ssh login fail

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

8><----

I would start with the Fedora DS access log.  See if ssh is making a 
connection to Fedora DS, if so, see what types of operations are being 
sent, and the responses to those operations.  For searches, see what the

base DN, filter, and attributes being requested are.

This helped.....the ldapsearch was being logged but the pam search was
not so....

I blew away /etc/ldap.conf and sym linked it to /etc/openldap/ldap.conf,
then blindly added these lines to its somewhat short form,

=======
scope sub
suffix          "dc=vuw,dc=ac,dc=nz"
#TLS_CACERTDIR /etc/openldap/cacerts
pam_password exop
ldap_version 3
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberuid
nss_base_passwd ou=Computers,dc=cognifide,dc=pl
nss_base_passwd ou=People,dc=cognifide,dc=pl
nss_base_shadow ou=People,dc=cognifide,dc=pl
nss_base_group  ou=Group,dc=cognifide,dc=pl
nss_base_hosts  ou=Hosts,dc=cognifide,dc=pl
===========

The log now shows,

8><-----
PosixAccount)(uid=root))" attrs=ALL
[11/Sep/2007:10:01:01 +1200] conn=200 op=2 RESULT err=32 tag=101
nentries=0 etime=0
[11/Sep/2007:10:01:01 +1200] conn=200 op=2 RESULT err=32 tag=101
nentries=0 etime=0
[11/Sep/2007:10:01:01 +1200] conn=200 op=3 SRCH
base="ou=Group,dc=cognifide,dc=pl" scope=2
filter="(&(objectClass=posixGroup)(memberUid=root))" attrs="gidNumber"
[11/Sep/2007:10:01:01 +1200] conn=200 op=3 RESULT err=32 tag=101
nentries=0 etime=0
[11/Sep/2007:10:01:01 +1200] conn=200 op=3 RESULT err=32 tag=101
nentries=0 etime=0
[11/Sep/2007:10:01:01 +1200] conn=200 op=-1 fd=67 closed error 104
(Connection reset by peer) - TCP connection reset by peer.

So pam is now actually querying the LDAP server it seems, it is not
getting it right but it's a small step.

I would seem to need to do some config around this area,

#
# LDAP Defaults
#
 

# See ldap.conf(5) for details
# This file should be world readable but not world writable.
 

#BASE   dc=example, dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666
 

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never
HOST 130.195.87.249
BASE dc=vuw,dc=ac,dc=nz
ssl no
scope sub
suffix          "dc=vuw,dc=ac,dc=nz"
#TLS_CACERTDIR /etc/openldap/cacerts
pam_password exop
ldap_version 3
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberuid
nss_base_passwd ou=Computers,dc=cognifide,dc=pl
nss_base_passwd ou=People,dc=cognifide,dc=pl
nss_base_shadow ou=People,dc=cognifide,dc=pl
nss_base_group  ou=Group,dc=cognifide,dc=pl
nss_base_hosts  ou=Hosts,dc=cognifide,dc=pl



As I still get no reply/successful login.

Regards

Steven
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux