LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 03-16-2010, 05:44 AM   #1
neverland
Member
 
Registered: Mar 2010
Posts: 31

Rep: Reputation: 15
ldap authen problem


Hi there I have openldap install by apt-get on Debian Lenny
I have ldap server (tow1) and ldap client (tow2)
on tow1, I also install ldap client package when I ssh from somewhere else it can log in as ldap user successfully.
on tow2, I only install ldap client package when I ssh from somewhere else it can not log in as ldap user. And also at log file has very strange port

Here is the log files
Mar 16 17:42:32 tow1 sshd[10745]: Invalid user nsuda from 192.168.1.208
Mar 16 17:42:32 tow1 sshd[10745]: Failed none for invalid user nsuda from 192.168.1.208 port 58807 ssh2
Mar 16 17:42:34 tow1 sshd[10745]: pam_unix(sshd:auth): check pass; user unknown
Mar 16 17:42:34 tow1 sshd[10745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=tow2.tow.weboff.net
Mar 16 17:42:34 tow1 sshd[10745]: pam_succeed_if(sshd:auth): error retrieving information about user nsuda
Mar 16 17:42:36 tow1 sshd[10745]: Failed password for invalid user nsuda from 192.168.1.208 port 58807 ssh2

Mar 17 00:39:01 tow2 CRON[3294]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 17 00:39:01 tow2 CRON[3294]: pam_unix(cron:session): session closed for user root
Mar 17 00:45:01 tow2 CRON[3310]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 17 00:45:01 tow2 CRON[3310]: pam_unix(cron:session): session closed for user root
Mar 17 00:51:26 tow2 sshd[3329]: Invalid user nsuda from 192.168.1.214
Mar 17 00:51:26 tow2 sshd[3329]: Failed none for invalid user nsuda from 192.168.1.214 port 56795 ssh2
Mar 17 00:51:29 tow2 sshd[3329]: pam_unix(sshd:auth): check pass; user unknown
Mar 17 00:51:29 tow2 sshd[3329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=tow1.weboff.net
Mar 17 00:51:29 tow2 sshd[3329]: pam_ldap: ldap_search_s No such object
Mar 17 00:51:31 tow2 sshd[3329]: Failed password for invalid user nsuda from 192.168.1.214 port 56795 ssh2

Regarding to "Failed password for invalid user nsuda" the password I 've filled in is 100% correct. It is the same password show on phpldapadmin webpage , Anyone has any solution?

Last edited by neverland; 03-16-2010 at 05:48 AM. Reason: misspell, more+info
 
Old 03-16-2010, 01:42 PM   #2
Blue_Ice
Member
 
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 352

Rep: Reputation: Disabled
I am not using Debian, but CentOS. But you need to install some applications on the client: ldap-utils, libnss-ldap, libpam-ldap and nscd.
When I looked at google, I found the following link: http://www.jukie.net/~bart/ldap/ldap...ion-on-debian/.
 
Old 03-16-2010, 02:21 PM   #3
frndrfoe
Member
 
Registered: Jan 2008
Distribution: RHEL, CentOS
Posts: 373

Rep: Reputation: 38
Can you get user info on tow2?

tow2 # id nsuda
 
Old 03-17-2010, 05:19 AM   #4
neverland
Member
 
Registered: Mar 2010
Posts: 31

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by frndrfoe View Post
Can you get user info on tow2?

tow2 # id nsuda
client:~# id nsuda
uid=1001(nsuda) gid=1000(suda) groups=1000(suda)
Yes, I can get user from that command
BTW: I couldn't log in successfully.

Here is log file
Mar 18 00:11:49 client sshd[2359]: Failed none for invalid user nsuda from 192.168.1.184 port 42504 ssh2
Mar 18 00:11:51 client sshd[2359]: pam_unix(sshd:auth): auth could not identify password for [nsuda]
Mar 18 00:11:51 client sshd[2359]: Failed password for invalid user nsuda from 192.168.1.184 port 42504 ssh2

Is it a must to have nameserver identify in order to have log in successful? but I already add ipaddress and info. in hosts file.
 
Old 03-17-2010, 06:18 AM   #5
Blue_Ice
Member
 
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 352

Rep: Reputation: Disabled
It depends... When you are using TLS/SSL in OpenLDAP, then you need to use the exact same address that you used in your certificate. E.g. if you created a certificate with address ldap.example.com and you are using in your client configuration an ipaddress like 192.168.1.1, then it will fail. So in your client configuration you need to use ldap.example.com as well.
 
Old 03-18-2010, 10:47 AM   #6
frndrfoe
Member
 
Registered: Jan 2008
Distribution: RHEL, CentOS
Posts: 373

Rep: Reputation: 38
If it were a certificate issue I would expect the id command to fail as well.
Do you have an ACL restricting access to the userpassword to only the localhost?

You could run the ldap server in debug mode or capture the logs, I think it goes to syslog local4 by default.
 
  


Reply

Tags
ldap


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SMBLDAP-TOOLS SAMBA LDAP . Problem when filling ldap. jcdole Linux - Server 0 06-07-2008 11:41 AM
squidguard authen ldap problem? moochachiro Linux - Server 0 01-08-2008 10:53 PM
why squid authen ldap is not work? what i do wrong? (need help) moochachiro Linux - Networking 2 10-26-2007 05:09 AM
Authen in LDAP with samba u4113072 Linux - Networking 1 06-25-2003 09:51 PM
Authen in LDAP with samba and squid u4113072 Linux - Software 0 06-03-2003 01:33 AM


All times are GMT -5. The time now is 04:58 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration