[Fedora-directory-users] Problem with solaris & FDS authentication

Igor logastellus at yahoo.com
Tue Aug 30 13:37:36 UTC 2005 

Gary,

I did like you said.  There was nothing in msgs file.  From the remote host I got this:

debug1: Next authentication method: publickey
debug1: Trying private key: /.ssh/identity
debug1: Trying private key: /.ssh/id_rsa
debug1: Trying private key: /.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
testdba at 149.85.86.87's password: 
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.

sshd -d produced nothing either.  So, I'm confused now.

Also, ldaplist by itself gives this:
bash-2.03# ldaplist 
ldaplist: Object not found (LDAP ERROR (50): Insufficient access.)

Is that normal?

And when I snoop -v ldap | grep LDAP I don't see the {crypt} password anywhere.....?


--- "Tay, Gary" <Gary_Tay at platts.com> wrote:

> To troublshoot PAM issue, you may add "debug" keyword at the end of
> every or selected lines of /etc/pam.conf, and /var/adm/messages should
> show more messages.
> 
> To troubleshoot SSH Server, you may start sshd with "-d" (debfufg)
> option (Interactive Mode Only), or use "ssh -v testdba at localhost" at the
> SSH Client (-v means verbose mode).
> 
> You may use the sample pam.conf from
> http://docs.sun.com/app/docs/doc/816-4556/6maort2te?a=view, do comment
> out all the "pam_unix_cred.so.1" lines as they are meant for Solaris10.
> 
> Gary
> 
> -----Original Message-----
> From: fedora-directory-users-bounces at redhat.com
> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Igor
> Sent: Tuesday, August 30, 2005 4:30 AM
> To: General discussion list for the Fedora Directory server project.
> Subject: [Fedora-directory-users] Problem with solaris & FDS
> authentication
> 
> 
> Hi, guys.  I finally got the solaris box to talk to the FDS (thank you
> all for your
> help).
> 
> I'm now having a problem where I can't telnet/ssh from another machine.
> 
> On the client, I have this:
> 
> bash-2.03# ldaplist -l passwd testdba
> dn: uid=testdba,ou=People, dc=composers,dc=foo,dc=com
>         givenName: oracle
>         sn: user
>         loginShell: /bin/bash
>         uidNumber: 10001
>         gidNumber: 7000
>         objectClass: top
>         objectClass: person
>         objectClass: organizationalPerson
>         objectClass: inetorgperson
>         objectClass: posixAccount
>         objectClass: shadowaccount
>         uid: testdba
>         cn: oracle user
>         homeDirectory: /home/testdba
> bash-2.03# 
> 
> The ACIs (in addition to the default ones):
> 
> 
> Bind Password:
> dc=composers,dc=foo,dc=com
> 
> aci=(targetattr =
> "cn||uid||uidNumber||gidNumber||homeDirectory||shadowLastChange||shadowM
> in||shadowMax||shadowWarning|
> |shadowInactive||shadowExpire||shadowFlag||memberUid"
> )(version 3.0; acl LDAP_Naming_Services_deny_write_access;deny (write)
> userdn = "ldap:
> ///self";) 
> aci=(target="ldap:///dc=composers,dc=foo,dc=com")(targetattr="userPasswo
> rd")(version 3.0;
> acl LDAP_Naming_Services_proxy_password_read; allow (compare,search)
> userdn = "
> ldap:///cn=proxyagent,ou=profile,dc=composers,dc=foo,dc=com";)
> 
> 
> 
> There's nothing in the /var/adm/messages.  My pam.conf [snipped] is
> this:
> 
> # login service (explicit because of pam_dial_auth)
> #
> login   auth requisite          pam_authtok_get.so.1
> login   auth required           pam_dhkeys.so.1
> login   auth sufficient         pam_unix_auth.so.1
> login   auth required           pam_ldap.so.1 try_first_pass
> login   auth required           pam_dial_auth.so.1
> 
> #ssh
> 
> sshd  auth sufficient /usr/lib/security/pam_ldap.so.1
> sshd  auth required   /usr/lib/security/pam_unix.so.1 use_first_pass
> 
> ---
> 
> The userPassword field is not displayed when I do ldaplist.  Is that
> normal?  Even when I
> do this:
> 
> /usr/bin/ldapsearch -D
> "cn=proxyagent,ou=profile,dc=composers,dc=foo,dc=com" -h
> cnyitlin02 -b dc=composers,dc=foo,dc=com objectclass=\*
> 
> uid=testdba,ou=People, dc=composers,dc=foo,dc=com
> givenName=oracle
> sn=user
> loginShell=/bin/bash
> uidNumber=10001
> gidNumber=7000
> objectClass=top
> objectClass=person
> objectClass=organizationalPerson
> objectClass=inetorgperson
> objectClass=posixAccount
> objectClass=shadowaccount
> uid=testdba
> cn=oracle user
> homeDirectory=/home/testdba
> 
> How can I go about troubleshooting this?
> 
> 
> 		
> ____________________________________________________
> Start your day with Yahoo! - make it your home page 
> http://www.yahoo.com/r/hs 
>  
> 
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> 
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> 



		
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs

More information about the Fedora-directory-users mailing list