LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   LDAP, VSFTPD Not authenticating. (https://www.linuxquestions.org/questions/linux-networking-3/ldap-vsftpd-not-authenticating-277767/)

dlublink 01-14-2005 12:11 PM
LDAP, VSFTPD Not authenticating.
 
Hey.

I installed LDAP, VSFTPD and pam_ldap. I am trying to get vsftpd to authenticate against ldap.

According to ldap the password for the user logging in is:
{MD5}BsIZ5byDePOoo/g7S35GSQ
(should be mysecret)
In the ldap.conf, it makes no difference wether I say password pam_password md5 or pam_password clear

mail is the hostname of my server.

This shows the user as seen from phpldapadmin:
http://dave.angelpiper.com/ss.gif
The image is 1400x1050, you might have to stretch it if you are using windows XP. BEcause it will shrink it.

My attempt to login to FTP:
mail:/etc # ftp 127.0.0.1
Connected to localhost.
220 "Welcome to mydomain.net FTP Server "
Name (127.0.0.1:dave): myusername
331 Please specify the password.
Password: [I type: mysecret]
530 Login incorrect.
ftp: Login failed.
ftp>


Why does it say Login Failed? I want it to login!

Slapd.conf =====
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/dhcp.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/suse-email-server.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/samba3.schema
include /etc/openldap/schema/yast2userconfig.schema

pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/openldap/modules
moduleload back_bdb.la
moduleload back_ldap.la
moduleload back_ldbm.la
moduleload back_passwd.la
moduleload back_shell.la

database ldbm
suffix "dc=mydomain,dc=net"
rootdn "cn=Manager,dc=mydomain,dc=net"
rootpw mysecret
password-hash {MD5}
directory /var/lib/ldap
index objectClass eq
loglevel 4095


pam.d/vsftpd====

#%PAM-1.0

# Uncomment this to achieve what used to be ftpd -A.
# auth required pam_listfile.so item=user sense=allow file=/etc/ftpchroot onerr=fail

#auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
# Uncomment the following line for anonymous ftp.
#auth sufficient pam_ftp.so
#auth required pam_unix2.so
#auth required pam_shells.so
#account required pam_unix2.so
#password required pam_unix2.so
#session required pam_unix2.so
auth sufficient /lib/security/pam_ldap.so
auth required pam_unix2.so
account sufficient /lib/security/pam_ldap.so
account required pam_unix2.so
password sufficient /lib/security/pam_ldap.so
password required pam_unix2.so

ldap.conf (the one that pam uses)====
# Your LDAP server. Must be resolvable without using LDAP.
host 192.168.7.154
# The distinguished name of the search base.
base dc=mydomain,dc=net
# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn cn=Manager,dc=mydomain,dc=net
# The credentials to bind with.
# Optional: default is no credential.
bindpw mysecret
# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
#rootbinddn cn=Manager,dc=mydomain,dc=net
# The port.
port 389

# The search scope.
scope base
# The user ID attribute (defaults to uid)
pam_login_attribute uid
# Do not hash the password at all; presume
# the directory server will do it, if
# necessary. This is the default.
pam_password clear
#pam_password md5
pam_password_prohibit_message Please visit http://internal to change your password.


/var/log/messages when i try and log into vsftpd ====
Jan 14 12:52:25 mail slapd[7562]: daemon: activity on 1 descriptors
Jan 14 12:52:25 mail slapd[7562]: daemon: new connection on 10
Jan 14 12:52:25 mail slapd[7562]: conn=1 fd=10 ACCEPT from IP=192.168.7.154:4295 (IP=0.0.0.0:389)
Jan 14 12:52:25 mail slapd[7562]: daemon: added 10r
Jan 14 12:52:25 mail slapd[7562]: daemon: activity on:
Jan 14 12:52:25 mail slapd[7562]:
Jan 14 12:52:25 mail slapd[7562]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jan 14 12:52:25 mail slapd[7562]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jan 14 12:52:25 mail slapd[7562]: daemon: activity on 1 descriptors
Jan 14 12:52:25 mail slapd[7562]: daemon: activity on:
Jan 14 12:52:25 mail slapd[7562]: 10r
Jan 14 12:52:25 mail slapd[7562]:
Jan 14 12:52:25 mail slapd[7562]: daemon: read activity on 10
Jan 14 12:52:25 mail slapd[7562]: connection_get(10)
Jan 14 12:52:25 mail slapd[7562]: connection_get(10): got connid=1
Jan 14 12:52:25 mail slapd[7562]: connection_read(10): checking for input on id=1
Jan 14 12:52:25 mail slapd[7562]: ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
Jan 14 12:52:25 mail slapd[7588]: do_bind
Jan 14 12:52:25 mail slapd[7588]: >>> dnPrettyNormal: <cn=Manager,dc=mydomain,dc=net>
Jan 14 12:52:25 mail slapd[7588]: <<< dnPrettyNormal: <cn=Manager,dc=mydomain,dc=net>, <cn=manager,dc=mydomain,dc=net>
Jan 14 12:52:25 mail slapd[7588]: do_bind: version=3 dn="cn=Manager,dc=mydomain,dc=net" method=128
Jan 14 12:52:25 mail slapd[7588]: conn=1 op=0 BIND dn="cn=Manager,dc=mydomain,dc=net" method=128
Jan 14 12:52:25 mail slapd[7588]: ==> ldbm_back_bind: dn: cn=Manager,dc=mydomain,dc=net
Jan 14 12:52:25 mail slapd[7588]: conn=1 op=0 BIND dn="cn=Manager,dc=mydomain,dc=net" mech=SIMPLE ssf=0
Jan 14 12:52:25 mail slapd[7588]: do_bind: v3 bind: "cn=Manager,dc=mydomain,dc=net" to "cn=Manager,dc=mydomain,dc=net"
Jan 14 12:52:25 mail slapd[7588]: send_ldap_result: conn=1 op=0 p=3
Jan 14 12:52:25 mail slapd[7588]: send_ldap_result: err=0 matched="" text=""
Jan 14 12:52:25 mail slapd[7588]: send_ldap_response: msgid=1 tag=97 err=0
Jan 14 12:52:25 mail slapd[7588]: conn=1 op=0 RESULT tag=97 err=0 text=
Jan 14 12:52:25 mail slapd[7562]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jan 14 12:52:25 mail slapd[7562]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jan 14 12:52:25 mail slapd[7562]: daemon: activity on 1 descriptors
Jan 14 12:52:25 mail slapd[7562]: daemon: activity on:
Jan 14 12:52:25 mail slapd[7562]: 10r
Jan 14 12:52:25 mail slapd[7562]:
Jan 14 12:52:25 mail slapd[7562]: daemon: read activity on 10
Jan 14 12:52:25 mail slapd[7562]: connection_get(10)
Jan 14 12:52:25 mail slapd[7562]: connection_get(10): got connid=1
Jan 14 12:52:25 mail slapd[7562]: connection_read(10): checking for input on id=1
Jan 14 12:52:25 mail slapd[7562]: ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
Jan 14 12:52:25 mail slapd[7589]: do_search
Jan 14 12:52:25 mail slapd[7589]: >>> dnPrettyNormal: <dc=mydomain,dc=net>
Jan 14 12:52:25 mail slapd[7589]: <<< dnPrettyNormal: <dc=mydomain,dc=net>, <dc=mydomain,dc=net>
Jan 14 12:52:25 mail slapd[7589]: SRCH "dc=mydomain,dc=net" 0 0
Jan 14 12:52:25 mail slapd[7589]: 1 0 0
Jan 14 12:52:25 mail slapd[7589]: begin get_filter
Jan 14 12:52:25 mail slapd[7589]: EQUALITY
Jan 14 12:52:25 mail slapd[7589]: end get_filter 0
Jan 14 12:52:25 mail slapd[7589]: filter: (uid=myusername)
Jan 14 12:52:25 mail slapd[7589]: attrs:
Jan 14 12:52:25 mail slapd[7589]:
Jan 14 12:52:25 mail slapd[7589]: conn=1 op=1 SRCH base="dc=mydomain,dc=net" scope=0 deref=0 filter="(uid=myusername)"
Jan 14 12:52:25 mail slapd[7589]: => ldbm_back_search
Jan 14 12:52:25 mail slapd[7589]: dn2entry_r: dn: "dc=mydomain,dc=net"
Jan 14 12:52:25 mail slapd[7589]: => dn2id( "dc=mydomain,dc=net" )
Jan 14 12:52:25 mail slapd[7589]: ====> cache_find_entry_ndn2id("dc=mydomain,dc=net"): 1 (1 tries)
Jan 14 12:52:25 mail slapd[7589]: <= dn2id 1 (in cache)
Jan 14 12:52:25 mail slapd[7589]: => id2entry_r( 1 )
Jan 14 12:52:25 mail slapd[7589]: ====> cache_find_entry_id( 1 ) "dc=mydomain,dc=net" (found) (1 tries)
Jan 14 12:52:25 mail slapd[7589]: <= id2entry_r( 1 ) 0x817e450 (cache)
Jan 14 12:52:25 mail slapd[7589]: base_candidates: base: "dc=mydomain,dc=net"
Jan 14 12:52:25 mail slapd[7589]: ====> cache_return_entry_r( 1 ): returned (0)
Jan 14 12:52:25 mail slapd[7589]: => id2entry_r( 1 )
Jan 14 12:52:25 mail slapd[7589]: ====> cache_find_entry_id( 1 ) "dc=mydomain,dc=net" (found) (1 tries)
Jan 14 12:52:25 mail slapd[7589]: <= id2entry_r( 1 ) 0x817e450 (cache)
Jan 14 12:52:25 mail slapd[7589]: => test_filter
Jan 14 12:52:25 mail slapd[7589]: EQUALITY
Jan 14 12:52:25 mail slapd[7589]: => access_allowed: search access to "dc=mydomain,dc=net" "uid" requested
Jan 14 12:52:25 mail slapd[7589]: <= root access granted
Jan 14 12:52:25 mail slapd[7589]: <= test_filter 5
Jan 14 12:52:25 mail slapd[7589]: ldbm_search: candidate entry 1 does not match filter
Jan 14 12:52:25 mail slapd[7589]: ====> cache_return_entry_r( 1 ): returned (0)
Jan 14 12:52:25 mail slapd[7562]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jan 14 12:52:25 mail slapd[7562]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jan 14 12:52:25 mail slapd[7589]: send_ldap_result: conn=1 op=1 p=3
Jan 14 12:52:25 mail slapd[7589]: send_ldap_result: err=0 matched="" text=""
Jan 14 12:52:25 mail slapd[7589]: send_ldap_response: msgid=2 tag=101 err=0
Jan 14 12:52:25 mail slapd[7589]: conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 14 12:52:25 mail slapd[7562]: daemon: activity on 1 descriptors
Jan 14 12:52:25 mail slapd[7562]: daemon: activity on:
Jan 14 12:52:25 mail slapd[7562]: 10r
Jan 14 12:52:25 mail slapd[7562]:
Jan 14 12:52:25 mail slapd[7562]: daemon: read activity on 10
Jan 14 12:52:25 mail slapd[7562]: connection_get(10)
Jan 14 12:52:25 mail slapd[7562]: connection_get(10): got connid=1
Jan 14 12:52:25 mail slapd[7562]: connection_read(10): checking for input on id=1
Jan 14 12:52:25 mail slapd[7588]: do_unbind
Jan 14 12:52:25 mail slapd[7588]: conn=1 op=2 UNBIND
Jan 14 12:52:25 mail slapd[7562]: ber_get_next on fd 10 failed errno=0 (Success)
Jan 14 12:52:25 mail slapd[7562]: connection_read(10): input error=-2 id=1, closing.
Jan 14 12:52:25 mail slapd[7562]: connection_closing: readying conn=1 sd=10 for close
Jan 14 12:52:25 mail slapd[7562]: connection_close: deferring conn=1 sd=10
Jan 14 12:52:25 mail slapd[7588]: connection_resched: reaquiring locks conn=1 sd=10
Jan 14 12:52:25 mail slapd[7588]: connection_resched: attempting closing conn=1 sd=10
Jan 14 12:52:25 mail slapd[7588]: connection_close: conn=1 sd=10
Jan 14 12:52:25 mail slapd[7588]: daemon: removing 10
Jan 14 12:52:25 mail slapd[7588]: conn=1 fd=10 closed
Jan 14 12:52:25 mail slapd[7562]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jan 14 12:52:25 mail slapd[7562]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jan 14 12:52:25 mail slapd[7562]: daemon: activity on 1 descriptors
Jan 14 12:52:25 mail slapd[7562]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jan 14 12:52:25 mail slapd[7562]: daemon: select: listen=7 active_threads=0 tvp=NULL

dlublink 01-14-2005 04:44 PM
although it probably makes no difference

there are two = on the end of that hash sum

dlublink 01-18-2005 09:42 AM
Doesn't anyone know?

Please help!!!

David

dlublink 01-19-2005 06:49 PM
Why do people post the word "bump" ?


All times are GMT -5. The time now is 05:04 AM.