Dec 16 12:05:31 ldap sshd[11705]: Failed password for invalid user tactest from 127.0.0.1 port 52949 ssh2
Peter
On Wed, Dec 16, 2009 at 12:07 PM, Peter Serwe <peter.serwe@xxxxxxxxx> wrote:
Found an ldif user recipe for CentOS5.2..
Added the user "tactest" with the password "tactest".
Dec 16 12:05:30 ldap sshd[11705]pam_unix(sshd:auth): check pass; user unknown
Dec 16 12:05:30 ldap sshd[11705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ldap
Dec 16 12:05:30 ldap sshd[11705]: pam_succeed_if(sshd:auth): error retrieving information about user tactest
auth still fails.
PeterOn Wed, Dec 16, 2009 at 11:49 AM, Peter Serwe <peter.serwe@xxxxxxxxx> wrote:
I was going to say no TLS on either side.
Specifically because I wanted to make sure that I was doing it with basic auth prior to using tls, but I found TLS lines in the /etc/ldap.conf.
I commented those out, and guess what, no more nss_ldap messages in /var/log/messages..
Now, I'm somewhat guessing that my directory doesn't have the right information in it. Maybe I just need an ldif recipe for adding the users.
Peter
On Wed, Dec 16, 2009 at 11:33 AM, <m.roth@xxxxxxxxx> wrote:
First question: do you have tls enabled on the client, and not the server,
or vice versa?
Second question: on the server, can you do a search?
Handy tool: webmin has a whole ldap section, and can give you a *lot* of
clues as to what's going wrong.
mark
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
--
Peter Serwe
http://truthlightway.blogspot.com/
--
Peter Serwe
http://truthlightway.blogspot.com/
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
