[Fedora-directory-users] ssh login fail

Steven Jones Steven.Jones at vuw.ac.nz
Tue Sep 11 00:40:33 UTC 2007 

There you go,

Looks like it is not in the right place in FDS....or it is but LDAP is
looking in the wrong place...

root at vuwunicvfwall02 openldap]# ldapsearch -x -D
"uid=jonesst1,ou=People,dc=vuw,dc=ac,dc=nz" -w xxxxx -s base -b ""
ldap_bind: No such object (32)
        matched DN: ou=people,dc=vuw,dc=ac,dc=nz
[root at vuwunicvfwall02 openldap]# ldapsearch -x -D
"uid=jonesst1,dc=vuw,dc=ac,dc=nz" -w xxxxx -s base -b ""
ldap_bind: No such object (32)
        matched DN: dc=vuw,dc=ac,dc=nz

ho hum....

regards

Steven Jones
Senior  Linux/Unix/San/Vmware System Administrator
APG -Technology Integration Team
Victoria University of Wellington
Phone: +64 4 463 6272

-----Original Message-----
From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard
Megginson
Sent: Tuesday, 11 September 2007 11:59 a.m.
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] ssh login fail

Steven Jones wrote:
> Yes I have run this before, vuw exists (see below),
>
> By password return I assume the client is querying LDAP to ask if the
> user jonesst1 exists and either sends the hash of the password I used
to
> try and login or asks for the hash to do a comparison if it matches a
> login is allowed....
>   
I hope not.  It really should do an LDAP BIND operation, which means it 
sends the clear text password to the server in the BIND request (for 
simple username/password auth).

So, try
ldapsearch -x -D "uid=someuser,ou=People,dc=vuw,dc=ac,dc=nz" -w 
thepasssword -s base -b ""
That will test to see if that user exists and that the password is
correct.

> I assume pam.d on the client is doing the hash comparison, so if the
> hash method on the client is different to FDS its not going to get
> anywhere.
>
> Querying via the FDS gui shows the user so it is in the database
> somewhere....
>
> So the possible errors are wrong hash or looking in the wrong place,
or
> some other error.
>   
looking in the wrong place would be my guess, based on the err=32 in the

previous logs you posted.
> regards
>
> Steven Jones
> Senior  Linux/Unix/San/Vmware System Administrator
> APG -Technology Integration Team
> Victoria University of Wellington
> Phone: +64 4 463 6272
>
> 8><-----
>
> [root at vuwunicvfwall02 openldap]# more output
> # extended LDIF
> #
> # LDAPv3
> # base <dc=vuw,dc=ac,dc=nz> with scope sub
> # filter: (objectclass=*)
> # requesting: ALL
> #
>  
> # vuw.ac.nz
> dn: dc=vuw,dc=ac,dc=nz
> objectClass: top
> objectClass: domain
> dc: vuw
>  
> # Directory Administrators, vuw.ac.nz
> dn: cn=Directory Administrators, dc=vuw,dc=ac,dc=nz
> objectClass: top
> objectClass: groupofuniquenames
> cn: Directory Administrators
>  
> # Groups, vuw.ac.nz
> dn: ou=Groups, dc=vuw,dc=ac,dc=nz
> objectClass: top
> objectClass: organizationalunit
> ou: Groups
>  
> # People, vuw.ac.nz
> dn: ou=People, dc=vuw,dc=ac,dc=nz
> objectClass: top
> objectClass: organizationalunit
> ou: People
>  
> # Special Users, vuw.ac.nz
> dn: ou=Special Users,dc=vuw,dc=ac,dc=nz
> objectClass: top
>
> 8><------
>
> # PD Managers, groups, vuw.ac.nz
> dn: cn=PD Managers,ou=groups,dc=vuw,dc=ac,dc=nz
> objectClass: top
> objectClass: groupOfUniqueNames
> cn: PD Managers
> ou: groups
> description: People who can manage engineer entries
>  
>
> # search result
> search: 2
> result: 0 Success
>  
> # numResponses: 10
> # numEntries: 9
>
> ==================
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

More information about the Fedora-directory-users mailing list