Password problem

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Olivier Hoarau <olivier.hoarau [at] funix.org>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Password problem
Date: Fri, 25 Oct 2013 15:35:36 +0200

Hello all !

First, excuse my bad english. I use an user LDAP authentification for mypersonal network, I have a problem with one of my PC since I haveinstalled on it Mageia 3.It seems that /etc/ldap.conf (or /etc/openldap/ldap.conf) is no longerused, /etc/nslcd.conf is used instead.Here is my ldap.conf which works on the others PC (which don't use nslcdbut the old packages pam_ldap and nss_ldap)


host 192.168.0.9
base ou=People,dc=kervao,dc=fr
binddn cn=Manager,dc=kervao,dc=fr
bindpw mot-de-passe
pam_filter objectclass=account
pam_login_attribute uid
pam_password crypt
nss_base_passwd ou=People,dc=kervao,dc=fr?one
nss_base_shadow ou=People,dc=kervao,dc=fr?one
nss_base_group ou=Group,dc=kervao,dc=fr?one

and the new /etc/nslcd.conf

uid nslcd
gid nslcd
uri ldap://192.168.0.9/
base dc=kervao,dc=fr
binddn cn=Manager,dc=kervao,dc=fr
bindpw mot-de-passe
base  group  ou=Group,dc=kervao,dc=fr
base  passwd ou=People,dc=kervao,dc=fr
base  shadow ou=People,dc=kervao,dc=fr

/etc/nsswitch.conf

passwd:         files ldap
shadow:         files ldap
group:          files ldap

/etc/pam.d/system-auth (works on others PC)

#%PAM-1.0

auth        required      pam_env.so
auth        sufficient    pam_tcb.so shadow nullok prefix=$2a$ count=8
auth        required      pam_deny.so
auth        sufficient    pam_ldap.so

account     sufficient    pam_tcb.so shadow
account     required      pam_deny.so
account     sufficient    pam_ldap.so

password required pam_cracklib.so try_first_pass retry=3minlen=4 dcredit=0 ucredit=0password sufficient pam_tcb.so use_authtok shadow write_to=shadownullok prefix=$2a$ count=8

password    required      pam_deny.so
password    sufficient    pam_ldap.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so

session [success=1 default=ignore] pam_succeed_if.so service incrond quiet use_uid

session     required      pam_tcb.so
session     sufficient    pam_ldap.so

when I try a su I get

su lena
Mot de passe :
su: Échec d'authentification

nslcd -d gives

nslcd: [b0dc51] <shadow="lena"> DEBUG:myldap_search(base="ou=People,dc=kervao,dc=fr", filter="(&(objectClass

=shadowAccount)(uid=lena))")
nslcd: [b0dc51] <shadow="lena"> DEBUG: ldap_initialize(ldap://192.168.0.9/)
nslcd: [b0dc51] <shadow="lena"> DEBUG: ldap_set_rebind_proc()

nslcd: [b0dc51] <shadow="lena"> DEBUG:ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)

nslcd: [b0dc51] <shadow="lena"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [b0dc51] <shadow="lena"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [b0dc51] <shadow="lena"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)

nslcd: [b0dc51] <shadow="lena"> DEBUG:ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)nslcd: [b0dc51] <shadow="lena"> DEBUG:ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)nslcd: [b0dc51] <shadow="lena"> DEBUG:ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)nslcd: [b0dc51] <shadow="lena"> DEBUG:ldap_simple_bind_s("cn=Manager,dc=kervao,dc=fr","***") (uri="ldap://19

2.168.0.9/")

nslcd: [b0dc51] <shadow="lena"> DEBUG: ldap_result():uid=lena,ou=People,dc=kervao,dc=frnslcd: [b0dc51] <shadow="lena"> DEBUG: ldap_result(): end of results (1total)

nslcd: [495cff] DEBUG: connection from pid=2264 uid=0 gid=5000
nslcd: [495cff] <authc="lena"> DEBUG: nslcd_pam_authc("lena","su","***")

nslcd: [495cff] <authc="lena"> DEBUG:myldap_search(base="ou=People,dc=kervao,dc=fr", filter="(&(objectClass=

posixAccount)(uid=lena))")

nslcd: [495cff] <authc="lena"> DEBUG: ldap_result():uid=lena,ou=People,dc=kervao,dc=frnslcd: [495cff] <authc="lena"> DEBUG:myldap_search(base="uid=lena,ou=People,dc=kervao,dc=fr", filter="(objec

tClass=*)")
nslcd: [495cff] <authc="lena"> DEBUG: ldap_initialize(ldap://192.168.0.9/)
nslcd: [495cff] <authc="lena"> DEBUG: ldap_set_rebind_proc()

nslcd: [495cff] <authc="lena"> DEBUG:ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)

nslcd: [495cff] <authc="lena"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [495cff] <authc="lena"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [495cff] <authc="lena"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)

nslcd: [495cff] <authc="lena"> DEBUG:ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)nslcd: [495cff] <authc="lena"> DEBUG:ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)nslcd: [495cff] <authc="lena"> DEBUG:ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)nslcd: [495cff] <authc="lena"> DEBUG:ldap_simple_bind_s("uid=lena,ou=People,dc=kervao,dc=fr","***") (uri="ld

ap://192.168.0.9/")

nslcd: [495cff] <authc="lena"> DEBUG: failed to bind to LDAP serverldap://192.168.0.9/: Invalid credentials

nslcd: [495cff] <authc="lena"> DEBUG: ldap_unbind()

nslcd: [495cff] <authc="lena"> uid=lena,ou=People,dc=kervao,dc=fr:lookup failed: Invalid credentialsnslcd: [495cff] <authc="lena"> DEBUG:myldap_search(base="ou=People,dc=kervao,dc=fr", filter="(&(objectClass=

shadowAccount)(uid=lena))")

nslcd: [495cff] <authc="lena"> DEBUG: ldap_result():uid=lena,ou=People,dc=kervao,dc=fr


and journalctl -f

Oct 25 15:24:23 fakarava.kervao.fr su[2264]: pam_tcb(su:auth):Authentication failed for len...01)

Oct 25 15:24:23 fakarava.kervao.fr su[2264]: [55B blob data]

Oct 25 15:24:24 fakarava.kervao.fr su[2264]: FAILED SU (to lena) olivieron /dev/pts/6


I use nss-pam-ldapd-0.8.12

Any idea to solve my problem ?

Olivier
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

Password problem, Olivier Hoarau

Re: Password problem, Arthur de Jong
- Re: Password problem, Olivier Hoarau
  - Re: Password problem, Arthur de Jong
    - Re: Password problem, Olivier Hoarau

Prev by Date: Re: Revisiting Map limit to map base option
Next by Date: Re: Password problem
Previous by thread: Re: Revisiting Map limit to map base option
Next by thread: Re: Password problem