Re: TLS Issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

Can you check What happens if you specify

ssl start_tls

instead of "ssl on"

Regards
Niranjan


On Thu, Jul 24, 2008 at 9:29 PM, Dharmin Mandalia <dharmin98@xxxxxxxxxxx> wrote:

Hello  Nalin and all

I just added "ssl  on"  to below /etc/ldap.conf file and get below error msg in var/log/secure file :-


sshd[6212]: pam_unix(sshd:session): session closed for user test1
sshd[6248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.1  user=test1
sshd[6248]: Accepted password for test1 from 192.168.1.1 port 47171 ssh2
sshd[6248]: pam_unix(sshd:session): session opened for user test1 by (uid=0)
sshd[6248]: pam_unix(sshd:session): session closed for user test1
sshd[6284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.1  user=test1
sshd[6284]: pam_ldap: ldap_simple_bind Can't contact LDAP server
shd[6284]: pam_ldap: reconnecting to LDAP server...
sshd[6284]: pam_ldap: ldap_simple_bind Can't contact LDAP server
sshd[6284]: Failed password for test1 from 192.168.1.1 port 47172 ssh2

With "ssl on" in ldap.conf, am unable to login via ssh

any helpers please...

regards
Dharmin



----------------------------------------
> Date: Thu, 24 Jul 2008 11:26:46 -0400
> From: nalin@xxxxxxxxxx
> To: dharmin98@xxxxxxxxxxx
> CC: fedora-directory-users@xxxxxxxxxx
> Subject: Re: TLS Issue
>
> On Thu, Jul 24, 2008 at 03:11:59PM +0000, Dharmin Mandalia wrote:
>> I've enabled TLS and am getting below error msg's in /var/log/secure file on Fedora 9, which is my newly configured FDS , if disable TLS , am able to ssh onto the FDS server and with TLS enabled unable to login via ssh.
> [snip]
>> sshd[5487]: nss_ldap: could not search LDAP server - Server is unavailable
> [snip]
>> /etc/ldap.conf file on Fedora 9, (FDS server ) shows as :-
> [snip]
>> ssl start_tls
>> tls_checkpeer yes
>> tls_cacertfile  /etc/openldap/cacerts/cacert.asc
>> pam_password md5
>> uri ldap://127.0.0.1/
>> tls_cacertdir /etc/openldap/cacerts
>
> If you're using SSL or TLS, the LDAP client library is going to compare
> the names in the certificate that the server uses against the value that
> was given in the client's configuration (in this case "127.0.0.1"), and
> it looks like they're not matching up here.
>
> Typically the certificate uses an actual hostname as a "CN" value in its
> subject, so you'd need to specify the server URI using a hostname rather
> than an IP address to make sure that they match.
>
> If that's not what's going on here, please post a copy of the
> certificate that the server's using so that we can have a look.
>
> HTH,
>
> Nalin

_________________________________________________________________
Use video conversation to talk face-to-face with Windows Live Messenger.
http://www.windowslive.com/messenger/connect_your_way.html?ocid=TXT_TAGLM_WL_Refresh_messenger_video_072008

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux