ssh login fail

rmeggins at redhat.com (Richard Megginson) · Tue, 11 Sep 2007 07:36:26 -0600



Steven Jones wrote:
>>   
>>     
> looking in the wrong place would be my guess, based on the err=32 in the
>
> previous logs you posted.
>
> I seem to have been able to stop the err=32 by reconfiguring ldap.conf a
> bit and cleaning out FDS and I assume putting the user in the right
> place but still no login.
>
> [11/Sep/2007:16:21:47 +1200] conn=30 fd=78 slot=78 connection from
> 130.195.87.246 to 130.195.87.249
> [11/Sep/2007:16:21:47 +1200] conn=30 op=0 BIND dn="" method=128
> version=3
> [11/Sep/2007:16:21:47 +1200] conn=30 op=0 RESULT err=0 tag=97 nentries=0
> etime=0 dn=""
> [11/Sep/2007:16:21:47 +1200] conn=30 op=1 SRCH
> base="ou=People,dc=vuw,dc=ac,dc=nz" scope=2
> filter="(&(objectClass=posixAccount)(uid=jonesst1))" attrs=ALL
> [11/Sep/2007:16:21:47 +1200] conn=30 op=1 RESULT err=0 tag=101
> nentries=0 etime=0
>   
The clue here is that err=0 but nentries=0.  This to me indicates some 
sort of ACI problem.  If you ran the setup program, and you specified 
dc=vuw,dc=ac,dc=nz as your suffix, setup should have added an ACI which 
would allow this search to return entries.  This, coupled with the fact 
that you cannot view these entries using the console (assuming you meant 
while logged in as the admin user), suggests that you added this data 
after setup and that you did not specify dc=vuw,dc=ac,dc=nz as your 
suffix.  If you want to see what the suggested ACIs are, you should be 
able to view the ACIs that were added to the suffix that you did specify 
when you ran setup.  The console will show you the ACIs.  If you want to 
see what they are without using the console, you can use ldapsearch e.g.

ldapsearch -x -D "cn=directory manager" -w password -b 
"dc=vuw,dc=ac,dc=nz" "aci=*" aci


> [11/Sep/2007:16:21:47 +1200] conn=30 op=2 BIND dn="" method=128
> version=3
> [11/Sep/2007:16:21:47 +1200] conn=30 op=2 RESULT err=0 tag=97 nentries=0
> etime=0 dn=""
> [11/Sep/2007:16:21:47 +1200] conn=30 op=3 SRCH
> base="ou=People,dc=vuw,dc=ac,dc=nz" scope=2
> filter="(&(objectClass=posixAccount)(uid=jonesst1))" attrs=ALL
> [11/Sep/2007:16:21:47 +1200] conn=30 op=3 RESULT err=0 tag=101
> nentries=0 etime=0
> [11/Sep/2007:16:21:51 +1200] conn=30 op=4 BIND dn="" method=128
> version=3
> [11/Sep/2007:16:21:51 +1200] conn=30 op=4 RESULT err=0 tag=97 nentries=0
> etime=0 dn=""
> [11/Sep/2007:16:21:51 +1200] conn=30 op=5 SRCH
> base="ou=People,dc=vuw,dc=ac,dc=nz" scope=2
> filter="(&(objectClass=posixAccount)(uid=jonesst1))" attrs=ALL
> [11/Sep/2007:16:21:51 +1200] conn=30 op=5 RESULT err=0 tag=101
> nentries=0 etime=0
> [11/Sep/2007:16:21:51 +1200] conn=30 op=6 BIND dn="" method=128
> version=3
> [11/Sep/2007:16:21:51 +1200] conn=30 op=6 RESULT err=0 tag=97 nentries=0
> etime=0 dn=""
> [11/Sep/2007:16:21:51 +1200] conn=30 op=7 SRCH
> base="ou=People,dc=vuw,dc=ac,dc=nz" scope=2
> filter="(&(objectClass=posixAccount)(uid=jonesst1))" attrs=ALL
> [11/Sep/2007:16:21:51 +1200] conn=30 op=7 RESULT err=0 tag=101
> nentries=0 etime=0
> [11/Sep/2007:16:21:56 +1200] conn=30 op=8 BIND dn="" method=128
> version=3
> [11/Sep/2007:16:21:56 +1200] conn=30 op=8 RESULT err=0 tag=97 nentries=0
> etime=0 dn=""
> [11/Sep/2007:16:21:56 +1200] conn=30 op=9 SRCH
> base="ou=People,dc=vuw,dc=ac,dc=nz" scope=2
> filter="(&(objectClass=posixAccount)(uid=jonesst1))" attrs=ALL
> [11/Sep/2007:16:21:56 +1200] conn=30 op=9 RESULT err=0 tag=101
> nentries=0 etime=0
> [11/Sep/2007:16:21:56 +1200] conn=30 op=10 BIND dn="" method=128
> version=3
> [11/Sep/2007:16:21:56 +1200] conn=30 op=10 RESULT err=0 tag=97
> nentries=0 etime=0 dn=""
> [11/Sep/2007:16:21:56 +1200] conn=30 op=11 SRCH
> base="ou=People,dc=vuw,dc=ac,dc=nz" scope=2
> filter="(&(objectClass=posixAccount)(uid=jonesst1))" attrs=ALL
> [11/Sep/2007:16:21:56 +1200] conn=30 op=11 RESULT err=0 tag=101
> nentries=0 etime=0
> [11/Sep/2007:16:21:58 +1200] conn=30 op=13 UNBIND
> [11/Sep/2007:16:21:58 +1200] conn=30 op=13 fd=78 closed - U1
> [11/Sep/2007:16:22:46 +1200] conn=31 fd=78 slot=78 connection from
> 130.195.87.246 to 130.195.87.249
> [11/Sep/2007:16:22:46 +1200] conn=31 op=0 BIND
> dn="uid=jonesst1,ou=People,dc=vuw,dc=ac,dc=nz" method=128 version=3
> [11/Sep/2007:16:22:46 +1200] conn=31 op=0 RESULT err=0 tag=97 nentries=0
> etime=0 dn="uid=jonesst1,ou=people,dc=vuw,dc=ac,dc=nz"
> [11/Sep/2007:16:22:46 +1200] conn=31 op=1 SRCH base="" scope=0
> filter="(objectClass=*)" attrs=ALL
> [11/Sep/2007:16:22:46 +1200] conn=31 op=1 RESULT err=0 tag=101
> nentries=1 etime=0
> [11/Sep/2007:16:22:46 +1200] conn=31 op=2 UNBIND
> [11/Sep/2007:16:22:46 +1200] conn=31 op=2 fd=78 closed - U1
> [11/Sep/2007:16:22:52 +1200] conn=32 fd=78 slot=78 connection from
> 130.195.87.246 to 130.195.87.249
> [11/Sep/2007:16:22:52 +1200] conn=32 op=0 BIND dn="" method=128
> version=3
> [11/Sep/2007:16:22:52 +1200] conn=32 op=0 RESULT err=0 tag=97 nentries=0
> etime=0 dn=""
> [11/Sep/2007:16:22:52 +1200] conn=32 op=1 SRCH
> base="uid=jonesst1,ou=People,dc=vuw,dc=ac,dc=nz" scope=2
> filter="(objectClass=*)" attrs=ALL
> [11/Sep/2007:16:22:52 +1200] conn=32 op=1 RESULT err=0 tag=101
> nentries=1 etime=0
> [11/Sep/2007:16:22:52 +1200] conn=32 op=2 UNBIND
> [11/Sep/2007:16:22:52 +1200] conn=32 op=2 fd=78 closed - U1
>  
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070911/7d5dca78/attachment.bin