On Fri, Jul 25, 2008 at 1:32 PM, Dharmin Mandalia <dharmin98 at hotmail.com>wrote: > > Hello > > commented out "ssl start_tls" and added "ssl on" , in ldap.conf file get > below errors in /var/log/secure file :- > > > Jul 24 15:55:40 matrix sshd[2480]: pam_unix(sshd:auth): authentication > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=matrix.trues.co.uk user=test1 > Jul 24 15:55:40 matrix sshd[2480]: pam_ldap: ldap_simple_bind Can't contact > LDAP server > Jul 24 15:55:40 matrix sshd[2480]: pam_ldap: reconnecting to LDAP server... > Jul 24 15:55:40 matrix sshd[2480]: pam_ldap: ldap_simple_bind Can't contact > LDAP server > Jul 24 15:55:42 matrix sshd[2480]: Failed password for test1 from > 192.168.1.129 port 59436 ssh2 > What do you see in the FDS logs (tail /var/log/dirsrv/slapd-<instance-name>/access Can you check the basic things 1. Is the DIrectory server running on port 636 (netstat -tlnp | grep 636) 2. If you do ldapsearch -x -ZZ -b "your basedn" are you able to search 3. Does getent passwd and getent group enumerate users on the client ? Regards Niranjan > > > where the server matrix is FDS what I did was from FDS "ssh > matrix.trues.co.uk -l test1" where test1 users exists in ldap dir > > Regards > Dharmin > > > > Hi, > > Can you check What happens if you specify > > ssl start_tls > > instead of "ssl on" > > Regards > Niranjan > > > On Thu, Jul 24, 2008 at 9:29 PM, Dharmin Mandalia > wrote: > > > > > Hello Nalin and all > > > > I just added "ssl on" to below /etc/ldap.conf file and get below error > > msg in var/log/secure file :- > > > > > > sshd[6212]: pam_unix(sshd:session): session closed for user test1 > > sshd[6248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 > > euid=0 tty=ssh ruser= rhost=192.168.1.1 user=test1 > > sshd[6248]: Accepted password for test1 from 192.168.1.1 port 47171 ssh2 > > sshd[6248]: pam_unix(sshd:session): session opened for user test1 by > > (uid=0) > > sshd[6248]: pam_unix(sshd:session): session closed for user test1 > > sshd[6284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 > > euid=0 tty=ssh ruser= rhost=192.168.1.1 user=test1 > > sshd[6284]: pam_ldap: ldap_simple_bind Can't contact LDAP server > > shd[6284]: pam_ldap: reconnecting to LDAP server... > > sshd[6284]: pam_ldap: ldap_simple_bind Can't contact LDAP server > > sshd[6284]: Failed password for test1 from 192.168.1.1 port 47172 ssh2 > > > > With "ssl on" in ldap.conf, am unable to login via ssh > > > > any helpers please... > > > > regards > > Dharmin > > > > > > > > ---------------------------------------- > >> Date: Thu, 24 Jul 2008 11:26:46 -0400 > >> From: [EMAIL PROTECTED] > >> To: [EMAIL PROTECTED] > >> CC: fedora-directory-users at redhat.com > >> Subject: Re: TLS Issue > >> > >> On Thu, Jul 24, 2008 at 03:11:59PM +0000, Dharmin Mandalia wrote: > >>> I've enabled TLS and am getting below error msg's in /var/log/secure > > file on Fedora 9, which is my newly configured FDS , if disable TLS , am > > able to ssh onto the FDS server and with TLS enabled unable to login via > > ssh. > >> [snip] > >>> sshd[5487]: nss_ldap: could not search LDAP server - Server is > > unavailable > >> [snip] > >>> /etc/ldap.conf file on Fedora 9, (FDS server ) shows as :- > >> [snip] > >>> ssl start_tls > >>> tls_checkpeer yes > >>> tls_cacertfile /etc/openldap/cacerts/cacert.asc > >>> pam_password md5 > >>> uri ldap://127.0.0.1/ > >>> tls_cacertdir /etc/openldap/cacerts > >> > >> If you're using SSL or TLS, the LDAP client library is going to compare > >> the names in the certificate that the server uses against the value that > >> was given in the client's configuration (in this case "127.0.0.1"), and > >> it looks like they're not matching up here. > >> > >> Typically the certificate uses an actual hostname as a "CN" value in its > >> subject, so you'd need to specify the server URI using a hostname rather > >> than an IP address to make sure that they match. > >> > >> If that's not what's going on here, please post a copy of the > >> certificate that the server's using so that we can have a look. > >> > >> HTH, > >> > >> Nalin > > > > _________________________________________________________________ > Use video conversation to talk face-to-face with Windows Live Messenger. > > http://www.windowslive.com/messenger/connect_your_way.html?ocid=TXT_TAGLM_WL_Refresh_messenger_video_072008 > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20080726/47019c7d/attachment.html
