Cant set up authentication through AD

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Oleg Makarov <oamakarov [at] platbox.com>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Cant set up authentication through AD
Date: Mon, 13 Oct 2014 16:42:33 +0400

I'm setting up an auth on ,y debian server through AD.
Here is my conf:
# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.

# The user and group nslcd should run as.
uid nslcd
gid nslcd

# The location at which the LDAP server(s) should be reachable.
uri ldap://192.168.93.95

# The search base that will be used for all queries.
base cn=Users,dc=test,dc=local

# The LDAP protocol version to use.
ldap_version 3

# The DN to bind with for normal lookups.
binddn share [at] test.local
bindpw Zxcvb123

# The DN used for password modifications by root.
# Leave this blank unless you want to allow password changes from your debian systems
# If so, you will need to place the password in /etc/ldap.secret - be sure it is only readable by root
#rootpwmoddn cn=admin,dc=example,dc=com

# The search scope.
scope sub

# Mappings for Active Directory
# This is the important bit; these fields match up with the fields added by Directory Services for UNIX
pagesize 1000
referrals off
filter passwd (objectClass=user)
map    passwd uid              sAMAccountName
map    passwd homeDirectory    unixHomeDirectory
map    passwd gecos            displayName
# If you wish to override the shell given by LDAP, uncomment the next line
#map    passwd loginShell       "/bin/bash"
filter shadow (objectClass=user)
map    shadow uid              sAMAccountName
#map    shadow shadowLastChange pwdLastSet
#filter group (&(objectClass=group)(gidNumber=*))
#map    group gid              member

# SSL options
#ssl off
#tls_reqcert never

and when i try to connect i'm getting an error:
nslcd: [8b4567] <host=x> DEBUG: ldap_initialize(ldap://192.168.93.95)
nslcd: [8b4567] <host=x> DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] <host=x> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] <host=x> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] <host=x> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] <host=x> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [8b4567] <host=x> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [8b4567] <host=x> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_OFF)
nslcd: [8b4567] <host=x> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] <host=x> DEBUG: ldap_simple_bind_s(share [at] test.local,"***") (uri="ldap://192.168.93.95")
nslcd: [8b4567] <host=10.0.20.39> DEBUG: ldap_result(): end of results (0 total)
nslcd: [7b23c6] DEBUG: connection from pid=7030 uid=0 gid=0
nslcd: [7b23c6] <passwd="testing"> DEBUG: myldap_search(base="cn=Users,dc=test,dc=local", filter="(&(objectClass=user)(sAMAccountName=testing))")
nslcd: [7b23c6] <passwd="testing"> DEBUG: ldap_result(): CN=testing,CN=Users,DC=test,DC=local
nslcd: [7b23c6] <passwd="testing"> CN=testing,CN=Users,DC=test,DC=local: uidNumber: missing
nslcd: [7b23c6] <passwd="testing"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [3c9869] DEBUG: connection from pid=7030 uid=0 gid=0
nslcd: [3c9869] <passwd="testing"> DEBUG: myldap_search(base="cn=Users,dc=test,dc=local", filter="(&(objectClass=user)(sAMAccountName=testing))")
nslcd: [3c9869] <passwd="testing"> DEBUG: ldap_result(): CN=testing,CN=Users,DC=test,DC=local
nslcd: [3c9869] <passwd="testing"> CN=testing,CN=Users,DC=test,DC=local: uidNumber: missing
nslcd: [3c9869] <passwd="testing"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [334873] DEBUG: connection from pid=7030 uid=0 gid=0
nslcd: [334873] <passwd="testing"> DEBUG: myldap_search(base="cn=Users,dc=test,dc=local", filter="(&(objectClass=user)(sAMAccountName=testing))")
nslcd: [334873] <passwd="testing"> DEBUG: ldap_result(): CN=testing,CN=Users,DC=test,DC=local
nslcd: [334873] <passwd="testing"> CN=testing,CN=Users,DC=test,DC=local: uidNumber: missing
nslcd: [334873] <passwd="testing"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [b0dc51] DEBUG: connection from pid=7030 uid=0 gid=0
nslcd: [b0dc51] <authc="testing"> DEBUG: nslcd_pam_authc("testing","sshd","***")
nslcd: [b0dc51] <authc="testing"> DEBUG: myldap_search(base="cn=Users,dc=test,dc=local", filter="(&(objectClass=user)(sAMAccountName=testing))")
nslcd: [b0dc51] <authc="testing"> DEBUG: ldap_result(): CN=testing,CN=Users,DC=test,DC=local
nslcd: [b0dc51] <authc="testing"> DEBUG: myldap_search(base="CN=testing,CN=Users,DC=test,DC=local", filter="(objectClass=*)")
nslcd: [b0dc51] <authc="testing"> DEBUG: ldap_initialize(ldap://192.168.93.95)
nslcd: [b0dc51] <authc="testing"> DEBUG: ldap_set_rebind_proc()
nslcd: [b0dc51] <authc="testing"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [b0dc51] <authc="testing"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [b0dc51] <authc="testing"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [b0dc51] <authc="testing"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [b0dc51] <authc="testing"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [b0dc51] <authc="testing"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_OFF)
nslcd: [b0dc51] <authc="testing"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [b0dc51] <authc="testing"> DEBUG: ldap_simple_bind_s("CN=testing,CN=Users,DC=test,DC=local","***") (uri="ldap://192.168.93.95")
nslcd: [b0dc51] <authc="testing"> DEBUG: failed to bind to LDAP server ldap://192.168.93.95: Invalid credentials: 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580
nslcd: [b0dc51] <authc="testing"> DEBUG: ldap_unbind()
nslcd: [b0dc51] <authc="testing"> CN=testing,CN=Users,DC=test,DC=local: lookup failed: Invalid credentials
nslcd: [b0dc51] <authc="testing"> DEBUG: myldap_search(base="cn=Users,dc=test,dc=local", filter="(&(objectClass=user)(sAMAccountName=testing))")
nslcd: [b0dc51] <authc="testing"> DEBUG: ldap_result(): CN=testing,CN=Users,DC=test,DC=local

But ldapsearch works!
ldapsearch -d8 -H ldap://192.168.93.95/ -W -LLL -o ldif-wrap=no -D 'share [at] test.local' -b 'cn=users,dc=test,dc=local' '(sAMAccountName=testing)'
Enter LDAP Password:
dn: CN=testing,CN=Users,DC=test,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: testing
sn: testing
givenName: testing
distinguishedName: CN=testing,CN=Users,DC=test,DC=local
instanceType: 4
whenCreated: 20141008032715.0Z
whenChanged: 20141013082937.0Z
displayName: testing
uSNCreated: 13228
uSNChanged: 16410
name: testing
objectGUID:: PXk6KMmHMUqJtRpzmBpzrA==
userAccountControl: 66048
badPwdCount: 11
codePage: 0
countryCode: 0
badPasswordTime: 130576631894679906
lastLogoff: 0
lastLogon: 130576477027030627
pwdLastSet: 130576625770292889
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAA+E0BMRbz9hXKyocmUAQAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: testing
sAMAccountType: 805306368
userPrincipalName: testing [at] test.local
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=test,DC=local
dSCorePropagationData: 20141013041248.0Z
dSCorePropagationData: 20141008033722.0Z
dSCorePropagationData: 16010101000416.0Z
lastLogonTimestamp: 130576462809815230

PLEASE HELP!

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

Cant set up authentication through AD, Oleg Makarov

Re: Cant set up authentication through AD, Berend De Schouwer
- Re: Cant set up authentication through AD, Oleg Makarov
  - Re: Cant set up authentication through AD, Berend De Schouwer
    - Re: Cant set up authentication through AD, Oleg Makarov

Prev by Date: Re: Query about authinfo_unavail and user_unknown behaviour
Next by Date: Re: Cant set up authentication through AD
Previous by thread: error ldap_simple_bind_s for user authentication
Next by thread: Re: Cant set up authentication through AD