Re: ssh login fail

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Steven Jones wrote:

Yes I have run this before, vuw exists (see below),

By password return I assume the client is querying LDAP to ask if the
user jonesst1 exists and either sends the hash of the password I used to
try and login or asks for the hash to do a comparison if it matches a
login is allowed....
I hope not. It really should do an LDAP BIND operation, which means it sends the clear text password to the server in the BIND request (for simple username/password auth). 

So, try
ldapsearch -x -D "uid=someuser,ou=People,dc=vuw,dc=ac,dc=nz" -w thepasssword -s base -b "" 
That will test to see if that user exists and that the password is correct.


I assume pam.d on the client is doing the hash comparison, so if the
hash method on the client is different to FDS its not going to get
anywhere.

Querying via the FDS gui shows the user so it is in the database
somewhere....

So the possible errors are wrong hash or looking in the wrong place, or
some other error.
looking in the wrong place would be my guess, based on the err=32 in the previous logs you posted. 
regards

Steven Jones
Senior  Linux/Unix/San/Vmware System Administrator
APG -Technology Integration Team
Victoria University of Wellington
Phone: +64 4 463 6272

8><-----

[root@vuwunicvfwall02 openldap]# more output
# extended LDIF
#
# LDAPv3
# base <dc=vuw,dc=ac,dc=nz> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#
# vuw.ac.nz 
dn: dc=vuw,dc=ac,dc=nz
objectClass: top
objectClass: domain
dc: vuw
# Directory Administrators, vuw.ac.nz 
dn: cn=Directory Administrators, dc=vuw,dc=ac,dc=nz
objectClass: top
objectClass: groupofuniquenames
cn: Directory Administrators
# Groups, vuw.ac.nz 
dn: ou=Groups, dc=vuw,dc=ac,dc=nz
objectClass: top
objectClass: organizationalunit
ou: Groups
# People, vuw.ac.nz 
dn: ou=People, dc=vuw,dc=ac,dc=nz
objectClass: top
objectClass: organizationalunit
ou: People
# Special Users, vuw.ac.nz 
dn: ou=Special Users,dc=vuw,dc=ac,dc=nz
objectClass: top

8><------

# PD Managers, groups, vuw.ac.nz
dn: cn=PD Managers,ou=groups,dc=vuw,dc=ac,dc=nz
objectClass: top
objectClass: groupOfUniqueNames
cn: PD Managers
ou: groups
description: People who can manage engineer entries

# search result
search: 2
result: 0 Success
# numResponses: 10 
# numEntries: 9

==================


--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux