Getting Better + LDAP + PAM

Net Warrior netwarrior863 at gmail.com
Thu Oct 12 18:41:36 UTC 2006


I can read spanish.

Muchas gracias.
Greets from the Third World.


2006/10/12, Luis Daniel Lucio Quiroz <dlucio at okay.com.mx>:
>
> I did a how to on PAM-LDAP but it's in spanish, i hope you may read it to
> see
> if it's helpful for you (BTW, need to register on site (free) to read
> articles)
>
>
>
> Regards,
>
> LD
>
>
>
> Le jeudi 12 octobre 2006 11:20, Net Warrior a écrit:
> > Hi guys
> > Thank to the kindness of the list, I'm getting better results with this.
> > Well.. this is what I've got right now.
> >
> > I configure NIS, so, getent passwd netwarrior returns
> >
> > netwarrior:x:1002:513:System User:/home/netwarrior:/bin/bash
> > This is perfect, cuz netwarrior is in the LDAP database and not a local
> > users, so this is an upgrade :)
> >
> > Now, what I'm trying to do is to connect from a windows machine, which
> is
> > not part of the domain and from a freebsd host which is neither part of
> the
> > domain and I'm getting this:
> >
> > This is not the entire log, but as I can see, it retrieving all the user
> > info, gecos, pasword, login shell
> >
> > Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] applying
> > read(=rscxd) (stop)
> > Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] mask:
> > read(=rscxd) Oct 12 14:05:03 test-server slapd[3940]: => access_allowed:
> > read access granted by read(=rscxd)
> > Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access
> to
> > "uid=netwarrior,ou=Users,dc=netwarrior,dc=com" "userPassword" requested
> > Oct 12 14:05:03 test-server slapd[3940]: => acl_get: [1] attr
> userPassword
> > Oct 12 14:05:03 test-server slapd[3940]: access_allowed: no res from
> state
> > (userPassword)
> > Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: access to entry
> > "uid=netwarrior,ou=Users,dc=netwarrior,dc=com", attr "userPassword"
> > requested
> > Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: to value by "",
> (=0)
> > Oct 12 14:05:03 test-server slapd[3940]: <= check a_dn_pat: anonymous
> > Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] applying
> > auth(=xd) (stop)
> > Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] mask:
> auth(=xd)
> > Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access
> > denied by auth(=xd)
> > Oct 12 14:05:03 test-server slapd[3940]: send_search_entry: conn 3
> access
> > to attribute userPassword, value #0 not allowed
> > Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 ENTRY
> > dn="uid=netwarrior,ou=users,dc=netwarrior,dc=com"
> > Oct 12 14:05:03 test-server slapd[3940]: <= send_search_entry: conn 3
> exit.
> > Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: conn=3 op=11
> p=3
> > Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: err=0
> matched=""
> > text=""
> > Oct 12 14:05:03 test-server slapd[3940]: send_ldap_response: msgid=12
> > tag=101 err=0
> > Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 SEARCH RESULT
> tag=101
> > err=0 nentries=1 text=
> > Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=7
> > active_threads=0 tvp=zero
> > Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=8
> > active_threads=0 tvp=zero
> > Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=9
> > active_threads=0 tvp=zero
> > Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=10
> > active_threads=0 tvp=zero
> >
> >
> >
> > Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] applying
> > read(=rscxd) (stop)
> > Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [4] mask:
> > read(=rscxd) Oct 12 14:05:03 test-server slapd[3940]: => access_allowed:
> > read access granted by read(=rscxd)
> > Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access
> to
> > "uid=netwarrior,ou=Users,dc=netwarrior,dc=com" "userPassword" requested
> > Oct 12 14:05:03 test-server slapd[3940]: => acl_get: [1] attr
> userPassword
> > Oct 12 14:05:03 test-server slapd[3940]: access_allowed: no res from
> state
> > (userPassword)
> > Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: access to entry
> > "uid=netwarrior,ou=Users,dc=netwarrior,dc=com", attr "userPassword"
> > requested
> > Oct 12 14:05:03 test-server slapd[3940]: => acl_mask: to value by "",
> (=0)
> > Oct 12 14:05:03 test-server slapd[3940]: <= check a_dn_pat: anonymous
> > Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] applying
> > auth(=xd) (stop)
> > Oct 12 14:05:03 test-server slapd[3940]: <= acl_mask: [1] mask:
> auth(=xd)
> > Oct 12 14:05:03 test-server slapd[3940]: => access_allowed: read access
> > denied by auth(=xd)
> > Oct 12 14:05:03 test-server slapd[3940]: send_search_entry: conn 3
> access
> > to attribute userPassword, value #0 not allowed
> > Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 ENTRY
> > dn="uid=netwarrior,ou=users,dc=netwarrior,dc=com"
> > Oct 12 14:05:03 test-server slapd[3940]: <= send_search_entry: conn 3
> exit.
> > Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: conn=3 op=11
> p=3
> > Oct 12 14:05:03 test-server slapd[3940]: send_ldap_result: err=0
> matched=""
> > text=""
> > Oct 12 14:05:03 test-server slapd[3940]: send_ldap_response: msgid=12
> > tag=101 err=0
> > Oct 12 14:05:03 test-server slapd[3940]: conn=3 op=11 SEARCH RESULT
> tag=101
> > err=0 nentries=1 text=
> > Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=7
> > active_threads=0 tvp=zero
> > Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=8
> > active_threads=0 tvp=zero
> > Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=9
> > active_threads=0 tvp=zero
> > Oct 12 14:05:29 test-server slapd[3940]: daemon: select: listen=10
> > active_threads=0 tvp=zero
> > This is the last line:
> >
> >
> > common-session
> > session required pam_limits.so
> > session required pam_unix2.so
> > session sufficient pam_ldap.so
> >
> > common-auth
> > auth required pam_env.so
> > auth required pam_unix2.so
> > auth sufficient pam_ldap.so
> >
> > common-password
> > password required pam_pwcheck.so nullok
> > password required pam_unix2.so nullok use_first_pass use_authtok
> > password sufficient pam_ldap.so
> >
> > ssh
> > #%PAM-1.0
> > auth include common-auth
> > auth required pam_nologin.so
> > account include common-account
> > password include common-password
> > session include common-session
> >
> > For example fomr the bsd machine
> > Permission denied (publickey,keyboard-interactive.)
> >
> > And cannot log in.
> > Any ideas?
> > Thanks for your time.
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20061012/4d148c6a/attachment.htm>


More information about the Pam-list mailing list