[Fedora-directory-users] ssh login fail
Richard Megginson
rmeggins at redhat.com
Tue Sep 11 13:36:26 UTC 2007
Steven Jones wrote:
>>
>>
> looking in the wrong place would be my guess, based on the err=32 in the
>
> previous logs you posted.
>
> I seem to have been able to stop the err=32 by reconfiguring ldap.conf a
> bit and cleaning out FDS and I assume putting the user in the right
> place but still no login.
>
> [11/Sep/2007:16:21:47 +1200] conn=30 fd=78 slot=78 connection from
> 130.195.87.246 to 130.195.87.249
> [11/Sep/2007:16:21:47 +1200] conn=30 op=0 BIND dn="" method=128
> version=3
> [11/Sep/2007:16:21:47 +1200] conn=30 op=0 RESULT err=0 tag=97 nentries=0
> etime=0 dn=""
> [11/Sep/2007:16:21:47 +1200] conn=30 op=1 SRCH
> base="ou=People,dc=vuw,dc=ac,dc=nz" scope=2
> filter="(&(objectClass=posixAccount)(uid=jonesst1))" attrs=ALL
> [11/Sep/2007:16:21:47 +1200] conn=30 op=1 RESULT err=0 tag=101
> nentries=0 etime=0
>
The clue here is that err=0 but nentries=0. This to me indicates some
sort of ACI problem. If you ran the setup program, and you specified
dc=vuw,dc=ac,dc=nz as your suffix, setup should have added an ACI which
would allow this search to return entries. This, coupled with the fact
that you cannot view these entries using the console (assuming you meant
while logged in as the admin user), suggests that you added this data
after setup and that you did not specify dc=vuw,dc=ac,dc=nz as your
suffix. If you want to see what the suggested ACIs are, you should be
able to view the ACIs that were added to the suffix that you did specify
when you ran setup. The console will show you the ACIs. If you want to
see what they are without using the console, you can use ldapsearch e.g.
ldapsearch -x -D "cn=directory manager" -w password -b
"dc=vuw,dc=ac,dc=nz" "aci=*" aci
> [11/Sep/2007:16:21:47 +1200] conn=30 op=2 BIND dn="" method=128
> version=3
> [11/Sep/2007:16:21:47 +1200] conn=30 op=2 RESULT err=0 tag=97 nentries=0
> etime=0 dn=""
> [11/Sep/2007:16:21:47 +1200] conn=30 op=3 SRCH
> base="ou=People,dc=vuw,dc=ac,dc=nz" scope=2
> filter="(&(objectClass=posixAccount)(uid=jonesst1))" attrs=ALL
> [11/Sep/2007:16:21:47 +1200] conn=30 op=3 RESULT err=0 tag=101
> nentries=0 etime=0
> [11/Sep/2007:16:21:51 +1200] conn=30 op=4 BIND dn="" method=128
> version=3
> [11/Sep/2007:16:21:51 +1200] conn=30 op=4 RESULT err=0 tag=97 nentries=0
> etime=0 dn=""
> [11/Sep/2007:16:21:51 +1200] conn=30 op=5 SRCH
> base="ou=People,dc=vuw,dc=ac,dc=nz" scope=2
> filter="(&(objectClass=posixAccount)(uid=jonesst1))" attrs=ALL
> [11/Sep/2007:16:21:51 +1200] conn=30 op=5 RESULT err=0 tag=101
> nentries=0 etime=0
> [11/Sep/2007:16:21:51 +1200] conn=30 op=6 BIND dn="" method=128
> version=3
> [11/Sep/2007:16:21:51 +1200] conn=30 op=6 RESULT err=0 tag=97 nentries=0
> etime=0 dn=""
> [11/Sep/2007:16:21:51 +1200] conn=30 op=7 SRCH
> base="ou=People,dc=vuw,dc=ac,dc=nz" scope=2
> filter="(&(objectClass=posixAccount)(uid=jonesst1))" attrs=ALL
> [11/Sep/2007:16:21:51 +1200] conn=30 op=7 RESULT err=0 tag=101
> nentries=0 etime=0
> [11/Sep/2007:16:21:56 +1200] conn=30 op=8 BIND dn="" method=128
> version=3
> [11/Sep/2007:16:21:56 +1200] conn=30 op=8 RESULT err=0 tag=97 nentries=0
> etime=0 dn=""
> [11/Sep/2007:16:21:56 +1200] conn=30 op=9 SRCH
> base="ou=People,dc=vuw,dc=ac,dc=nz" scope=2
> filter="(&(objectClass=posixAccount)(uid=jonesst1))" attrs=ALL
> [11/Sep/2007:16:21:56 +1200] conn=30 op=9 RESULT err=0 tag=101
> nentries=0 etime=0
> [11/Sep/2007:16:21:56 +1200] conn=30 op=10 BIND dn="" method=128
> version=3
> [11/Sep/2007:16:21:56 +1200] conn=30 op=10 RESULT err=0 tag=97
> nentries=0 etime=0 dn=""
> [11/Sep/2007:16:21:56 +1200] conn=30 op=11 SRCH
> base="ou=People,dc=vuw,dc=ac,dc=nz" scope=2
> filter="(&(objectClass=posixAccount)(uid=jonesst1))" attrs=ALL
> [11/Sep/2007:16:21:56 +1200] conn=30 op=11 RESULT err=0 tag=101
> nentries=0 etime=0
> [11/Sep/2007:16:21:58 +1200] conn=30 op=13 UNBIND
> [11/Sep/2007:16:21:58 +1200] conn=30 op=13 fd=78 closed - U1
> [11/Sep/2007:16:22:46 +1200] conn=31 fd=78 slot=78 connection from
> 130.195.87.246 to 130.195.87.249
> [11/Sep/2007:16:22:46 +1200] conn=31 op=0 BIND
> dn="uid=jonesst1,ou=People,dc=vuw,dc=ac,dc=nz" method=128 version=3
> [11/Sep/2007:16:22:46 +1200] conn=31 op=0 RESULT err=0 tag=97 nentries=0
> etime=0 dn="uid=jonesst1,ou=people,dc=vuw,dc=ac,dc=nz"
> [11/Sep/2007:16:22:46 +1200] conn=31 op=1 SRCH base="" scope=0
> filter="(objectClass=*)" attrs=ALL
> [11/Sep/2007:16:22:46 +1200] conn=31 op=1 RESULT err=0 tag=101
> nentries=1 etime=0
> [11/Sep/2007:16:22:46 +1200] conn=31 op=2 UNBIND
> [11/Sep/2007:16:22:46 +1200] conn=31 op=2 fd=78 closed - U1
> [11/Sep/2007:16:22:52 +1200] conn=32 fd=78 slot=78 connection from
> 130.195.87.246 to 130.195.87.249
> [11/Sep/2007:16:22:52 +1200] conn=32 op=0 BIND dn="" method=128
> version=3
> [11/Sep/2007:16:22:52 +1200] conn=32 op=0 RESULT err=0 tag=97 nentries=0
> etime=0 dn=""
> [11/Sep/2007:16:22:52 +1200] conn=32 op=1 SRCH
> base="uid=jonesst1,ou=People,dc=vuw,dc=ac,dc=nz" scope=2
> filter="(objectClass=*)" attrs=ALL
> [11/Sep/2007:16:22:52 +1200] conn=32 op=1 RESULT err=0 tag=101
> nentries=1 etime=0
> [11/Sep/2007:16:22:52 +1200] conn=32 op=2 UNBIND
> [11/Sep/2007:16:22:52 +1200] conn=32 op=2 fd=78 closed - U1
>
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070911/7d5dca78/attachment.bin>
More information about the Fedora-directory-users
mailing list