SSLUG-msg00016.html

[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]

[an error occurred while processing this directive] [an error occurred while processing this directive]

	Home		Subscribe		Mail Archive		Forum		Calendar		Search
	Date:				Thread:

pam_ldap problemer

To: sslug@sslug
Subject: pam_ldap problemer
From: Ask Holme <sslug@sslug>
Date: Mon, 02 Apr 2007 21:55:02 +0200
Newsgroups: sslug.teknik
Organization: SSLUG
User-agent: Thunderbird 2.0b2 (Windows/20070116)

Jeg forsøger, at sætte en maskine op til at godkende mod LDAP. (den skal både godkende systembrugere og samba brugere) Jeg har sat OpenLDAP op med de rigtige skemaer og har installeret ldap-account-manager til at styrer bruger med.

Jeg kan oprette brugere og kan via ldapsearch/ldappasswd etc. utils binde med de brugere jeg har oprettet.

Men selvom auth og bind virker fint med ldappasswd, så kan jeg ikke logge ind. Jeg får følgende i loggen

pam_ldap: error trying to bind as user "uid=ask,ou=People,ou=Users,dc=elev,dc=dk" (Invalid credentials)

Jeg har prøvet, at bruge en række forskellige krypteringsalgoritmer (inklusiv cleartext) i min ldap entry samt prøvet med en anden bruger, men det hjælper ikke.

Systemet er en debian sarge, både openldap, libpam_ldap, libnss-ldap etc. er installeret fra stable.

Min slapd.conf, pam_ldap.conf og pam.d/common-auth er nedenover

slapd.conf
--------------------------------------------
include     /etc/openldap/schema/core.schema
include     /etc/openldap/schema/cosine.schema
include     /etc/openldap/schema/inetorgperson.schema
include     /etc/openldap/schema/nis.schema
include     /etc/openldap/schema/samba.schema

pidfile     /var/run/slapd/slapd.pid
argsfile    /var/run/slapd/slapd.args

modulepath      /usr/lib/ldap
moduleload      back_bdb
moduleload      back_passwd
database    bdb
suffix      dc=elev,dc=dk
rootdn      cn=Manager,dc=elev,dc=dk
rootpw      <something>
directory   /var/lib/ldap

access to attrs=userPassword
        by self write
        by dn="cn=sambaadmin,dc=elev,dc=dk" write
        by dn="cn=syncuser,dc=elev,dc=dk" read
        by * auth

access to attrs=sambaLMPassword,sambaNTPassword
        by dn="cn=sambaadmin,dc=elev,dc=dk" write
        by dn="cn=syncuser,dc=elev,dc=dk" read

access to *
        by dn="cn=sambaadmin,dc=elev,dc=dk" write
        by dn="cn=syncuser,dc=elev,dc=dk" read
        by dn="cn=Manager,dc=elev,dc=dk" write
        by * read

# Indices to maintain
index objectClass           eq
index cn                    pres,sub,eq
index sn                    pres,sub,eq
index uid                   pres,sub,eq
index displayName           pres,sub,eq
index uidNumber             eq
index gidNumber             eq
index memberUID             eq
index sambaSID              eq
index sambaPrimaryGroupSID  eq
index sambaDomainName       eq
index default               sub
TLSCertificateFile      /etc/ldap/server.pem
TLSCertificateKeyFile   /etc/ldap/server.pem
TLSCACertificateFile    /etc/ldap/server.pem

pam_ldap.conf
------------------------------------------------
host 127.0.0.1
base dc=elev,dc=dk
ldap_version 3
scope sub
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute gid
pam_password exop
nss_base_passwd ou=People,ou=Users,dc=elev,dc=dk
nss_base_shadow ou=People,ou=Users,dc=elev,dc=dk
nss_base_group  ou=Groups,dc=elev,dc=dk

pam.d/common-auth
-------------------------------------------------
auth sufficient pam_unix.so likeauth nullok try_first_pass
auth sufficient pam_ldap.so use_first_pass

Follow-Ups:
- Re: [TEKNIK] pam_ldap problemer
  - From: Ask Holme

Prev by Date: Re: [TEKNIK] Convert til linux fra win 98!!!
Next by Date: Re: [TEKNIK] pam_ldap problemer, Ask Holme
Previous by Thread: Re: [TEKNIK] Hvad kan afspille TiVo file format?
Next by Thread: Re: [TEKNIK] pam_ldap problemer
Index(es)
- Date Index
- Thread Index

Home

Subscribe

Mail Archive

Index

Calendar

Search

Questions about the web-pages to <www_admin>.

Last modified 2007-05-01, 02:01 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *