|
»
»
»
« Return to Thread: Authentication Failure In pam_ldap ?
Authentication Failure In pam_ldap ?
by Jyotishmaan
::
Rate this Message:
Dear pam_ldap experts,
This is Jyotishmaan. Please let me know why i am getting these errors, while executing ssh command. before that i would like to say this that this user is there in my ldap server. Proof of this is given below this command sample output which i got by executing the command, finger "jmaan".
[root@authdns etc]# ssh authdns.nits.ac.in -l jmaan
jmaan@authdns.nits.ac.in's password:
Permission denied, please try again.
jmaan@authdns.nits.ac.in's password:
Permission denied, please try again.
jmaan@authdns.nits.ac.in's password:
Permission denied (publickey,gssapi-with-mic,password).
[root@authdns etc]#
[root@authdns etc]# finger jmaan
Login: jmaan Name: jmaan
Directory: /home/jmaan Shell: /bin/bash
Last login Wed Nov 28 19:29 (IST) on pts/6 from authdns.nits.ac.in
No mail.
No Plan.
[root@authdns etc]#
The output of the command- id "jmaan", is also given below:-
[root@authdns etc]# id jmaan
uid=623(jmaan) gid=623 groups=623 context=root:system_r:unconfined_t:s0-s0:c0.c1023
[root@authdns etc]#
This is the proof, that both the users are there in my ldap server database.Now please look at below the lines of /etc/ldap.conf file of my ldap server machine are also shown as below:-
[root@authdns etc]# grep '^[^#]' /etc/ldap.conf
host 127.0.0.1
base dc=nits,dc=ac,dc=in
uri ldap://127.0.0.1/
ldap_version 3
scope sub
timelimit 120
bind_timelimit 120
bind_policy hard
idle_timelimit 3600
pam_filter objectclass=posixAccount
pam_login_attribute uid
nss_base_passwd uid=jmaan,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in
nss_base_passwd uid=ldapusr,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon
pam_sasl_mech DIGEST-MD5
uri ldap://127.0.0.1/
ssl no
tls_cacertdir /etc/openldap/cacerts
sasl_authid nssldap/localhost.localdomain
rootuse_sasl yes
rootsasl_auth_id nssldap/localhost.localdomain
pam_password md5
[root@authdns etc]#
Please let me know what went wrong or has to be included in this file.
Also the output of the command,
/usr/bin/authconfig-tui
where i had set up the Authentication configuration using LDAP, that uses MD 5 password, and Local Authorization (i dont knw however if this is important).
The authentication configuartion can also be set using the command:-
system-config-authentication
where the configuration can be set up through the GUI.
Now please tell me why this command is also not executing:-
ldapwhoami
Should i use the Manager's (of LDAP server having all adminitrative privileges) or simpy userid- root's password.( MD5 password )?
When i used the Manager's MD5 password i got the following error:-
[root@authdns etc]# ldapwhoami
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in database
[root@authdns etc]#
Also please see the log of /var/log/messages file for the errors when the user ldapusr/ jmaan tried logging onto the LDAP server machine, through the GUI of Linux fedora os.
Dec 12 14:30:41 authdns gdm[4091]: Couldn't authenticate user
Dec 12 14:30:50 authdns gdm[4091]: pam_ldap: error trying to bind as user "uid=jmaan,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in" (Invalid credentials)
Dec 12 14:30:52 authdns gdm[4091]: Couldn't authenticate user
Dec 12 14:31:00 authdns gdm[4091]: pam_ldap: error trying to bind as user "uid=ldapusr,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in" (Invalid credentials)
All these above lines were got with slightly different version of /etc/ldap.conf.
The following lines of /var/log/messages were obtained from the above version of /etc/ldap.conf file as mentioned above.
Dec 12 15:15:36 authdns gdm[4091]: Couldn't authenticate user
Dec 12 15:16:13 authdns gdm[4091]: Couldn't authenticate user
Dec 12 15:16:56 authdns last message repeated 3 times
Dec 12 15:17:05 authdns gconfd (root-14308): starting (version 2.18.0.1), pid 14308 user 'root'
Dec 12 15:17:05 authdns gconfd (root-14308): Resolved address "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration source at position 0
Dec 12 15:17:05 authdns gconfd (root-14308): Resolved address "xml:readwrite:/root/.gconf" to a writable configuration source at position 1
Dec 12 15:17:05 authdns gconfd (root-14308): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2
Dec 12 15:17:06 authdns gconfd (root-14308): Resolved address "xml:readwrite:/root/.gconf" to a writable configuration source at position 0
Dec 12 15:17:08 authdns setroubleshoot: [rpc.ERROR] attempt to open server connection failed: (2, 'No such file or directory'
Please kindly let me where and why my authentication is failing ???
With Warm Cheering Regards,
Jyotishmaanldap.conf
This is Jyotishmaan. Please let me know why i am getting these errors, while executing ssh command. before that i would like to say this that this user is there in my ldap server. Proof of this is given below this command sample output which i got by executing the command, finger "jmaan".
[root@authdns etc]# ssh authdns.nits.ac.in -l jmaan
jmaan@authdns.nits.ac.in's password:
Permission denied, please try again.
jmaan@authdns.nits.ac.in's password:
Permission denied, please try again.
jmaan@authdns.nits.ac.in's password:
Permission denied (publickey,gssapi-with-mic,password).
[root@authdns etc]#
[root@authdns etc]# finger jmaan
Login: jmaan Name: jmaan
Directory: /home/jmaan Shell: /bin/bash
Last login Wed Nov 28 19:29 (IST) on pts/6 from authdns.nits.ac.in
No mail.
No Plan.
[root@authdns etc]#
The output of the command- id "jmaan", is also given below:-
[root@authdns etc]# id jmaan
uid=623(jmaan) gid=623 groups=623 context=root:system_r:unconfined_t:s0-s0:c0.c1023
[root@authdns etc]#
This is the proof, that both the users are there in my ldap server database.Now please look at below the lines of /etc/ldap.conf file of my ldap server machine are also shown as below:-
[root@authdns etc]# grep '^[^#]' /etc/ldap.conf
host 127.0.0.1
base dc=nits,dc=ac,dc=in
uri ldap://127.0.0.1/
ldap_version 3
scope sub
timelimit 120
bind_timelimit 120
bind_policy hard
idle_timelimit 3600
pam_filter objectclass=posixAccount
pam_login_attribute uid
nss_base_passwd uid=jmaan,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in
nss_base_passwd uid=ldapusr,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon
pam_sasl_mech DIGEST-MD5
uri ldap://127.0.0.1/
ssl no
tls_cacertdir /etc/openldap/cacerts
sasl_authid nssldap/localhost.localdomain
rootuse_sasl yes
rootsasl_auth_id nssldap/localhost.localdomain
pam_password md5
[root@authdns etc]#
Please let me know what went wrong or has to be included in this file.
Also the output of the command,
/usr/bin/authconfig-tui
where i had set up the Authentication configuration using LDAP, that uses MD 5 password, and Local Authorization (i dont knw however if this is important).
The authentication configuartion can also be set using the command:-
system-config-authentication
where the configuration can be set up through the GUI.
Now please tell me why this command is also not executing:-
ldapwhoami
Should i use the Manager's (of LDAP server having all adminitrative privileges) or simpy userid- root's password.( MD5 password )?
When i used the Manager's MD5 password i got the following error:-
[root@authdns etc]# ldapwhoami
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in database
[root@authdns etc]#
Also please see the log of /var/log/messages file for the errors when the user ldapusr/ jmaan tried logging onto the LDAP server machine, through the GUI of Linux fedora os.
Dec 12 14:30:41 authdns gdm[4091]: Couldn't authenticate user
Dec 12 14:30:50 authdns gdm[4091]: pam_ldap: error trying to bind as user "uid=jmaan,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in" (Invalid credentials)
Dec 12 14:30:52 authdns gdm[4091]: Couldn't authenticate user
Dec 12 14:31:00 authdns gdm[4091]: pam_ldap: error trying to bind as user "uid=ldapusr,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in" (Invalid credentials)
All these above lines were got with slightly different version of /etc/ldap.conf.
The following lines of /var/log/messages were obtained from the above version of /etc/ldap.conf file as mentioned above.
Dec 12 15:15:36 authdns gdm[4091]: Couldn't authenticate user
Dec 12 15:16:13 authdns gdm[4091]: Couldn't authenticate user
Dec 12 15:16:56 authdns last message repeated 3 times
Dec 12 15:17:05 authdns gconfd (root-14308): starting (version 2.18.0.1), pid 14308 user 'root'
Dec 12 15:17:05 authdns gconfd (root-14308): Resolved address "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration source at position 0
Dec 12 15:17:05 authdns gconfd (root-14308): Resolved address "xml:readwrite:/root/.gconf" to a writable configuration source at position 1
Dec 12 15:17:05 authdns gconfd (root-14308): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2
Dec 12 15:17:06 authdns gconfd (root-14308): Resolved address "xml:readwrite:/root/.gconf" to a writable configuration source at position 0
Dec 12 15:17:08 authdns setroubleshoot: [rpc.ERROR] attempt to open server connection failed: (2, 'No such file or directory'
Please kindly let me where and why my authentication is failing ???
With Warm Cheering Regards,
Jyotishmaanldap.conf
« Return to Thread: Authentication Failure In pam_ldap ?
| Free Forum Powered by Nabble | Forum Help |