|
ldap authen problem
Hi there I have openldap install by apt-get on Debian Lenny
I have ldap server (tow1) and ldap client (tow2) on tow1, I also install ldap client package when I ssh from somewhere else it can log in as ldap user successfully. on tow2, I only install ldap client package when I ssh from somewhere else it can not log in as ldap user. And also at log file has very strange port Here is the log files Mar 16 17:42:32 tow1 sshd[10745]: Invalid user nsuda from 192.168.1.208 Mar 16 17:42:32 tow1 sshd[10745]: Failed none for invalid user nsuda from 192.168.1.208 port 58807 ssh2 Mar 16 17:42:34 tow1 sshd[10745]: pam_unix(sshd:auth): check pass; user unknown Mar 16 17:42:34 tow1 sshd[10745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=tow2.tow.weboff.net Mar 16 17:42:34 tow1 sshd[10745]: pam_succeed_if(sshd:auth): error retrieving information about user nsuda Mar 16 17:42:36 tow1 sshd[10745]: Failed password for invalid user nsuda from 192.168.1.208 port 58807 ssh2 Mar 17 00:39:01 tow2 CRON[3294]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 17 00:39:01 tow2 CRON[3294]: pam_unix(cron:session): session closed for user root Mar 17 00:45:01 tow2 CRON[3310]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 17 00:45:01 tow2 CRON[3310]: pam_unix(cron:session): session closed for user root Mar 17 00:51:26 tow2 sshd[3329]: Invalid user nsuda from 192.168.1.214 Mar 17 00:51:26 tow2 sshd[3329]: Failed none for invalid user nsuda from 192.168.1.214 port 56795 ssh2 Mar 17 00:51:29 tow2 sshd[3329]: pam_unix(sshd:auth): check pass; user unknown Mar 17 00:51:29 tow2 sshd[3329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=tow1.weboff.net Mar 17 00:51:29 tow2 sshd[3329]: pam_ldap: ldap_search_s No such object Mar 17 00:51:31 tow2 sshd[3329]: Failed password for invalid user nsuda from 192.168.1.214 port 56795 ssh2 Regarding to "Failed password for invalid user nsuda" the password I 've filled in is 100% correct. It is the same password show on phpldapadmin webpage , Anyone has any solution? |
I am not using Debian, but CentOS. But you need to install some applications on the client: ldap-utils, libnss-ldap, libpam-ldap and nscd.
When I looked at google, I found the following link: http://www.jukie.net/~bart/ldap/ldap...ion-on-debian/. |
Can you get user info on tow2?
tow2 # id nsuda |
Quote:
uid=1001(nsuda) gid=1000(suda) groups=1000(suda) Yes, I can get user from that command BTW: I couldn't log in successfully. Here is log file Mar 18 00:11:49 client sshd[2359]: Failed none for invalid user nsuda from 192.168.1.184 port 42504 ssh2 Mar 18 00:11:51 client sshd[2359]: pam_unix(sshd:auth): auth could not identify password for [nsuda] Mar 18 00:11:51 client sshd[2359]: Failed password for invalid user nsuda from 192.168.1.184 port 42504 ssh2 Is it a must to have nameserver identify in order to have log in successful? but I already add ipaddress and info. in hosts file. |
It depends... When you are using TLS/SSL in OpenLDAP, then you need to use the exact same address that you used in your certificate. E.g. if you created a certificate with address ldap.example.com and you are using in your client configuration an ipaddress like 192.168.1.1, then it will fail. So in your client configuration you need to use ldap.example.com as well.
|
If it were a certificate issue I would expect the id command to fail as well.
Do you have an ACL restricting access to the userpassword to only the localhost? You could run the ldap server in debug mode or capture the logs, I think it goes to syslog local4 by default. |
| All times are GMT -5. The time now is 11:29 PM. |