[Fedora-directory-users] ssh login fail
Steven Jones
Steven.Jones at vuw.ac.nz
Tue Sep 11 02:01:52 UTC 2007
I am getting things like this, but I did not enter them, so these are
some sort of defaults?
8><--------
# PD Managers, groups, vuw.ac.nz
dn: cn=PD Managers,ou=groups,dc=vuw,dc=ac,dc=nz
objectClass: top
objectClass: groupOfUniqueNames
cn: PD Managers
ou: groups
description: People who can manage engineer entries
8><--------
Yet I cannot find then under the FDS gui....
regards
Steven Jones
Senior Linux/Unix/San/Vmware System Administrator
APG -Technology Integration Team
Victoria University of Wellington
Phone: +64 4 463 6272
-----Original Message-----
From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Steven
Jones
Sent: Tuesday, 11 September 2007 12:41 p.m.
To: General discussion list for the Fedora Directory server project.
Subject: RE: [Fedora-directory-users] ssh login fail
There you go,
Looks like it is not in the right place in FDS....or it is but LDAP is
looking in the wrong place...
root at vuwunicvfwall02 openldap]# ldapsearch -x -D
"uid=jonesst1,ou=People,dc=vuw,dc=ac,dc=nz" -w xxxxx -s base -b ""
ldap_bind: No such object (32)
matched DN: ou=people,dc=vuw,dc=ac,dc=nz
[root at vuwunicvfwall02 openldap]# ldapsearch -x -D
"uid=jonesst1,dc=vuw,dc=ac,dc=nz" -w xxxxx -s base -b ""
ldap_bind: No such object (32)
matched DN: dc=vuw,dc=ac,dc=nz
ho hum....
regards
Steven Jones
Senior Linux/Unix/San/Vmware System Administrator
APG -Technology Integration Team
Victoria University of Wellington
Phone: +64 4 463 6272
-----Original Message-----
From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard
Megginson
Sent: Tuesday, 11 September 2007 11:59 a.m.
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] ssh login fail
Steven Jones wrote:
> Yes I have run this before, vuw exists (see below),
>
> By password return I assume the client is querying LDAP to ask if the
> user jonesst1 exists and either sends the hash of the password I used
to
> try and login or asks for the hash to do a comparison if it matches a
> login is allowed....
>
I hope not. It really should do an LDAP BIND operation, which means it
sends the clear text password to the server in the BIND request (for
simple username/password auth).
So, try
ldapsearch -x -D "uid=someuser,ou=People,dc=vuw,dc=ac,dc=nz" -w
thepasssword -s base -b ""
That will test to see if that user exists and that the password is
correct.
> I assume pam.d on the client is doing the hash comparison, so if the
> hash method on the client is different to FDS its not going to get
> anywhere.
>
> Querying via the FDS gui shows the user so it is in the database
> somewhere....
>
> So the possible errors are wrong hash or looking in the wrong place,
or
> some other error.
>
looking in the wrong place would be my guess, based on the err=32 in the
previous logs you posted.
> regards
>
> Steven Jones
> Senior Linux/Unix/San/Vmware System Administrator
> APG -Technology Integration Team
> Victoria University of Wellington
> Phone: +64 4 463 6272
>
> 8><-----
>
> [root at vuwunicvfwall02 openldap]# more output
> # extended LDIF
> #
> # LDAPv3
> # base <dc=vuw,dc=ac,dc=nz> with scope sub
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # vuw.ac.nz
> dn: dc=vuw,dc=ac,dc=nz
> objectClass: top
> objectClass: domain
> dc: vuw
>
> # Directory Administrators, vuw.ac.nz
> dn: cn=Directory Administrators, dc=vuw,dc=ac,dc=nz
> objectClass: top
> objectClass: groupofuniquenames
> cn: Directory Administrators
>
> # Groups, vuw.ac.nz
> dn: ou=Groups, dc=vuw,dc=ac,dc=nz
> objectClass: top
> objectClass: organizationalunit
> ou: Groups
>
> # People, vuw.ac.nz
> dn: ou=People, dc=vuw,dc=ac,dc=nz
> objectClass: top
> objectClass: organizationalunit
> ou: People
>
> # Special Users, vuw.ac.nz
> dn: ou=Special Users,dc=vuw,dc=ac,dc=nz
> objectClass: top
>
> 8><------
>
> # PD Managers, groups, vuw.ac.nz
> dn: cn=PD Managers,ou=groups,dc=vuw,dc=ac,dc=nz
> objectClass: top
> objectClass: groupOfUniqueNames
> cn: PD Managers
> ou: groups
> description: People who can manage engineer entries
>
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 10
> # numEntries: 9
>
> ==================
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
--
Fedora-directory-users mailing list
Fedora-directory-users at redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
More information about the Fedora-directory-users
mailing list