Find the answer to your Linux question:
Results 1 to 2 of 2
Hello, I have a pc which authenticate with an openldap server. When I installed the ldap server I imported de users of the pc. Now I am able to authenticate ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2009
    Posts
    8

    Authenticate new users with LDAP


    Hello,

    I have a pc which authenticate with an openldap server. When I installed the ldap server I imported de users of the pc. Now I am able to authenticate the imported users but not with the users created by the LDAP Account Manager
    I think that the user is right because I can do a search using this new user.

    The configuration of my client is:

    ldap.conf:

    HOST neptu.up.edu
    PORT 636

    TLS_CACERT /etc/ldap/ssl/cacert.pem
    TLS_REQCERT never

    nsswitch.conf

    passwd: ldap files
    group: ldap files
    shadow: ldap files

    hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
    networks: files

    protocols: db files
    services: db files
    ethers: db files
    rpc: db files

    netgroup: nis

    common-account

    account sufficient pam_ldap.so
    account required pam_unix.so
    session required pam_mkhomedir.so skel=/etc/skel/ umask=0077

    common-auth

    auth sufficient pam_ldap.so
    auth required pam_unix.so nullok_secure use_first_pass

    common-password

    password sufficient pam_ldap.so
    password required pam_unix.so nullok obscure min=4 max=8 md5

    common-session

    session sufficient pam_ldap.so
    session required pam_unix.so

    Client LOGS (auth.log)

    Nov 25 17:13:38 test sshd[2974]: Invalid user albert from 140.82.35.32
    Nov 25 17:13:38 test sshd[2974]: Failed none for invalid user aaaa from 140.82.35.32 port 38940 ssh2
    Nov 25 17:13:41 test sshd[2974]: pam_ldap: error trying to bind as user "uid=albert,ou=People,dc=aba,dc=pc,dc=edu" (Invalid credentials)
    Nov 25 17:13:41 test sshd[2974]: (pam_unix) check pass; user unknown
    Nov 25 17:13:41 test sshd[2974]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=pcma.aba.pc.edu
    Nov 25 17:13:43 test sshd[2974]: Failed password for invalid user aaaa from 140.82.35.32 port 38940 ssh2

    Server LOGS

    conn=0 fd=15 ACCEPT from IP=140.82.35.21:52083 (IP=0.0.0.0:636)
    conn=0 fd=15 TLS established tls_ssf=256 ssf=256
    conn=0 op=0 BIND dn="cn=admin,dc=aba,dc=pc,dc=edu" method=128
    conn=0 op=0 BIND dn="cn=admin,dc=aba,dc=pc,dc=edu" mech=SIMPLE ssf=0
    conn=0 op=0 RESULT tag=97 err=0 text=
    conn=0 op=1 SRCH base="dc=aba,dc=pc,dc=edu" scope=2 deref=0 filter="(uid=albert)"
    <= bdb_equality_candidates: (uid) not indexed
    conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
    conn=0 op=2 BIND anonymous mech=implicit ssf=0
    conn=0 op=2 BIND dn="uid=albert,ou=People,dc=aba,dc=pc,dc=edu" method=128
    slap_global_control: unrecognized control: 1.3.6.1.4.1.42.2.27.8.5.1
    conn=0 op=2 RESULT tag=97 err=49 text=
    conn=0 op=3 BIND dn="cn=admin,dc=aba,dc=pc,dc=edu" method=128
    conn=0 op=3 BIND dn="cn=admin,dc=aba,dc=pc,dc=edu" mech=SIMPLE ssf=0
    conn=0 op=3 RESULT tag=97 err=0 text=

    Thanks

  2. #2
    Just Joined!
    Join Date
    Nov 2009
    Posts
    8
    Extra information:

    I am able to do a search, from the linux box who wants to do the linux authenticate, using the new user.

    ldapsearch -x -b 'dc=aba,dc=pc,dc=edu' -D "uid=albert,ou=People,dc=aba,dc=pc,dc=edu" -H ldaps://neptu.aba.pc.edu -d 256 '(objectclass=*)' -W

    Any idea?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •