|
»
»
»
« Return to Thread: Active Directory pam_ldap search returns 0 results
Active Directory pam_ldap search returns 0 results
by dstensrud
::
Rate this Message:
Okay. I started using wireshark to monitor the information going back and forth between the AD and my linux machine. I'm trying to authenticate users through AD via pam_ldap. I can make a successful bind but when the user goes to do the search it doesn't return results. I have the same exact setup in another office and it works fine, but this one that I'm working on, the AD isn't mine, and I don't have access to it. If I issue an ldapsearch from the command line it works.. here is an example:
LDAPSEARCH COMMAND:
================
ldapsearch -vvv -x -W -D binduser@hops.org -LLL "(&(objectclass=User)(sAMAccountName=jsmith))"
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
filter: (&(objectclass=User)(sAMAccountName=jsmith))
requesting: All userApplication attributes
dn: CN=jsmith,OU=Contrators,DC=hops,DC=org
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: jsmith
description: Jimmy
givenName: jsmith
distinguishedName: CN=jsmith,OU=Contrators,DC=hops,DC=org
instanceType: 4
whenCreated: 20061219205530.0Z
whenChanged: 20070101204220.0Z
displayName: jsmith
uSNCreated: 2206049
uSNChanged: 2651279
homeMTA: CN=Microsoft MTA,CN=RH-EXCH,CN=Servers,CN=hops,CN=Administrative G
roups,CN=hops,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=HopS,DC=org
proxyAddresses: smtp:jsmith@hops.org
proxyAddresses: X400:c=US;a= ;p=hops;o=Exchange;s=jsmith;
proxyAddresses: SMTP:jsmith@hops.org
homeMDB: CN=Mailbox Store 4 (RH-EXCH),CN=First Storage Group,CN=InformationSto
re,CN=RH-EXCH,CN=Servers,CN=hops,CN=Administrative Groups,CN=hops,CN=Mi
crosoft Exchange,CN=Services,CN=Configuration,DC=hops,DC=org
mDBUseDefaults: TRUE
mailNickname: jsmith
name: jsmith
objectGUID:: nWOUBbOPdUW+jSjR8nEWlg==
userAccountControl: 66048
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 128112802965635188
lastLogon: 128112803066418373
pwdLastSet: 128110353306467105
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAVQehjxr3HWeam6GFVREAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: jsmith
sAMAccountType: 805306368
showInAddressBook: CN=Default Global Address List,CN=All Global Address Lists,
CN=Address Lists Container,CN=hops,CN=Microsoft Exchange,CN=Services,CN=Co
nfiguration,DC=hops,DC=org
showInAddressBook: CN=All Users,CN=All Address Lists,CN=Address Lists Containe
r,CN=hops,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=hops,DC
=org
legacyExchangeDN: /o=hops/ou=First Administrative Group/cn=Recipients/cn=wo
rltracuser
userPrincipalName: jsmith@hops.org
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=hops,DC=org
lastLogonTimestamp: 128121577405726786
textEncodedORAddress: c=US;a= ;p=hops;o=Exchange;s=jsmith;
mail: jsmith@hops.org
msExchHomeServerName: /o=hops/ou=First Administrative Group/cn=Configuratio
n/cn=Servers/cn=RH-EXCH
msExchALObjectVersion: 49
msExchMailboxSecurityDescriptor:: AQAEgHgAAACUAAAAAAAAABQAAAAEAGQAAQAAAAACFAAD
AAIAAQEAAAAAAAUKAAAAAAAAAEMASAA6ADMAMgA2ADgAAAAAAQAAAAEAAAEAAAAgAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQUAAAAAAAUVAAAAVQehjxr3HWeam6GFHgUAAA
EFAAAAAAAFFQAAAFUHoY8a9x1nmpuhhR4FAAA=
msExchUserAccountControl: 0
msExchMailboxGuid:: qsncZEFiX0SylodSUv+TWQ==
msExchPoliciesIncluded: {2F6B8623-374D-4B15-B808-CB6FAFCE6F64},{26491CFC-9E50-
4857-861B-0CB8DF22B5D7}
=======================
Okay, now if I try to ssh into my machine which is setup to use pam_ldap to verify the password against this AD it fails. Here is the info. wireshark is showing me:
WIRESHARK INFO
===============
[The RTT to ACK the segment was: 0.001563000 seconds]
Lightweight-Directory-Access-Protocol
LDAPMessage bindResponse(1)
messageID: 1
protocolOp: bindResponse (1)
bindResponse
resultCode: success (0)
[Response To: 30]
[Time: 0.001563000 seconds]
Frame 32 (66 bytes on wire, 66 byt
----------- so far so good, it just bound -----------------
------- okay now its going to issue the search-------------
NOP
Timestamps: TSval 1113900, TSecr 20408054
Lightweight-Directory-Access-Protocol
LDAPMessage searchRequest(2) "cn=Users,dc=hops,dc=org" wholeSubtree
messageID: 2
protocolOp: searchRequest (3)
searchRequest
baseObject: cn=Users,dc=hops,dc=org
scope: wholeSubtree (2)
derefAliases: neverDerefAliases (0)
sizeLimit: 1
timeLimit: 0
typesOnly: False
Filter: (&(objectclass=user)(sAMAccountName=jsmith))
and: (&(objectclass=user)(sAMAccountName=jsmith))
Filter: (objectclass=user)
equalityMatch
attributeDesc: objectclass
assertionValue: user
Filter: (sAMAccountName=jsmith)
equalityMatch
attributeDesc: sAMAccountName
assertionValue: jsmith
attributes: 0 items
Frame 34 (88 bytes on wire, 88 bytes captured)
----------------- okay still so far so good... -------------------------
------------------- here is where there should be results.. but theres not --------------------
[This is an ACK to the segment in frame: 27]
[The RTT to ACK the segment was: 0.002079000 seconds]
Lightweight-Directory-Access-Protocol
LDAPMessage searchResDone(5) [0 results]
messageID: 5
protocolOp: searchResDone (5)
searchResDone
resultCode: success (0)
[Response To: 27]
[Time: 0.002079000 seconds]
Frame 35 (66 bytes on wire, 66 bytes c
=========END WIRESHARK INFO===========
I have another environment setup using this same setup and it works fine.. there are results in the search and everything.. Please help... Thanks, in advance.
LDAPSEARCH COMMAND:
================
ldapsearch -vvv -x -W -D binduser@hops.org -LLL "(&(objectclass=User)(sAMAccountName=jsmith))"
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
filter: (&(objectclass=User)(sAMAccountName=jsmith))
requesting: All userApplication attributes
dn: CN=jsmith,OU=Contrators,DC=hops,DC=org
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: jsmith
description: Jimmy
givenName: jsmith
distinguishedName: CN=jsmith,OU=Contrators,DC=hops,DC=org
instanceType: 4
whenCreated: 20061219205530.0Z
whenChanged: 20070101204220.0Z
displayName: jsmith
uSNCreated: 2206049
uSNChanged: 2651279
homeMTA: CN=Microsoft MTA,CN=RH-EXCH,CN=Servers,CN=hops,CN=Administrative G
roups,CN=hops,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=HopS,DC=org
proxyAddresses: smtp:jsmith@hops.org
proxyAddresses: X400:c=US;a= ;p=hops;o=Exchange;s=jsmith;
proxyAddresses: SMTP:jsmith@hops.org
homeMDB: CN=Mailbox Store 4 (RH-EXCH),CN=First Storage Group,CN=InformationSto
re,CN=RH-EXCH,CN=Servers,CN=hops,CN=Administrative Groups,CN=hops,CN=Mi
crosoft Exchange,CN=Services,CN=Configuration,DC=hops,DC=org
mDBUseDefaults: TRUE
mailNickname: jsmith
name: jsmith
objectGUID:: nWOUBbOPdUW+jSjR8nEWlg==
userAccountControl: 66048
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 128112802965635188
lastLogon: 128112803066418373
pwdLastSet: 128110353306467105
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAVQehjxr3HWeam6GFVREAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: jsmith
sAMAccountType: 805306368
showInAddressBook: CN=Default Global Address List,CN=All Global Address Lists,
CN=Address Lists Container,CN=hops,CN=Microsoft Exchange,CN=Services,CN=Co
nfiguration,DC=hops,DC=org
showInAddressBook: CN=All Users,CN=All Address Lists,CN=Address Lists Containe
r,CN=hops,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=hops,DC
=org
legacyExchangeDN: /o=hops/ou=First Administrative Group/cn=Recipients/cn=wo
rltracuser
userPrincipalName: jsmith@hops.org
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=hops,DC=org
lastLogonTimestamp: 128121577405726786
textEncodedORAddress: c=US;a= ;p=hops;o=Exchange;s=jsmith;
mail: jsmith@hops.org
msExchHomeServerName: /o=hops/ou=First Administrative Group/cn=Configuratio
n/cn=Servers/cn=RH-EXCH
msExchALObjectVersion: 49
msExchMailboxSecurityDescriptor:: AQAEgHgAAACUAAAAAAAAABQAAAAEAGQAAQAAAAACFAAD
AAIAAQEAAAAAAAUKAAAAAAAAAEMASAA6ADMAMgA2ADgAAAAAAQAAAAEAAAEAAAAgAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQUAAAAAAAUVAAAAVQehjxr3HWeam6GFHgUAAA
EFAAAAAAAFFQAAAFUHoY8a9x1nmpuhhR4FAAA=
msExchUserAccountControl: 0
msExchMailboxGuid:: qsncZEFiX0SylodSUv+TWQ==
msExchPoliciesIncluded: {2F6B8623-374D-4B15-B808-CB6FAFCE6F64},{26491CFC-9E50-
4857-861B-0CB8DF22B5D7}
=======================
Okay, now if I try to ssh into my machine which is setup to use pam_ldap to verify the password against this AD it fails. Here is the info. wireshark is showing me:
WIRESHARK INFO
===============
[The RTT to ACK the segment was: 0.001563000 seconds]
Lightweight-Directory-Access-Protocol
LDAPMessage bindResponse(1)
messageID: 1
protocolOp: bindResponse (1)
bindResponse
resultCode: success (0)
[Response To: 30]
[Time: 0.001563000 seconds]
Frame 32 (66 bytes on wire, 66 byt
----------- so far so good, it just bound -----------------
------- okay now its going to issue the search-------------
NOP
Timestamps: TSval 1113900, TSecr 20408054
Lightweight-Directory-Access-Protocol
LDAPMessage searchRequest(2) "cn=Users,dc=hops,dc=org" wholeSubtree
messageID: 2
protocolOp: searchRequest (3)
searchRequest
baseObject: cn=Users,dc=hops,dc=org
scope: wholeSubtree (2)
derefAliases: neverDerefAliases (0)
sizeLimit: 1
timeLimit: 0
typesOnly: False
Filter: (&(objectclass=user)(sAMAccountName=jsmith))
and: (&(objectclass=user)(sAMAccountName=jsmith))
Filter: (objectclass=user)
equalityMatch
attributeDesc: objectclass
assertionValue: user
Filter: (sAMAccountName=jsmith)
equalityMatch
attributeDesc: sAMAccountName
assertionValue: jsmith
attributes: 0 items
Frame 34 (88 bytes on wire, 88 bytes captured)
----------------- okay still so far so good... -------------------------
------------------- here is where there should be results.. but theres not --------------------
[This is an ACK to the segment in frame: 27]
[The RTT to ACK the segment was: 0.002079000 seconds]
Lightweight-Directory-Access-Protocol
LDAPMessage searchResDone(5) [0 results]
messageID: 5
protocolOp: searchResDone (5)
searchResDone
resultCode: success (0)
[Response To: 27]
[Time: 0.002079000 seconds]
Frame 35 (66 bytes on wire, 66 bytes c
=========END WIRESHARK INFO===========
I have another environment setup using this same setup and it works fine.. there are results in the search and everything.. Please help... Thanks, in advance.
« Return to Thread: Active Directory pam_ldap search returns 0 results
| Free Forum Powered by Nabble | Forum Help |