Getting Better + LDAP + PAM

Thu Oct 12 17:09:20 UTC 2006

I did a how to on PAM-LDAP but it's in spanish, i hope you may read it to see 
if it's helpful for you (BTW, need to register on site (free) to read 
articles)

http://portal.linuxchange.com/campus/instalacion-comun.html

Regards,

LD


Le jeudi 12 octobre 2006 11:20, Net Warrior a écrit :
> Hi guys
> Thank to the kindness of the list, I'm getting better results with this.
> Well.. this is what I've got right now.
>
> I configure NIS, so, getent passwd netwarrior returns
>
> netwarrior:x:1002:513:System User:/home/netwarrior:/bin/bash
> This is perfect, cuz netwarrior is in the LDAP database and not a local
> users, so this is an upgrade :)
>
> Now, what I'm trying to do is to connect from a windows machine, which is
> not part of the domain and from a freebsd host which is neither part of the
> domain and I'm getting this:
>
> This is not the entire log, but as I can see, it retrieving all the user
> info, gecos, pasword, login shell
>
> Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] applying
> read(=rscxd) (stop)
> Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] mask:
> read(=rscxd) Oct 12 14:05:03 test-server slapd[3940]: => access_allowed:
> read access granted by read(=rscxd)
> Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access to
> "uid=netwarrior,ou=Users,dc=netwarrior,dc=com" "userPassword" requested
> Oct 12 14:05:03 test-server slapd[3940]: => acl_get: [1] attr userPassword
> Oct 12 14:05:03 test-server slapd[3940]: access_allowed: no res from state
> (userPassword)
> Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: access to entry
> "uid=netwarrior,ou=Users,dc=netwarrior,dc=com", attr "userPassword"
> requested
> Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: to value by "", (=0)
> Oct 12 14:05:03 test-server slapd[3940]: <= check a_dn_pat: anonymous
> Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] applying
> auth(=xd) (stop)
> Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] mask: auth(=xd)
> Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access
> denied by auth(=xd)
> Oct 12 14:05:03 test-server slapd[3940]: send_search_entry: conn 3 access
> to attribute userPassword, value #0 not allowed
> Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 ENTRY
> dn="uid=netwarrior,ou=users,dc=netwarrior,dc=com"
> Oct 12 14:05:03 test-server slapd[3940]: <= send_search_entry: conn 3 exit.
> Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: conn=3 op=11 p=3
> Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: err=0 matched=""
> text=""
> Oct 12 14:05:03 test-server slapd[3940]: send_ldap_response: msgid=12
> tag=101 err=0
> Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 SEARCH RESULT tag=101
> err=0 nentries=1 text=
> Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=7
> active_threads=0 tvp=zero
> Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=8
> active_threads=0 tvp=zero
> Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=9
> active_threads=0 tvp=zero
> Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=10
> active_threads=0 tvp=zero
>
>
>
> Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] applying
> read(=rscxd) (stop)
> Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] mask:
> read(=rscxd) Oct 12 14:05:03 test-server slapd[3940]: => access_allowed:
> read access granted by read(=rscxd)
> Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access to
> "uid=netwarrior,ou=Users,dc=netwarrior,dc=com" "userPassword" requested
> Oct 12 14:05:03 test-server slapd[3940]: => acl_get: [1] attr userPassword
> Oct 12 14:05:03 test-server slapd[3940]: access_allowed: no res from state
> (userPassword)
> Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: access to entry
> "uid=netwarrior,ou=Users,dc=netwarrior,dc=com", attr "userPassword"
> requested
> Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: to value by "", (=0)
> Oct 12 14:05:03 test-server slapd[3940]: <= check a_dn_pat: anonymous
> Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] applying
> auth(=xd) (stop)
> Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] mask: auth(=xd)
> Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access
> denied by auth(=xd)
> Oct 12 14:05:03 test-server slapd[3940]: send_search_entry: conn 3 access
> to attribute userPassword, value #0 not allowed
> Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 ENTRY
> dn="uid=netwarrior,ou=users,dc=netwarrior,dc=com"
> Oct 12 14:05:03 test-server slapd[3940]: <= send_search_entry: conn 3 exit.
> Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: conn=3 op=11 p=3
> Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: err=0 matched=""
> text=""
> Oct 12 14:05:03 test-server slapd[3940]: send_ldap_response: msgid=12
> tag=101 err=0
> Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 SEARCH RESULT tag=101
> err=0 nentries=1 text=
> Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=7
> active_threads=0 tvp=zero
> Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=8
> active_threads=0 tvp=zero
> Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=9
> active_threads=0 tvp=zero
> Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=10
> active_threads=0 tvp=zero
> This is the last line:
>
>
> common-session
> session required pam_limits.so
> session required pam_unix2.so
> session sufficient pam_ldap.so
>
> common-auth
> auth required pam_env.so
> auth required pam_unix2.so
> auth sufficient pam_ldap.so
>
> common-password
> password required pam_pwcheck.so nullok
> password required pam_unix2.so nullok use_first_pass use_authtok
> password sufficient pam_ldap.so
>
> ssh
> #%PAM-1.0
> auth include common-auth
> auth required pam_nologin.so
> account include common-account
> password include common-password
> session include common-session
>
> For example fomr the bsd machine
> Permission denied (publickey,keyboard-interactive.)
>
> And cannot log in.
> Any ideas?
> Thanks for your time.