The error message for the failed authentication should be in oned.log. This is an example of a failed authentication:
--8<------ Wed Dec 7 18:50:40 2011 [ReM][D]: UserInfo method invoked Wed Dec 7 18:50:43 2011 [AuM][D]: Message received: LOG I 0 Command execution f ail: /Users/jfontan/tmp/borrar/git/one/install/var/remotes/auth/default/authenti cate 'user' '-' password Wed Dec 7 18:50:43 2011 [AuM][I]: Command execution fail: /Users/jfontan/tmp/bo rrar/git/one/install/var/remotes/auth/ldap/authenticate 'user' '-' password Wed Dec 7 18:50:43 2011 [AuM][D]: Message received: LOG I 0 User user not found Wed Dec 7 18:50:43 2011 [AuM][I]: User user not found Wed Dec 7 18:50:43 2011 [AuM][D]: Message received: LOG I 0 ExitCode: 255 Wed Dec 7 18:50:43 2011 [AuM][I]: ExitCode: 255 Wed Dec 7 18:50:43 2011 [AuM][D]: Message received: AUTHENTICATE FAILURE 0 - Wed Dec 7 18:50:43 2011 [AuM][E]: Auth Error: Wed Dec 7 18:50:43 2011 [ReM][E]: [UserInfo] User couldn't be authenticated, ab orting call. ------>8-- Check that the script executed is ldap/authenticate and the user/password sent to it is correct. Also, are you using 3.0 or code in master/3.2 branch? The configuration is slightly different. On Thu, Jan 5, 2012 at 5:34 PM, Olivier Sallou <[email protected]> wrote: > Hi, > I am testing the ldap auth with one 3 but it fails. > Is there a way to debug this? > > #:/etc/one/auth# oneuser list > [UserPoolInfo] User couldn't be authenticated, aborting call. > > My ONE_AUTH file is present with format: > myuserid:ldap:myuserpassword > > In oned.conf: > AUTH_MAD = [ > executable = "one_auth_mad", > arguments = "--authn ssh,ldap,server_cipher" > ] > > > > And my ldap_auth.conf: > > # Ldap authentication method > :auth_method: :simple > > # Ldap server > :host: dsldap > :port: 389 > > # base hierarchy where to search for users and groups > :base: 'ou=People,dc=genouest,dc=org' > > # group the users need to belong to. If not set any user will do > #:group: 'cn=cloud,ou=groups,dc=domain' > > # field that holds the user name, if not set 'cn' will be used > :user_field: 'uid' > > > I do not use group to restrict users. > > Thanks > > Olivier > > > > -- > > gpg key id: 4096R/326D8438 (pgp.mit.edu) > Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438 > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org -- Javier Fontán Muiños Project Engineer OpenNebula - The Open Source Toolkit for Data Center Virtualization www.OpenNebula.org | [email protected] | @OpenNebula _______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
