[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Getting Better + LDAP + PAM



I can read spanish.

Muchas gracias.
Greets from the Third World.


2006/10/12, Luis Daniel Lucio Quiroz <dlucio okay com mx>:
I did a how to on PAM-LDAP but it's in spanish, i hope you may read it to see
if it's helpful for you (BTW, need to register on site (free) to read
articles)



Regards,

LD



Le jeudi 12 octobre 2006 11:20, Net Warrior a écrit:
> Hi guys
> Thank to the kindness of the list, I'm getting better results with this.
> Well.. this is what I've got right now.
>
> I configure NIS, so, getent passwd netwarrior returns
>
> netwarrior:x:1002:513:System User:/home/netwarrior:/bin/bash
> This is perfect, cuz netwarrior is in the LDAP database and not a local
> users, so this is an upgrade :)
>
> Now, what I'm trying to do is to connect from a windows machine, which is
> not part of the domain and from a freebsd host which is neither part of the
> domain and I'm getting this:
>
> This is not the entire log, but as I can see, it retrieving all the user
> info, gecos, pasword, login shell
>
> Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] applying
> read(=rscxd) (stop)
> Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] mask:
> read(=rscxd) Oct 12 14:05:03 test-server slapd[3940]: => access_allowed:
> read access granted by read(=rscxd)
> Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access to
> "uid=netwarrior,ou=Users,dc=netwarrior,dc=com" "userPassword" requested
> Oct 12 14:05:03 test-server slapd[3940]: => acl_get: [1] attr userPassword
> Oct 12 14:05:03 test-server slapd[3940]: access_allowed: no res from state
> (userPassword)
> Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: access to entry
> "uid=netwarrior,ou=Users,dc=netwarrior,dc=com", attr "userPassword"
> requested
> Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: to value by "", (=0)
> Oct 12 14:05:03 test-server slapd[3940]: <= check a_dn_pat: anonymous
> Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] applying
> auth(=xd) (stop)
> Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] mask: auth(=xd)
> Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access
> denied by auth(=xd)
> Oct 12 14:05:03 test-server slapd[3940]: send_search_entry: conn 3 access
> to attribute userPassword, value #0 not allowed
> Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 ENTRY
> dn="uid=netwarrior,ou=users,dc=netwarrior,dc=com"
> Oct 12 14:05:03 test-server slapd[3940]: <= send_search_entry: conn 3 exit.
> Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: conn=3 op=11 p=3
> Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: err=0 matched=""
> text=""
> Oct 12 14:05:03 test-server slapd[3940]: send_ldap_response: msgid=12
> tag=101 err=0
> Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 SEARCH RESULT tag=101
> err=0 nentries=1 text=
> Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=7
> active_threads=0 tvp=zero
> Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=8
> active_threads=0 tvp=zero
> Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=9
> active_threads=0 tvp=zero
> Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=10
> active_threads=0 tvp=zero
>
>
>
> Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] applying
> read(=rscxd) (stop)
> Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] mask:
> read(=rscxd) Oct 12 14:05:03 test-server slapd[3940]: => access_allowed:
> read access granted by read(=rscxd)
> Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access to
> "uid=netwarrior,ou=Users,dc=netwarrior,dc=com" "userPassword" requested
> Oct 12 14:05:03 test-server slapd[3940]: => acl_get: [1] attr userPassword
> Oct 12 14:05:03 test-server slapd[3940]: access_allowed: no res from state
> (userPassword)
> Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: access to entry
> "uid=netwarrior,ou=Users,dc=netwarrior,dc=com", attr "userPassword"
> requested
> Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: to value by "", (=0)
> Oct 12 14:05:03 test-server slapd[3940]: <= check a_dn_pat: anonymous
> Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] applying
> auth(=xd) (stop)
> Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] mask: auth(=xd)
> Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access
> denied by auth(=xd)
> Oct 12 14:05:03 test-server slapd[3940]: send_search_entry: conn 3 access
> to attribute userPassword, value #0 not allowed
> Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 ENTRY
> dn="uid=netwarrior,ou=users,dc=netwarrior,dc=com"
> Oct 12 14:05:03 test-server slapd[3940]: <= send_search_entry: conn 3 exit.
> Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: conn=3 op=11 p=3
> Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: err=0 matched=""
> text=""
> Oct 12 14:05:03 test-server slapd[3940]: send_ldap_response: msgid=12
> tag=101 err=0
> Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 SEARCH RESULT tag=101
> err=0 nentries=1 text=
> Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=7
> active_threads=0 tvp=zero
> Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=8
> active_threads=0 tvp=zero
> Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=9
> active_threads=0 tvp=zero
> Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=10
> active_threads=0 tvp=zero
> This is the last line:
>
>
> common-session
> session required pam_limits.so
> session required pam_unix2.so
> session sufficient pam_ldap.so
>
> common-auth
> auth required pam_env.so
> auth required pam_unix2.so
> auth sufficient pam_ldap.so
>
> common-password
> password required pam_pwcheck.so nullok
> password required pam_unix2.so nullok use_first_pass use_authtok
> password sufficient pam_ldap.so
>
> ssh
> #%PAM-1.0
> auth include common-auth
> auth required pam_nologin.so
> account include common-account
> password include common-password
> session include common-session
>
> For example fomr the bsd machine
> Permission denied (publickey,keyboard-interactive.)
>
> And cannot log in.
> Any ideas?
> Thanks for your time.

_______________________________________________
Pam-list mailing list
Pam-list redhat com
https://www.redhat.com/mailman/listinfo/pam-list


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]