Re: ssh login fail

[Richard Megginson <rmeggins@xxxxxxxxxx>]

Steven Jones wrote:
> I am getting things like this, but I did not enter them, so these are
> some sort of defaults?
>   
Yes.  By default, Fedora DS setup will create some organizational 
entries for you.  If you do not want to do this, you can run setup in 
Custom mode and tell it to not add these entries.
> 8><--------
> # PD Managers, groups, vuw.ac.nz
> dn: cn=PD Managers,ou=groups,dc=vuw,dc=ac,dc=nz
> objectClass: top
> objectClass: groupOfUniqueNames
> cn: PD Managers
> ou: groups
> description: People who can manage engineer entries
> 8><--------
>
> Yet I cannot find then under the FDS gui....
>   
Try changing your identity in the console to cn=Directory Manager.  
Under the File menu, select the option to login as another user.  Or use 
the Tasks tab - there is a button there to do the same thing.
> regards
>
> Steven Jones
> Senior  Linux/Unix/San/Vmware System Administrator
> APG -Technology Integration Team
> Victoria University of Wellington
> Phone: +64 4 463 6272
>
> -----Original Message-----
> From: fedora-directory-users-bounces@xxxxxxxxxx
> [mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of Steven
> Jones
> Sent: Tuesday, 11 September 2007 12:41 p.m.
> To: General discussion list for the Fedora Directory server project.
> Subject: RE:  ssh login fail
>
> There you go,
>
> Looks like it is not in the right place in FDS....or it is but LDAP is
> looking in the wrong place...
>
> root@vuwunicvfwall02 openldap]# ldapsearch -x -D
> "uid=jonesst1,ou=People,dc=vuw,dc=ac,dc=nz" -w xxxxx -s base -b ""
> ldap_bind: No such object (32)
>         matched DN: ou=people,dc=vuw,dc=ac,dc=nz
> [root@vuwunicvfwall02 openldap]# ldapsearch -x -D
> "uid=jonesst1,dc=vuw,dc=ac,dc=nz" -w xxxxx -s base -b ""
> ldap_bind: No such object (32)
>         matched DN: dc=vuw,dc=ac,dc=nz
>
> ho hum....
>
> regards
>
> Steven Jones
> Senior  Linux/Unix/San/Vmware System Administrator
> APG -Technology Integration Team
> Victoria University of Wellington
> Phone: +64 4 463 6272
>
> -----Original Message-----
> From: fedora-directory-users-bounces@xxxxxxxxxx
> [mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of Richard
> Megginson
> Sent: Tuesday, 11 September 2007 11:59 a.m.
> To: General discussion list for the Fedora Directory server project.
> Subject: Re:  ssh login fail
>
> Steven Jones wrote:
>   
> > Yes I have run this before, vuw exists (see below),
> >
> > By password return I assume the client is querying LDAP to ask if the
> > user jonesst1 exists and either sends the hash of the password I used
> >     
> to
>   
> > try and login or asks for the hash to do a comparison if it matches a
> > login is allowed....
> >   
> >     
> I hope not.  It really should do an LDAP BIND operation, which means it 
> sends the clear text password to the server in the BIND request (for 
> simple username/password auth).
>
> So, try
> ldapsearch -x -D "uid=someuser,ou=People,dc=vuw,dc=ac,dc=nz" -w 
> thepasssword -s base -b ""
> That will test to see if that user exists and that the password is
> correct.
>
>   
> > I assume pam.d on the client is doing the hash comparison, so if the
> > hash method on the client is different to FDS its not going to get
> > anywhere.
> >
> > Querying via the FDS gui shows the user so it is in the database
> > somewhere....
> >
> > So the possible errors are wrong hash or looking in the wrong place,
> >     
> or
>   
> > some other error.
> >   
> >     
> looking in the wrong place would be my guess, based on the err=32 in the
>
> previous logs you posted.
>   
> > regards
> >
> > Steven Jones
> > Senior  Linux/Unix/San/Vmware System Administrator
> > APG -Technology Integration Team
> > Victoria University of Wellington
> > Phone: +64 4 463 6272
> >
> > 8><-----
> >
> > [root@vuwunicvfwall02 openldap]# more output
> > # extended LDIF
> > #
> > # LDAPv3
> > # base <dc=vuw,dc=ac,dc=nz> with scope sub
> > # filter: (objectclass=*)
> > # requesting: ALL
> > #
> >  
> > # vuw.ac.nz
> > dn: dc=vuw,dc=ac,dc=nz
> > objectClass: top
> > objectClass: domain
> > dc: vuw
> >  
> > # Directory Administrators, vuw.ac.nz
> > dn: cn=Directory Administrators, dc=vuw,dc=ac,dc=nz
> > objectClass: top
> > objectClass: groupofuniquenames
> > cn: Directory Administrators
> >  
> > # Groups, vuw.ac.nz
> > dn: ou=Groups, dc=vuw,dc=ac,dc=nz
> > objectClass: top
> > objectClass: organizationalunit
> > ou: Groups
> >  
> > # People, vuw.ac.nz
> > dn: ou=People, dc=vuw,dc=ac,dc=nz
> > objectClass: top
> > objectClass: organizationalunit
> > ou: People
> >  
> > # Special Users, vuw.ac.nz
> > dn: ou=Special Users,dc=vuw,dc=ac,dc=nz
> > objectClass: top
> >
> > 8><------
> >
> > # PD Managers, groups, vuw.ac.nz
> > dn: cn=PD Managers,ou=groups,dc=vuw,dc=ac,dc=nz
> > objectClass: top
> > objectClass: groupOfUniqueNames
> > cn: PD Managers
> > ou: groups
> > description: People who can manage engineer entries
> >  
> >
> > # search result
> > search: 2
> > result: 0 Success
> >  
> > # numResponses: 10
> > # numEntries: 9
> >
> > ==================
> >
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users@xxxxxxxxxx
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >   
> >     
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users