[Fedora-directory-users] ssh login fail
Richard Megginson
rmeggins at redhat.com
Mon Sep 10 23:59:21 UTC 2007
Steven Jones wrote:
> Yes I have run this before, vuw exists (see below),
>
> By password return I assume the client is querying LDAP to ask if the
> user jonesst1 exists and either sends the hash of the password I used to
> try and login or asks for the hash to do a comparison if it matches a
> login is allowed....
>
I hope not. It really should do an LDAP BIND operation, which means it
sends the clear text password to the server in the BIND request (for
simple username/password auth).
So, try
ldapsearch -x -D "uid=someuser,ou=People,dc=vuw,dc=ac,dc=nz" -w
thepasssword -s base -b ""
That will test to see if that user exists and that the password is correct.
> I assume pam.d on the client is doing the hash comparison, so if the
> hash method on the client is different to FDS its not going to get
> anywhere.
>
> Querying via the FDS gui shows the user so it is in the database
> somewhere....
>
> So the possible errors are wrong hash or looking in the wrong place, or
> some other error.
>
looking in the wrong place would be my guess, based on the err=32 in the
previous logs you posted.
> regards
>
> Steven Jones
> Senior Linux/Unix/San/Vmware System Administrator
> APG -Technology Integration Team
> Victoria University of Wellington
> Phone: +64 4 463 6272
>
> 8><-----
>
> [root at vuwunicvfwall02 openldap]# more output
> # extended LDIF
> #
> # LDAPv3
> # base <dc=vuw,dc=ac,dc=nz> with scope sub
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # vuw.ac.nz
> dn: dc=vuw,dc=ac,dc=nz
> objectClass: top
> objectClass: domain
> dc: vuw
>
> # Directory Administrators, vuw.ac.nz
> dn: cn=Directory Administrators, dc=vuw,dc=ac,dc=nz
> objectClass: top
> objectClass: groupofuniquenames
> cn: Directory Administrators
>
> # Groups, vuw.ac.nz
> dn: ou=Groups, dc=vuw,dc=ac,dc=nz
> objectClass: top
> objectClass: organizationalunit
> ou: Groups
>
> # People, vuw.ac.nz
> dn: ou=People, dc=vuw,dc=ac,dc=nz
> objectClass: top
> objectClass: organizationalunit
> ou: People
>
> # Special Users, vuw.ac.nz
> dn: ou=Special Users,dc=vuw,dc=ac,dc=nz
> objectClass: top
>
> 8><------
>
> # PD Managers, groups, vuw.ac.nz
> dn: cn=PD Managers,ou=groups,dc=vuw,dc=ac,dc=nz
> objectClass: top
> objectClass: groupOfUniqueNames
> cn: PD Managers
> ou: groups
> description: People who can manage engineer entries
>
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 10
> # numEntries: 9
>
> ==================
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070910/69161bc9/attachment.bin>
More information about the Fedora-directory-users
mailing list