Steven Jones wrote: > Yes I have run this before, vuw exists (see below), > > By password return I assume the client is querying LDAP to ask if the > user jonesst1 exists and either sends the hash of the password I used to > try and login or asks for the hash to do a comparison if it matches a > login is allowed.... > I hope not. It really should do an LDAP BIND operation, which means it sends the clear text password to the server in the BIND request (for simple username/password auth). So, try ldapsearch -x -D "uid=someuser,ou=People,dc=vuw,dc=ac,dc=nz" -w thepasssword -s base -b "" That will test to see if that user exists and that the password is correct. > I assume pam.d on the client is doing the hash comparison, so if the > hash method on the client is different to FDS its not going to get > anywhere. > > Querying via the FDS gui shows the user so it is in the database > somewhere.... > > So the possible errors are wrong hash or looking in the wrong place, or > some other error. > looking in the wrong place would be my guess, based on the err=32 in the previous logs you posted. > regards > > Steven Jones > Senior Linux/Unix/San/Vmware System Administrator > APG -Technology Integration Team > Victoria University of Wellington > Phone: +64 4 463 6272 > > 8><----- > > [root at vuwunicvfwall02 openldap]# more output > # extended LDIF > # > # LDAPv3 > # base <dc=vuw,dc=ac,dc=nz> with scope sub > # filter: (objectclass=*) > # requesting: ALL > # > > # vuw.ac.nz > dn: dc=vuw,dc=ac,dc=nz > objectClass: top > objectClass: domain > dc: vuw > > # Directory Administrators, vuw.ac.nz > dn: cn=Directory Administrators, dc=vuw,dc=ac,dc=nz > objectClass: top > objectClass: groupofuniquenames > cn: Directory Administrators > > # Groups, vuw.ac.nz > dn: ou=Groups, dc=vuw,dc=ac,dc=nz > objectClass: top > objectClass: organizationalunit > ou: Groups > > # People, vuw.ac.nz > dn: ou=People, dc=vuw,dc=ac,dc=nz > objectClass: top > objectClass: organizationalunit > ou: People > > # Special Users, vuw.ac.nz > dn: ou=Special Users,dc=vuw,dc=ac,dc=nz > objectClass: top > > 8><------ > > # PD Managers, groups, vuw.ac.nz > dn: cn=PD Managers,ou=groups,dc=vuw,dc=ac,dc=nz > objectClass: top > objectClass: groupOfUniqueNames > cn: PD Managers > ou: groups > description: People who can manage engineer entries > > > # search result > search: 2 > result: 0 Success > > # numResponses: 10 > # numEntries: 9 > > ================== > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070910/69161bc9/attachment.bin
