Getting Better + LDAP + PAM

Net Warrior netwarrior863 at gmail.com
Thu Oct 12 16:20:43 UTC 2006 

Hi guys
Thank to the kindness of the list, I'm getting better results with this.
Well.. this is what I've got right now.

I configure NIS, so, getent passwd netwarrior returns

netwarrior:x:1002:513:System User:/home/netwarrior:/bin/bash
This is perfect, cuz netwarrior is in the LDAP database and not a local
users, so this is an upgrade :)

Now, what I'm trying to do is to connect from a windows machine, which is
not part of the domain and from a freebsd host which is neither part of the
domain and I'm getting this:

This is not the entire log, but as I can see, it retrieving all the user
info, gecos, pasword, login shell

Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] applying
read(=rscxd) (stop)
Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] mask: read(=rscxd)
Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access
granted by read(=rscxd)
Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access to
"uid=netwarrior,ou=Users,dc=netwarrior,dc=com" "userPassword" requested
Oct 12 14:05:03 test-server slapd[3940]: => acl_get: [1] attr userPassword
Oct 12 14:05:03 test-server slapd[3940]: access_allowed: no res from state
(userPassword)
Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: access to entry
"uid=netwarrior,ou=Users,dc=netwarrior,dc=com", attr "userPassword"
requested
Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: to value by "", (=0)
Oct 12 14:05:03 test-server slapd[3940]: <= check a_dn_pat: anonymous
Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] applying auth(=xd)
(stop)
Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] mask: auth(=xd)
Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access
denied by auth(=xd)
Oct 12 14:05:03 test-server slapd[3940]: send_search_entry: conn 3 access to
attribute userPassword, value #0 not allowed
Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 ENTRY
dn="uid=netwarrior,ou=users,dc=netwarrior,dc=com"
Oct 12 14:05:03 test-server slapd[3940]: <= send_search_entry: conn 3 exit.
Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: conn=3 op=11 p=3
Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: err=0 matched=""
text=""
Oct 12 14:05:03 test-server slapd[3940]: send_ldap_response: msgid=12
tag=101 err=0
Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 SEARCH RESULT tag=101
err=0 nentries=1 text=
Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=7
active_threads=0 tvp=zero
Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=8
active_threads=0 tvp=zero
Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=9
active_threads=0 tvp=zero
Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=10
active_threads=0 tvp=zero



Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] applying
read(=rscxd) (stop)
Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] mask: read(=rscxd)
Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access
granted by read(=rscxd)
Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access to
"uid=netwarrior,ou=Users,dc=netwarrior,dc=com" "userPassword" requested
Oct 12 14:05:03 test-server slapd[3940]: => acl_get: [1] attr userPassword
Oct 12 14:05:03 test-server slapd[3940]: access_allowed: no res from state
(userPassword)
Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: access to entry
"uid=netwarrior,ou=Users,dc=netwarrior,dc=com", attr "userPassword"
requested
Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: to value by "", (=0)
Oct 12 14:05:03 test-server slapd[3940]: <= check a_dn_pat: anonymous
Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] applying auth(=xd)
(stop)
Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] mask: auth(=xd)
Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access
denied by auth(=xd)
Oct 12 14:05:03 test-server slapd[3940]: send_search_entry: conn 3 access to
attribute userPassword, value #0 not allowed
Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 ENTRY
dn="uid=netwarrior,ou=users,dc=netwarrior,dc=com"
Oct 12 14:05:03 test-server slapd[3940]: <= send_search_entry: conn 3 exit.
Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: conn=3 op=11 p=3
Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: err=0 matched=""
text=""
Oct 12 14:05:03 test-server slapd[3940]: send_ldap_response: msgid=12
tag=101 err=0
Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 SEARCH RESULT tag=101
err=0 nentries=1 text=
Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=7
active_threads=0 tvp=zero
Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=8
active_threads=0 tvp=zero
Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=9
active_threads=0 tvp=zero
Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=10
active_threads=0 tvp=zero
This is the last line:


common-session
session required pam_limits.so
session required pam_unix2.so
session sufficient pam_ldap.so

common-auth
auth required pam_env.so
auth required pam_unix2.so
auth sufficient pam_ldap.so

common-password
password required pam_pwcheck.so nullok
password required pam_unix2.so nullok use_first_pass use_authtok
password sufficient pam_ldap.so

ssh
#%PAM-1.0
auth include common-auth
auth required pam_nologin.so
account include common-account
password include common-password
session include common-session

For example fomr the bsd machine
Permission denied (publickey,keyboard-interactive.)

And cannot log in.
Any ideas?
Thanks for your time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20061012/162745ce/attachment.htm>

More information about the Pam-list mailing list