user can't log in, troubleshooting hints?

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Christopher Wood <christopher_wood [at] pobox.com>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: user can't log in, troubleshooting hints?
Date: Wed, 14 Sep 2011 14:05:08 -0400

(I've munged the username and o=co company name; the log excerpts are otherwise 
unaltered.)

My questions:

How to best troubleshoot one particular user who cannot log in?

I've changed passwords to be identical to a user who can log in (the 
userPassword attribute in the ldap directory is the same as a user who can log 
in).

I can bind with the problem user's credentials to the ldap directory using 
ldapsearch and searching that user's dn does return that user's entry.

I've tested the filter used and it does work.

I'm puzzled at why nslcd is failing to bind for one specific user when I can 
bind using ldapsearch for that user, and other users have no problem.

Here's a user that works, via nslcd -d output:

nslcd: [8b4567] DEBUG: connection from pid=7756 uid=0 gid=0
nslcd: [8b4567] DEBUG: nslcd_pam_authc("user2","","sshd","***")
nslcd: [8b4567] DEBUG: myldap_search(base="ou=people,o=co", 
filter="(&(|(member=cn=inteng,ou=groups,o=co)(member=cn=intops,ou=groups,o=co))(uid=user2))")
nslcd: [8b4567] DEBUG: ldap_initialize(ldap://10.201.166.7/)
nslcd: [8b4567] DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_simple_bind_s(NULL,NULL) 
(uri="ldap://10.201.166.7/")
nslcd: [8b4567] DEBUG: myldap_search(base="uid=user2,ou=people,o=co", 
filter="(|(member=cn=inteng,ou=groups,o=co)(member=cn=intops,ou=groups,o=co))")
nslcd: [8b4567] DEBUG: ldap_initialize(ldap://10.201.166.7/)
nslcd: [8b4567] DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_simple_bind_s("uid=user2,ou=people,o=co","***") 
(uri="ldap://10.201.166.7/")
nslcd: [8b4567] DEBUG: ldap_unbind()
nslcd: [8b4567] DEBUG: bind successful

And here's the problem user that doesn't work:

nslcd: [5558ec] DEBUG: connection from pid=7550 uid=0 gid=0
nslcd: [5558ec] DEBUG: nslcd_pam_authc("user1","","sshd","***")
nslcd: [5558ec] DEBUG: myldap_search(base="ou=people,o=co", 
filter="(&(|(member=cn=inteng,ou=groups,o=co)(member=cn=intops,ou=groups,o=co))(uid=user1))")
nslcd: [5558ec] DEBUG: myldap_search(base="uid=user1,ou=people,o=co", 
filter="(|(member=cn=inteng,ou=groups,o=co)(member=cn=intops,ou=groups,o=co))")
nslcd: [5558ec] DEBUG: ldap_initialize(ldap://10.201.166.7/)
nslcd: [5558ec] DEBUG: ldap_set_rebind_proc()
nslcd: [5558ec] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [5558ec] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [5558ec] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [5558ec] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [5558ec] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [5558ec] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [5558ec] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [5558ec] DEBUG: ldap_simple_bind_s("uid=user1,ou=people,o=co","***") 
(uri="ldap://10.201.166.7/")
nslcd: [5558ec] DEBUG: failed to bind to LDAP server ldap://10.201.166.7/: 
Invalid credentials
nslcd: [5558ec] DEBUG: ldap_unbind()
nslcd: [5558ec] lookup of user uid=user1,ou=people,o=co failed: Invalid 
credentials

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

user can't log in, troubleshooting hints?, Christopher Wood

Re: user can't log in, troubleshooting hints?, Arthur de Jong
- Re: user can't log in, troubleshooting hints?, Christopher Wood
  - Re: user can't log in, troubleshooting hints?, Christopher Wood

Prev by Date: Re: Server issue
Next by Date: Re: user can't log in, troubleshooting hints?
Previous by thread: Re: Server issue
Next by thread: Re: user can't log in, troubleshooting hints?