Thank to the kindness of the list, I'm getting better results with this.
Well.. this is what I've got right now.
I configure NIS, so, getent passwd netwarrior returns
netwarrior:x:1002:513:System User:/home/netwarrior:/bin/bash
This is perfect, cuz netwarrior is in the LDAP database and not a local users, so this is an upgrade :)
Now, what I'm trying to do is to connect from a windows machine, which is not part of the domain and from a freebsd host which is neither part of the domain and I'm getting this:
This is not the entire log, but as I can see, it retrieving all the user info, gecos, pasword, login shell
Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] applying read(=rscxd) (stop)
Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] mask: read(=rscxd)
Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access granted by read(=rscxd)
Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access to "uid=netwarrior,ou=Users,dc=netwarrior,dc=com" "userPassword" requested
Oct 12 14:05:03 test-server slapd[3940]: => acl_get: [1] attr userPassword
Oct 12 14:05:03 test-server slapd[3940]: access_allowed: no res from state (userPassword)
Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: access to entry "uid=netwarrior,ou=Users,dc=netwarrior,dc=com", attr "userPassword" requested
Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: to value by "", (=0)
Oct 12 14:05:03 test-server slapd[3940]: <= check a_dn_pat: anonymous
Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] applying auth(=xd) (stop)
Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] mask: auth(=xd)
Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access denied by auth(=xd)
Oct 12 14:05:03 test-server slapd[3940]: send_search_entry: conn 3 access to attribute userPassword, value #0 not allowed
Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 ENTRY dn="uid=netwarrior,ou=users,dc=netwarrior,dc=com"
Oct 12 14:05:03 test-server slapd[3940]: <= send_search_entry: conn 3 exit.
Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: conn=3 op=11 p=3
Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: err=0 matched="" text=""
Oct 12 14:05:03 test-server slapd[3940]: send_ldap_response: msgid=12 tag=101 err=0
Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 SEARCH RESULT tag=101 err=0 nentries=1 text=
Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=7 active_threads=0 tvp=zero
Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=8 active_threads=0 tvp=zero
Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=9 active_threads=0 tvp=zero
Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=10 active_threads=0 tvp=zero
Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] applying read(=rscxd) (stop)
Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] mask: read(=rscxd)
Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access granted by read(=rscxd)
Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access to "uid=netwarrior,ou=Users,dc=netwarrior,dc=com" "userPassword" requested
Oct 12 14:05:03 test-server slapd[3940]: => acl_get: [1] attr userPassword
Oct 12 14:05:03 test-server slapd[3940]: access_allowed: no res from state (userPassword)
Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: access to entry "uid=netwarrior,ou=Users,dc=netwarrior,dc=com", attr "userPassword" requested
Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: to value by "", (=0)
Oct 12 14:05:03 test-server slapd[3940]: <= check a_dn_pat: anonymous
Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] applying auth(=xd) (stop)
Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] mask: auth(=xd)
Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access denied by auth(=xd)
Oct 12 14:05:03 test-server slapd[3940]: send_search_entry: conn 3 access to attribute userPassword, value #0 not allowed
Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 ENTRY dn="uid=netwarrior,ou=users,dc=netwarrior,dc=com"
Oct 12 14:05:03 test-server slapd[3940]: <= send_search_entry: conn 3 exit.
Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: conn=3 op=11 p=3
Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: err=0 matched="" text=""
Oct 12 14:05:03 test-server slapd[3940]: send_ldap_response: msgid=12 tag=101 err=0
Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 SEARCH RESULT tag=101 err=0 nentries=1 text=
Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=7 active_threads=0 tvp=zero
Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=8 active_threads=0 tvp=zero
Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=9 active_threads=0 tvp=zero
Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=10 active_threads=0 tvp=zero
This is the last line:
common-session
session required pam_limits.so
session required pam_unix2.so
session sufficient pam_ldap.so
common-auth
auth required pam_env.so
auth required pam_unix2.so
auth sufficient pam_ldap.so
common-password
password required pam_pwcheck.so nullok
password required pam_unix2.so nullok use_first_pass use_authtok
password sufficient pam_ldap.so
ssh
#%PAM-1.0
auth include common-auth
auth required pam_nologin.so
account include common-account
password include common-password
session include common-session
For example fomr the bsd machine
Permission denied (publickey,keyboard-interactive.)
And cannot log in.
Any ideas?
Thanks for your time.
_______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list