de Usuários de Slackware Brasil http://www.slackwarebrasil.org/ http://groups.google.com/group/slack-users-br Antes de perguntar: http://www.istf.com.br/perguntas/ Para sair da lista envie um e-mail para: [email protected]
