I am getting things like this, but I did not enter them, so these are some sort of defaults? 8><-------- # PD Managers, groups, vuw.ac.nz dn: cn=PD Managers,ou=groups,dc=vuw,dc=ac,dc=nz objectClass: top objectClass: groupOfUniqueNames cn: PD Managers ou: groups description: People who can manage engineer entries 8><-------- Yet I cannot find then under the FDS gui.... regards Steven Jones Senior Linux/Unix/San/Vmware System Administrator APG -Technology Integration Team Victoria University of Wellington Phone: +64 4 463 6272 -----Original Message----- From: fedora-directory-users-bounces@xxxxxxxxxx [mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of Steven Jones Sent: Tuesday, 11 September 2007 12:41 p.m. To: General discussion list for the Fedora Directory server project. Subject: RE: ssh login fail There you go, Looks like it is not in the right place in FDS....or it is but LDAP is looking in the wrong place... root@vuwunicvfwall02 openldap]# ldapsearch -x -D "uid=jonesst1,ou=People,dc=vuw,dc=ac,dc=nz" -w xxxxx -s base -b "" ldap_bind: No such object (32) matched DN: ou=people,dc=vuw,dc=ac,dc=nz [root@vuwunicvfwall02 openldap]# ldapsearch -x -D "uid=jonesst1,dc=vuw,dc=ac,dc=nz" -w xxxxx -s base -b "" ldap_bind: No such object (32) matched DN: dc=vuw,dc=ac,dc=nz ho hum.... regards Steven Jones Senior Linux/Unix/San/Vmware System Administrator APG -Technology Integration Team Victoria University of Wellington Phone: +64 4 463 6272 -----Original Message----- From: fedora-directory-users-bounces@xxxxxxxxxx [mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of Richard Megginson Sent: Tuesday, 11 September 2007 11:59 a.m. To: General discussion list for the Fedora Directory server project. Subject: Re: ssh login fail Steven Jones wrote: > Yes I have run this before, vuw exists (see below), > > By password return I assume the client is querying LDAP to ask if the > user jonesst1 exists and either sends the hash of the password I used to > try and login or asks for the hash to do a comparison if it matches a > login is allowed.... > I hope not. It really should do an LDAP BIND operation, which means it sends the clear text password to the server in the BIND request (for simple username/password auth). So, try ldapsearch -x -D "uid=someuser,ou=People,dc=vuw,dc=ac,dc=nz" -w thepasssword -s base -b "" That will test to see if that user exists and that the password is correct. > I assume pam.d on the client is doing the hash comparison, so if the > hash method on the client is different to FDS its not going to get > anywhere. > > Querying via the FDS gui shows the user so it is in the database > somewhere.... > > So the possible errors are wrong hash or looking in the wrong place, or > some other error. > looking in the wrong place would be my guess, based on the err=32 in the previous logs you posted. > regards > > Steven Jones > Senior Linux/Unix/San/Vmware System Administrator > APG -Technology Integration Team > Victoria University of Wellington > Phone: +64 4 463 6272 > > 8><----- > > [root@vuwunicvfwall02 openldap]# more output > # extended LDIF > # > # LDAPv3 > # base <dc=vuw,dc=ac,dc=nz> with scope sub > # filter: (objectclass=*) > # requesting: ALL > # > > # vuw.ac.nz > dn: dc=vuw,dc=ac,dc=nz > objectClass: top > objectClass: domain > dc: vuw > > # Directory Administrators, vuw.ac.nz > dn: cn=Directory Administrators, dc=vuw,dc=ac,dc=nz > objectClass: top > objectClass: groupofuniquenames > cn: Directory Administrators > > # Groups, vuw.ac.nz > dn: ou=Groups, dc=vuw,dc=ac,dc=nz > objectClass: top > objectClass: organizationalunit > ou: Groups > > # People, vuw.ac.nz > dn: ou=People, dc=vuw,dc=ac,dc=nz > objectClass: top > objectClass: organizationalunit > ou: People > > # Special Users, vuw.ac.nz > dn: ou=Special Users,dc=vuw,dc=ac,dc=nz > objectClass: top > > 8><------ > > # PD Managers, groups, vuw.ac.nz > dn: cn=PD Managers,ou=groups,dc=vuw,dc=ac,dc=nz > objectClass: top > objectClass: groupOfUniqueNames > cn: PD Managers > ou: groups > description: People who can manage engineer entries > > > # search result > search: 2 > result: 0 Success > > # numResponses: 10 > # numEntries: 9 > > ================== > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
