Setting up a Debian client for ssl

Steven.Jones at vuw.ac.nz (Steven Jones) · Tue, 18 Sep 2007 07:23:56 +1200

I have almost have a debian client working but it has a small error, the
first login fails but the second succeeds....

/etc/pam_ldap.conf looks like this,

# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#pam_password exop
BASE dc=vuw,dc=ac,dc=nz
#URI     ldap://ldap.vuw.ac.nz
base dc=vuw,dc=ac,dc=nz
#ssl no
ssl on
pam_password md5
BASE dc=vuw,dc=ac,dc=nz
tls_cacertfile /etc/ssl/certs/ldap/ca.crt
TLS_REQCERT allow
#TLS_REQCERT never
host ldap.vuw.ac.nz
ssl start_tls

log output for ssh connections has "startTLS",

[root at vuwunicvfdsm001 logs]# > access
[root at vuwunicvfdsm001 logs]# tail -f access
[18/Sep/2007:07:19:26 +1200] conn=2409 fd=71 slot=71 connection from
130.195.87.235 to 130.195.87.249
[18/Sep/2007:07:19:26 +1200] conn=2409 op=0 EXT
oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[18/Sep/2007:07:19:26 +1200] conn=2409 op=0 RESULT err=0 tag=120
nentries=0 etime=0
[18/Sep/2007:07:19:26 +1200] conn=2409 SSL 256-bit AES
[18/Sep/2007:07:19:30 +1200] conn=2409 op=2 BIND dn="" method=128
version=3
[18/Sep/2007:07:19:30 +1200] conn=2409 op=2 RESULT err=0 tag=97
nentries=0 etime=0 dn=""
[18/Sep/2007:07:19:30 +1200] conn=2409 op=3 SRCH
base="dc=vuw,dc=ac,dc=nz" scope=2 filter="(uid=jonesst1)" attrs=ALL
[18/Sep/2007:07:19:30 +1200] conn=2409 op=3 RESULT err=0 tag=101
nentries=1 etime=0
[18/Sep/2007:07:19:30 +1200] conn=2409 op=4 BIND
dn="uid=jonesst1,ou=People,dc=vuw,dc=ac,dc=nz" method=128 version=3
[18/Sep/2007:07:19:30 +1200] conn=2409 op=4 RESULT err=0 tag=97
nentries=0 etime=0 dn="uid=jonesst1,ou=people,dc=vuw,dc=ac,dc=nz"
[18/Sep/2007:07:19:30 +1200] conn=2409 op=5 BIND dn="" method=128
version=3
[18/Sep/2007:07:19:30 +1200] conn=2409 op=5 RESULT err=0 tag=97
nentries=0 etime=0 dn=""
[18/Sep/2007:07:19:30 +1200] conn=2409 op=6 UNBIND
[18/Sep/2007:07:19:30 +1200] conn=2409 op=6 fd=71 closed - U1

So I just need to figure out why the first attempt fails but the second
succeeds.

Regards

Steven Jones
Senior  Linux/Unix/San/Vmware System Administrator
APG -Technology Integration Team
Victoria University of Wellington
Phone: +64 4 463 6272