lists.arthurdejong.org
RSS feed

Re: User Authentication with nslcd 0.8.13

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: User Authentication with nslcd 0.8.13



Replies inline..

While you could add ldap to protocols in /etc/nsswitch.conf (it is
supported) there is almost never a good reason for it. Also, you should
generally put ldap after files.

Same is true for hosts (unless you have host name information in LDAP).
For LDAP authentication it is sufficient to add ldap to passwd, shadow
and group lines in /etc/nsswitch.conf.

I edited my nsswitch.conf file according to ur suggestions, but I'm still unable to log in.
 
This is my /etc/nsswitch.conf now:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#ident $Id: nsswitch.ldap,v 2.4 2003/10/02 02:36:25 lukeh Exp $
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses LDAP conjunction with files.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.

# the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
passwd: files ldap
group: files ldap
shadow: files ldap

# consult DNS first, we will need it to resolve the LDAP host. (If we
# can't resolve it, we're in infinite recursion, because libldap calls
# gethostbyname(). Careful!)
hosts: dns

# LDAP is nominally authoritative for the following maps.
services:   files
networks:   files
protocols:  files
rpc:        files
ethers:     files

# no support for netmasks, bootparams, publickey yet.
netmasks:   files
bootparams: files
publickey:  files
automount:  files

# I'm pretty sure nsswitch.conf is consulted directly by sendmail,
# here, so we can't do much here. Instead, use bbense's LDAP
# rules ofr sendmail.
aliases:    files
sendmailvars:   files

# Note: there is no support for netgroups on Solaris (yet)
netgroup:   files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This is the terminal output message when I try to SSH in to the LDAP client:
priya@ubuntu:home$ ssh priyas [at] 192.168.11.9
priyas [at] 192.168.11.9's password: 
Permission denied, please try again.
priyas [at] 192.168.11.9's password: 
Permission denied, please try again.
priyas [at] 192.168.11.9's password: 
Permission denied (publickey,password,keyboard-interactive).
priya@ubuntu:home$
priya@ubuntu:home$

This is the nslcd debug info:
------------------------------------------------------------------------
$ arm-linux-nslcd -d
nslcd: DEBUG: add_uri(ldap://192.168.21.5)
nslcd: version 0.8.13 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such file or directory
nslcd: DEBUG: initgroups("admin",1002) done
nslcd: DEBUG: setgid(1002) done
nslcd: DEBUG: setuid(1002) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=25787 uid=0 gid=0
nslcd: [8b4567] <passwd="priyas"> DEBUG: myldap_search(base="dc=priya,dc=com", filter="(&(objectClass=posixAccount)(uid=priyas))")
nslcd: [8b4567] <passwd="priyas"> DEBUG: ldap_initialize(ldap://192.168.21.5)
nslcd: [8b4567] <passwd="priyas"> DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] <passwd="priyas"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] <passwd="priyas"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] <passwd="priyas"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] <passwd="priyas"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [8b4567] <passwd="priyas"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [8b4567] <passwd="priyas"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] <passwd="priyas"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] <passwd="priyas"> DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://192.168.21.5")
nslcd: [8b4567] <passwd="priyas"> DEBUG: ldap_result(): uid=priyas,ou=people,dc=priya,dc=com
nslcd: [8b4567] <passwd="priyas"> (re)loading /etc/nsswitch.conf
nslcd: [8b4567] <passwd="priyas"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [7b23c6] DEBUG: connection from pid=25787 uid=0 gid=0
nslcd: [7b23c6] <shadow="priyas"> DEBUG: myldap_search(base="dc=priya,dc=com", filter="(&(objectClass=shadowAccount)(uid=priyas))")
nslcd: [7b23c6] <shadow="priyas"> DEBUG: ldap_initialize(ldap://192.168.21.5)
nslcd: [7b23c6] <shadow="priyas"> DEBUG: ldap_set_rebind_proc()
nslcd: [7b23c6] <shadow="priyas"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [7b23c6] <shadow="priyas"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [7b23c6] <shadow="priyas"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [7b23c6] <shadow="priyas"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [7b23c6] <shadow="priyas"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [7b23c6] <shadow="priyas"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [7b23c6] <shadow="priyas"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [7b23c6] <shadow="priyas"> DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://192.168.21.5")
nslcd: [7b23c6] <shadow="priyas"> DEBUG: ldap_result(): uid=priyas,ou=people,dc=priya,dc=com
nslcd: [7b23c6] <shadow="priyas"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [3c9869] DEBUG: connection from pid=25787 uid=0 gid=0
nslcd: [3c9869] <shadow="priyas"> DEBUG: myldap_search(base="dc=priya,dc=com", filter="(&(objectClass=shadowAccount)(uid=priyas))")
nslcd: [3c9869] <shadow="priyas"> DEBUG: ldap_initialize(ldap://192.168.21.5)
nslcd: [3c9869] <shadow="priyas"> DEBUG: ldap_set_rebind_proc()
nslcd: [3c9869] <shadow="priyas"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [3c9869] <shadow="priyas"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [3c9869] <shadow="priyas"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [3c9869] <shadow="priyas"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [3c9869] <shadow="priyas"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [3c9869] <shadow="priyas"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [3c9869] <shadow="priyas"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [3c9869] <shadow="priyas"> DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://192.168.21.5")
nslcd: [3c9869] <shadow="priyas"> DEBUG: ldap_result(): uid=priyas,ou=people,dc=priya,dc=com
nslcd: [3c9869] <shadow="priyas"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [334873] DEBUG: connection from pid=25787 uid=0 gid=0
nslcd: [334873] <shadow="priyas"> DEBUG: myldap_search(base="dc=priya,dc=com", filter="(&(objectClass=shadowAccount)(uid=priyas))")
nslcd: [334873] <shadow="priyas"> DEBUG: ldap_initialize(ldap://192.168.21.5)
nslcd: [334873] <shadow="priyas"> DEBUG: ldap_set_rebind_proc()
nslcd: [334873] <shadow="priyas"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [334873] <shadow="priyas"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [334873] <shadow="priyas"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [334873] <shadow="priyas"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [334873] <shadow="priyas"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [334873] <shadow="priyas"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [334873] <shadow="priyas"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [334873] <shadow="priyas"> DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://192.168.21.5")
nslcd: [334873] <shadow="priyas"> DEBUG: ldap_result(): uid=priyas,ou=people,dc=priya,dc=com
nslcd: [334873] <shadow="priyas"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [b0dc51] DEBUG: connection from pid=25787 uid=0 gid=0
nslcd: [b0dc51] <shadow="priyas"> DEBUG: myldap_search(base="dc=priya,dc=com", filter="(&(objectClass=shadowAccount)(uid=priyas))")
nslcd: [b0dc51] <shadow="priyas"> DEBUG: ldap_result(): uid=priyas,ou=people,dc=priya,dc=com
nslcd: [b0dc51] <shadow="priyas"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [495cff] DEBUG: connection from pid=25787 uid=0 gid=0
nslcd: [495cff] <shadow="priyas"> DEBUG: myldap_search(base="dc=priya,dc=com", filter="(&(objectClass=shadowAccount)(uid=priyas))")
nslcd: [495cff] <shadow="priyas"> DEBUG: ldap_result(): uid=priyas,ou=people,dc=priya,dc=com
nslcd: [495cff] <shadow="priyas"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [e8944a] DEBUG: connection from pid=25787 uid=0 gid=0
nslcd: [e8944a] <shadow="priyas"> DEBUG: myldap_search(base="dc=priya,dc=com", filter="(&(objectClass=shadowAccount)(uid=priyas))")
nslcd: [e8944a] <shadow="priyas"> DEBUG: ldap_result(): uid=priyas,ou=people,dc=priya,dc=com
nslcd: [e8944a] <shadow="priyas"> DEBUG: ldap_result(): end of results (1 total)
nslcd: caught signal SIGINT (2), shutting down
nslcd: DEBUG: ldap_unbind()
nslcd: DEBUG: ldap_unbind()
nslcd: DEBUG: ldap_unbind()
nslcd: DEBUG: ldap_unbind()
nslcd: version 0.8.13 bailing out
------------------------------------------------------------------------
I'm ok with exposing the hashes for now, since I first want to make sure LDAP user authentication works. 

Do you know why login would be failing now?

Thanks,
Priya
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/