I did a how to on PAM-LDAP but it's in spanish, i hope you may read it to see if it's helpful for you (BTW, need to register on site (free) to read articles) http://portal.linuxchange.com/campus/instalacion-comun.html Regards, LD Le jeudi 12 octobre 2006 11:20, Net Warrior a écrit : > Hi guys > Thank to the kindness of the list, I'm getting better results with this. > Well.. this is what I've got right now. > > I configure NIS, so, getent passwd netwarrior returns > > netwarrior:x:1002:513:System User:/home/netwarrior:/bin/bash > This is perfect, cuz netwarrior is in the LDAP database and not a local > users, so this is an upgrade :) > > Now, what I'm trying to do is to connect from a windows machine, which is > not part of the domain and from a freebsd host which is neither part of the > domain and I'm getting this: > > This is not the entire log, but as I can see, it retrieving all the user > info, gecos, pasword, login shell > > Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] applying > read(=rscxd) (stop) > Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] mask: > read(=rscxd) Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: > read access granted by read(=rscxd) > Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access to > "uid=netwarrior,ou=Users,dc=netwarrior,dc=com" "userPassword" requested > Oct 12 14:05:03 test-server slapd[3940]: => acl_get: [1] attr userPassword > Oct 12 14:05:03 test-server slapd[3940]: access_allowed: no res from state > (userPassword) > Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: access to entry > "uid=netwarrior,ou=Users,dc=netwarrior,dc=com", attr "userPassword" > requested > Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: to value by "", (=0) > Oct 12 14:05:03 test-server slapd[3940]: <= check a_dn_pat: anonymous > Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] applying > auth(=xd) (stop) > Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] mask: auth(=xd) > Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access > denied by auth(=xd) > Oct 12 14:05:03 test-server slapd[3940]: send_search_entry: conn 3 access > to attribute userPassword, value #0 not allowed > Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 ENTRY > dn="uid=netwarrior,ou=users,dc=netwarrior,dc=com" > Oct 12 14:05:03 test-server slapd[3940]: <= send_search_entry: conn 3 exit. > Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: conn=3 op=11 p=3 > Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: err=0 matched="" > text="" > Oct 12 14:05:03 test-server slapd[3940]: send_ldap_response: msgid=12 > tag=101 err=0 > Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 SEARCH RESULT tag=101 > err=0 nentries=1 text= > Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=7 > active_threads=0 tvp=zero > Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=8 > active_threads=0 tvp=zero > Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=9 > active_threads=0 tvp=zero > Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=10 > active_threads=0 tvp=zero > > > > Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] applying > read(=rscxd) (stop) > Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] mask: > read(=rscxd) Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: > read access granted by read(=rscxd) > Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access to > "uid=netwarrior,ou=Users,dc=netwarrior,dc=com" "userPassword" requested > Oct 12 14:05:03 test-server slapd[3940]: => acl_get: [1] attr userPassword > Oct 12 14:05:03 test-server slapd[3940]: access_allowed: no res from state > (userPassword) > Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: access to entry > "uid=netwarrior,ou=Users,dc=netwarrior,dc=com", attr "userPassword" > requested > Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: to value by "", (=0) > Oct 12 14:05:03 test-server slapd[3940]: <= check a_dn_pat: anonymous > Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] applying > auth(=xd) (stop) > Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] mask: auth(=xd) > Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access > denied by auth(=xd) > Oct 12 14:05:03 test-server slapd[3940]: send_search_entry: conn 3 access > to attribute userPassword, value #0 not allowed > Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 ENTRY > dn="uid=netwarrior,ou=users,dc=netwarrior,dc=com" > Oct 12 14:05:03 test-server slapd[3940]: <= send_search_entry: conn 3 exit. > Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: conn=3 op=11 p=3 > Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: err=0 matched="" > text="" > Oct 12 14:05:03 test-server slapd[3940]: send_ldap_response: msgid=12 > tag=101 err=0 > Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 SEARCH RESULT tag=101 > err=0 nentries=1 text= > Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=7 > active_threads=0 tvp=zero > Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=8 > active_threads=0 tvp=zero > Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=9 > active_threads=0 tvp=zero > Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=10 > active_threads=0 tvp=zero > This is the last line: > > > common-session > session required pam_limits.so > session required pam_unix2.so > session sufficient pam_ldap.so > > common-auth > auth required pam_env.so > auth required pam_unix2.so > auth sufficient pam_ldap.so > > common-password > password required pam_pwcheck.so nullok > password required pam_unix2.so nullok use_first_pass use_authtok > password sufficient pam_ldap.so > > ssh > #%PAM-1.0 > auth include common-auth > auth required pam_nologin.so > account include common-account > password include common-password > session include common-session > > For example fomr the bsd machine > Permission denied (publickey,keyboard-interactive.) > > And cannot log in. > Any ideas? > Thanks for your time. _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
