Not getting shadow password with nslcd 0.8.10

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Harald Hannelius <harald [at] iki.fi>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Not getting shadow password with nslcd 0.8.10
Date: Thu, 5 Dec 2013 19:46:41 +0200 (EET)

I have several Debian 6.0 computers configured using nslcd 0.7.15 that are ableto authenticate users in LDAP.

I now have a Debian 7.2 with nslcd 0.8.10 that I've tried to get toauthenticate and I can't for my life figure out what's wrong.

'getent passwd' works, if logging on using ssh-keys everything is ok. 'getentshadow' only returns a star instead of the password-hash. Thus I am unable toauthenticate using a password.

I am able to get the userPassword attribute from the LDAP-server usingldapsearch, with or without authenticating to the LDAP-directory (OpenLDAP).


This is the start of 'nslcd -dd' output from a working computer;

nslcd: version 0.7.15 starting

nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such fileor directory

nslcd: DEBUG: setgroups(0,NULL) done
nslcd: DEBUG: setgid(117) done
nslcd: DEBUG: setuid(110) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=4533 uid=0 gid=0
nslcd: [8b4567] DEBUG: nslcd_shadow_byname(harald)

And the same section from a non-working computer;

nslcd: DEBUG: ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT,3)
nslcd: version 0.8.10 starting

nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such fileor directory

nslcd: DEBUG: setgroups(0,NULL) done
nslcd: DEBUG: setgid(108) done
nslcd: DEBUG: setuid(105) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=8986 uid=0 gid=0
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable

nslcd: [8b4567] <shadow="harald"> DEBUG: myldap_search(base="dc=eeeeee,dc=dd",filter="(&(objectClass=shadowAccount)(uid=harald))")

Is there something I could check regarding the 'Resource temporarilyunavailable'? I have tried running nslcd as root as well, to no avail.


Another difference is that the working computer generates this;

ldap_build_search_req ATTRS: shadowFlag shadowMin shadowMax userPasswordshadowWarning shadowInactive uid shadowExpire shadowLastChange


But the non-working one doesn't even seem to request userPassword from LDAP;

ldap_build_search_req ATTRS: shadowExpire shadowInactive shadowFlagshadowWarning shadowLastChange uid shadowMin shadowMax



Please help

--
A: Top Posters!                                      |  s/y Charlotta |
Q: What is the most annoying thing on mailing lists? |    FIN-2674    |
  http://www.fe83.org/ Finn Express Purjehtijat ry   |  ============= |
Harald H Hannelius | harald (At) iki (dot) fi | GSM +358 50 594 1020
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

Not getting shadow password with nslcd 0.8.10, Harald Hannelius

Re: Not getting shadow password with nslcd 0.8.10, Arthur de Jong
- Re: Not getting shadow password with nslcd 0.8.10, Harald Hannelius
  - Re: Not getting shadow password with nslcd 0.8.10, Arthur de Jong

Prev by Date: Re: Password problem
Next by Date: Re: Not getting shadow password with nslcd 0.8.10
Previous by thread: Re: Simple question what does NSLCD stand for?
Next by thread: Re: Not getting shadow password with nslcd 0.8.10