I am getting things like this, but I did not enter them, so these are some sort of defaults? 8><-------- # PD Managers, groups, vuw.ac.nz dn: cn=PD Managers,ou=groups,dc=vuw,dc=ac,dc=nz objectClass: top objectClass: groupOfUniqueNames cn: PD Managers ou: groups description: People who can manage engineer entries 8><-------- Yet I cannot find then under the FDS gui.... regards Steven Jones Senior Linux/Unix/San/Vmware System Administrator APG -Technology Integration Team Victoria University of Wellington Phone: +64 4 463 6272 -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Steven Jones Sent: Tuesday, 11 September 2007 12:41 p.m. To: General discussion list for the Fedora Directory server project. Subject: RE: ssh login fail There you go, Looks like it is not in the right place in FDS....or it is but LDAP is looking in the wrong place... root at vuwunicvfwall02 openldap]# ldapsearch -x -D "uid=jonesst1,ou=People,dc=vuw,dc=ac,dc=nz" -w xxxxx -s base -b "" ldap_bind: No such object (32) matched DN: ou=people,dc=vuw,dc=ac,dc=nz [root at vuwunicvfwall02 openldap]# ldapsearch -x -D "uid=jonesst1,dc=vuw,dc=ac,dc=nz" -w xxxxx -s base -b "" ldap_bind: No such object (32) matched DN: dc=vuw,dc=ac,dc=nz ho hum.... regards Steven Jones Senior Linux/Unix/San/Vmware System Administrator APG -Technology Integration Team Victoria University of Wellington Phone: +64 4 463 6272 -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard Megginson Sent: Tuesday, 11 September 2007 11:59 a.m. To: General discussion list for the Fedora Directory server project. Subject: Re: ssh login fail Steven Jones wrote: > Yes I have run this before, vuw exists (see below), > > By password return I assume the client is querying LDAP to ask if the > user jonesst1 exists and either sends the hash of the password I used to > try and login or asks for the hash to do a comparison if it matches a > login is allowed.... > I hope not. It really should do an LDAP BIND operation, which means it sends the clear text password to the server in the BIND request (for simple username/password auth). So, try ldapsearch -x -D "uid=someuser,ou=People,dc=vuw,dc=ac,dc=nz" -w thepasssword -s base -b "" That will test to see if that user exists and that the password is correct. > I assume pam.d on the client is doing the hash comparison, so if the > hash method on the client is different to FDS its not going to get > anywhere. > > Querying via the FDS gui shows the user so it is in the database > somewhere.... > > So the possible errors are wrong hash or looking in the wrong place, or > some other error. > looking in the wrong place would be my guess, based on the err=32 in the previous logs you posted. > regards > > Steven Jones > Senior Linux/Unix/San/Vmware System Administrator > APG -Technology Integration Team > Victoria University of Wellington > Phone: +64 4 463 6272 > > 8><----- > > [root at vuwunicvfwall02 openldap]# more output > # extended LDIF > # > # LDAPv3 > # base <dc=vuw,dc=ac,dc=nz> with scope sub > # filter: (objectclass=*) > # requesting: ALL > # > > # vuw.ac.nz > dn: dc=vuw,dc=ac,dc=nz > objectClass: top > objectClass: domain > dc: vuw > > # Directory Administrators, vuw.ac.nz > dn: cn=Directory Administrators, dc=vuw,dc=ac,dc=nz > objectClass: top > objectClass: groupofuniquenames > cn: Directory Administrators > > # Groups, vuw.ac.nz > dn: ou=Groups, dc=vuw,dc=ac,dc=nz > objectClass: top > objectClass: organizationalunit > ou: Groups > > # People, vuw.ac.nz > dn: ou=People, dc=vuw,dc=ac,dc=nz > objectClass: top > objectClass: organizationalunit > ou: People > > # Special Users, vuw.ac.nz > dn: ou=Special Users,dc=vuw,dc=ac,dc=nz > objectClass: top > > 8><------ > > # PD Managers, groups, vuw.ac.nz > dn: cn=PD Managers,ou=groups,dc=vuw,dc=ac,dc=nz > objectClass: top > objectClass: groupOfUniqueNames > cn: PD Managers > ou: groups > description: People who can manage engineer entries > > > # search result > search: 2 > result: 0 Success > > # numResponses: 10 > # numEntries: 9 > > ================== > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users