« Return to Thread: Need help determining cause of login problem
Need help determining cause of login problem
by Bugzilla from juergen@starek.net
::
Rate this Message:
Hello everyone,
I am having trouble with authenticating users listed in an LDAP directory.
On my network, I set up an LDAP server and a client that tries to
authenticate using the server. Both machines run Debian Etch.
Client and Server setup are done according to tutorials on the net, and
where they contradicted themselves, O'Reilly's "LDAP System
Administration".
I have populated the database with a "users" group and a sample
posixAccount. The server works fine: I can connect to it from the client
using GQ and a simple bind for the rootdn. Also, calling ldapsearch -x
on the
client gives me the complete list of entries in the server's database.
A "getent passwd" on the client shows my sample account on the LDAP
directory
as if it were in the local passwd file, just as it's supposed to do.
However, I can't log in. My nsswitch.conf uses LDAP as a password data
source, and I see network traffic at each login attempt. Passwords are
stored as an MD5 hash in the LDAP database, but trying CRYPT or PLAIN
did not change anything. As mentioned above, binding to the server using
rootdn works fine. Only binding as a user does not seem to work...
Here's a log extract from /var/log/auth.log:
testbox login[3850]: pam_ldap: ldap_search_s No such object
testbox login[3850]: pam_ldap: ldap_search_s No such object
testbox login[3850]: (pam_unix) authentication failure; logname= uid=0
euid=0
tty=pts/0 ruser= rhost= user=testuser
testbox login[3850]: FAILED LOGIN (1) auf "pts/0" FOR `testuser',
Authentication failure
Can anyone help me diagnose this problem further? Any help would be
appreciated.
Regards,
Jürgen
I am having trouble with authenticating users listed in an LDAP directory.
On my network, I set up an LDAP server and a client that tries to
authenticate using the server. Both machines run Debian Etch.
Client and Server setup are done according to tutorials on the net, and
where they contradicted themselves, O'Reilly's "LDAP System
Administration".
I have populated the database with a "users" group and a sample
posixAccount. The server works fine: I can connect to it from the client
using GQ and a simple bind for the rootdn. Also, calling ldapsearch -x
on the
client gives me the complete list of entries in the server's database.
A "getent passwd" on the client shows my sample account on the LDAP
directory
as if it were in the local passwd file, just as it's supposed to do.
However, I can't log in. My nsswitch.conf uses LDAP as a password data
source, and I see network traffic at each login attempt. Passwords are
stored as an MD5 hash in the LDAP database, but trying CRYPT or PLAIN
did not change anything. As mentioned above, binding to the server using
rootdn works fine. Only binding as a user does not seem to work...
Here's a log extract from /var/log/auth.log:
testbox login[3850]: pam_ldap: ldap_search_s No such object
testbox login[3850]: pam_ldap: ldap_search_s No such object
testbox login[3850]: (pam_unix) authentication failure; logname= uid=0
euid=0
tty=pts/0 ruser= rhost= user=testuser
testbox login[3850]: FAILED LOGIN (1) auf "pts/0" FOR `testuser',
Authentication failure
Can anyone help me diagnose this problem further? Any help would be
appreciated.
Regards,
Jürgen
signature.asc (194 bytes) « Return to Thread: Need help determining cause of login problem
| Free Forum Powered by Nabble | Forum Help |