Filter by group seens to be not working
[Date Prev][Date Next] [Thread Prev][Thread Next]Filter by group seens to be not working
- From: Otavio Campos Velho Gloria <og [at] e-trust.com.br>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Filter by group seens to be not working
- Date: Mon, 15 Dec 2014 11:17:05 -0200
|
Hi guys, I'm needing some help. I've configured a server to authenticate throuh a LDAP server, an it's working; users are able to access the server via ssh. Although we need to restric access by groups; were we create one group to each server and put on this group all user that have permission to access this server. I believe that my configuration is write, because it's consulting correctily, but when try to filter by group it's not working. On nslcd debug I saw that group filter is doing it's job, but even when it returns no result (user not on this group) the system permits the access. User og is on group logonDRAGUNOV, but not on group logonVISAO. How can I get this working? I'm using CentOS 7 ---------------------------------------------------------- Packages: nss-pam-ldapd-0.8.13-8.el7.x86_64 openldap-2.4.39-3.el7.x86_64 penldap-clients-2.4.39-3.el7.x86_64 pam-1.1.8-9.el7.x86_64 pam_pkcs11-0.6.2-17.el7.x86_64 ---------------------------------------------------------- /etc/openldap/ldap.conf: URI ldaps://ldap.intranet.e-trust.com.br BASE dc=e-trust,dc=com,dc=br TLS_CACERTDIR /etc/openldap/cacerts ---------------------------------------------------------- /etc/openldap/cacerts: -rw-r--r--. 1 nslcd ldap 4446 Dec 9 14:37 1 lrwxrwxrwx 1 root root 10 Dec 11 12:46 5a272d0c.0 -> d540ba5e.0 lrwxrwxrwx 1 root root 7 Dec 11 12:46 5a272d0c.1 -> nss.crt lrwxrwxrwx 1 root root 10 Dec 11 12:46 65fda68d.0 -> 6fbb64e7.0 lrwxrwxrwx 1 root root 6 Dec 11 12:46 65fda68d.1 -> ca.pem lrwxrwxrwx 1 root root 10 Dec 11 12:46 6ae8e84b.0 -> cacert.pem -rw-r--r--. 1 nslcd ldap 2534 Mar 23 2010 6fbb64e7.0 drwxr-xr-x. 2 nslcd ldap 4096 Dec 10 10:01 backup -rw-r--r--. 1 nslcd ldap 2455 Mar 17 2014 cacert.pem -rw-r--r--. 1 nslcd ldap 2534 Mar 23 2010 ca.pem -rw-r--r--. 1 nslcd ldap 2387 Mar 23 2010 d540ba5e.0 -rw-r--r--. 1 nslcd ldap 2387 Mar 23 2010 nss.crt -rw-r--r--. 1 nslcd ldap 1676 Mar 23 2010 nss.key ---------------------------------------------------------- nscld.conf: #=============================================================================== # RUN OPTIONS #=============================================================================== uid nslcd gid ldap #=============================================================================== # TIMING/RECONNECT OPTIONS #=============================================================================== # Tempo de conexao com o ldap # Default: bind_timelimit 10 bind_timelimit 3 # Tempo de espera pela resposta # Default: timelimit 0 (espera o resto da vida) timelimit 60 # Tempo de inatividade da conexao com o ldap para cortar # Default: Nao cortar idle_timelimit 600 # Tempo de espera para tentar reconectar reconnect_sleeptime 1 # Tempo que tenta reconectar, depois da por indisponivel reconnect_retrytime 10 #=============================================================================== # SSL/TLS OPTIONS #=============================================================================== ssl on tls_reqcert allow tls_cacertdir /etc/openldap/cacerts #=============================================================================== # GENERAL CONNECTION OPTIONS #=============================================================================== uri ldaps://ldap.intranet.e-trust.com.br/ #=============================================================================== # SEARCH/MAPPING OPTIONS #=============================================================================== base dc=e-trust,dc=com,dc=br scope group sub scope passwd sub scope hosts sub scope shadow sub base group ou=Groups,dc=e-trust,dc=com,dc=br base passwd ou=People,dc=e-trust,dc=com,dc=br base hosts ou=People,dc=e-trust,dc=com,dc=br base shadow ou=People,dc=e-trust,dc=com,dc=br filter passwd (objectClass=posixAccount) filter group (&(objectClass=posixGroup)(cn=logonVISAO)) #filter group (&(objectClass=posixGroup)(cn=logonDRAGUNOV)) map group member memberUID #=============================================================================== # OTHER OPTIONS #=============================================================================== nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdmi,nslcd ---------------------------------------------------------- /etc/pam.d/sshd: #%PAM-1.0 auth required pam_sepermit.so auth substack password-auth auth include postlogin account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open env_params session optional pam_keyinit.so force revoke session include password-auth session include postlogin ---------------------------------------------------------- /etc/pam.d/password-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 1000 quiet_success auth sufficient pam_ldap.so use_first_pass debug auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 1000 quiet account [default=bad success=ok user_unknown=ignore authinfo_unavail=ignore] pam_ldap.so account required pam_permit.so password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok debug password required pam_deny.so session optional pam_mkhomedir.so skel=/etc/skel/ umask=0022 session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so ---------------------------------------------------------- /etc/pam.d/system-auth: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 1000 quiet_success auth sufficient pam_ldap.so auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 1000 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so session optional pam_mkhomedir.so skel=/etc/skel/ umask=0022 session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so ---------------------------------------------------------- ldapsearch -x -H 'ldaps://ldap.intranet.e-trust.com.br' -b 'ou=People,dc=e-trust,dc=com,dc=br' "(uid=og)" # extended LDIF # # LDAPv3 # base <ou=People,dc=e-trust,dc=com,dc=br> with scope subtree # filter: (uid=og) # requesting: ALL # # og, People, e-trust.com.br dn: uid=og,ou=People,dc=e-trust,dc=com,dc=br objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: Otavio Campos Velho Gloria sn: og uid: og uidNumber: 61676 gidNumber: 513 homeDirectory: /home/og gecos: Otavio Campos Velho Gloria description: Otavio Campos Velho Gloria loginShell: /bin/bash # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 ----------------------------------------------------------- ldapsearch -x -H 'ldaps://ldap.intranet.e-trust.com.br' -b 'ou=Groups,dc=e-trust,dc=com,dc=br' "(cn=logonDRAGUNOV)" # extended LDIF # # LDAPv3 # base <ou=Groups,dc=e-trust,dc=com,dc=br> with scope subtree # filter: (cn=logonDRAGUNOV) # requesting: ALL # # logonDRAGUNOV, Groups, e-trust.com.br dn: cn=logonDRAGUNOV,ou=Groups,dc=e-trust,dc=com,dc=br objectClass: posixGroup objectClass: sambaGroupMapping cn: logonDRAGUNOV gidNumber: 61208 memberUid: uid=ds,ou=People,dc=e-trust,dc=com,dc=br memberUid: ds memberUid: uid=vbs,ou=People,dc=e-trust,dc=com,dc=br memberUid: vbs memberUid: uid=cp,ou=People,dc=e-trust,dc=com,dc=br memberUid: cp memberUid: uid=dtr,ou=People,dc=e-trust,dc=com,dc=br memberUid: dtr memberUid: uid=ap,ou=People,dc=e-trust,dc=com,dc=br memberUid: ap memberUid: uid=azo,ou=People,dc=e-trust,dc=com,dc=br memberUid: azo memberUid: uid=mrb,ou=People,dc=e-trust,dc=com,dc=br memberUid: mrb memberUid: uid=rb,ou=People,dc=e-trust,dc=com,dc=br memberUid: rb memberUid: uid=ws,ou=People,dc=e-trust,dc=com,dc=br memberUid: ws memberUid: uid=rlp,ou=People,dc=e-trust,dc=com,dc=br memberUid: rlp memberUid: uid=mf,ou=People,dc=e-trust,dc=com,dc=br memberUid: mf memberUid: uid=jps,ou=People,dc=e-trust,dc=com,dc=br memberUid: dk memberUid: uid=dk,ou=People,dc=e-trust,dc=com,dc=br memberUid: hrs memberUid: uid=hrs,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=cs,ou=People,dc=e-trust,dc=com,dc=br memberUid: cs memberUid: uid=sl,ou=People,dc=e-trust,dc=com,dc=br memberUid: sl memberUid: lcd memberUid: rls memberUid: wrs memberUid: uid=wrs,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=rls,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=lcd,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=og,ou=People,dc=e-trust,dc=com,dc=br # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 ---------------------------------------------------------- ldapsearch -x -H 'ldaps://ldap.intranet.e-trust.com.br' -b 'ou=Groups,dc=e-trust,dc=com,dc=br' "(cn=logonVISAO)" # extended LDIF # # LDAPv3 # base <ou=Groups,dc=e-trust,dc=com,dc=br> with scope subtree # filter: (cn=logonVISAO) # requesting: ALL # # logonVISAO, Groups, e-trust.com.br dn: cn=logonVISAO,ou=Groups,dc=e-trust,dc=com,dc=br objectClass: posixGroup objectClass: sambaGroupMapping cn: logonVISAO gidNumber: 61054 memberUid: uid=ds,ou=People,dc=e-trust,dc=com,dc=br memberUid: ds memberUid: uid=vbs,ou=People,dc=e-trust,dc=com,dc=br memberUid: vbs memberUid: uid=cp,ou=People,dc=e-trust,dc=com,dc=br memberUid: cp memberUid: uid=mc,ou=People,dc=e-trust,dc=com,dc=br memberUid: mc memberUid: uid=em,ou=People,dc=e-trust,dc=com,dc=br memberUid: em memberUid: uid=dtr,ou=People,dc=e-trust,dc=com,dc=br memberUid: dtr memberUid: uid=ap,ou=People,dc=e-trust,dc=com,dc=br memberUid: ap memberUid: uid=mm,ou=People,dc=e-trust,dc=com,dc=br memberUid: mm memberUid: uid=er,ou=People,dc=e-trust,dc=com,dc=br memberUid: er memberUid: uid=rw,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=azo,ou=People,dc=e-trust,dc=com,dc=br memberUid: azo memberUid: uid=mrb,ou=People,dc=e-trust,dc=com,dc=br memberUid: mrb memberUid: uid=cr,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=rb,ou=People,dc=e-trust,dc=com,dc=br memberUid: rb memberUid: uid=ieo,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=dso,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=dk,ou=People,dc=e-trust,dc=com,dc=br memberUid: dk memberUid: uid=pes,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=ws,ou=People,dc=e-trust,dc=com,dc=br memberUid: ws memberUid: uid=rlp,ou=People,dc=e-trust,dc=com,dc=br memberUid: rlp memberUid: uid=esa,ou=People,dc=e-trust,dc=com,dc=br memberUid: esa memberUid: uid=vc,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=jlm,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=mf,ou=People,dc=e-trust,dc=com,dc=br memberUid: mf memberUid: uid=lr,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=it,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=jr,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=dar,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=ccb,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=mcv,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=jps,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=wm,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=lg,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=cs,ou=People,dc=e-trust,dc=com,dc=br memberUid: cs memberUid: hrs memberUid: uid=hrs,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=cfs,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=vls,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=ess,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=mt,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=agm,ou=People,dc=e-trust,dc=com,dc=br memberUid: ssl memberUid: uid=ssl,ou=People,dc=e-trust,dc=com,dc=br memberUid: lda memberUid: uid=lda,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=rbv,ou=People,dc=e-trust,dc=com,dc=br memberUid: sl memberUid: uid=sl,ou=People,dc=e-trust,dc=com,dc=br memberUid: lcd memberUid: rls memberUid: wrs memberUid: uid=wrs,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=rls,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=lcd,ou=People,dc=e-trust,dc=com,dc=br memberUid: ja memberUid: uid=ja,ou=People,dc=e-trust,dc=com,dc=br memberUid: uid=dap,ou=People,dc=e-trust,dc=com,dc=br memberUid: yg memberUid: uid=yg,ou=People,dc=e-trust,dc=com,dc=br memberUid: dap # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 ---------------------------------------------------------- nslcd -d: nslcd: DEBUG: ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT,3) nslcd: DEBUG: ldap_set_option(LDAP_OPT_X_TLS_CACERTDIR,"/etc/openldap/cacerts") nslcd: DEBUG: add_uri(ldaps://ldap.intranet.e-trust.com.br/) nslcd: /etc/nslcd.conf:77: user 'ldap' does not exist nslcd: /etc/nslcd.conf:77: user 'named' does not exist nslcd: /etc/nslcd.conf:77: user 'haldaemon' does not exist nslcd: /etc/nslcd.conf:77: user 'radvd' does not exist nslcd: /etc/nslcd.conf:77: user 'tomcat' does not exist nslcd: /etc/nslcd.conf:77: user 'radiusd' does not exist nslcd: /etc/nslcd.conf:77: user 'news' does not exist nslcd: /etc/nslcd.conf:77: user 'mailman' does not exist nslcd: /etc/nslcd.conf:77: user 'gdmi' does not exist nslcd: version 0.8.13 starting nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such file or directory nslcd: DEBUG: initgroups("nslcd",55) done nslcd: DEBUG: setgid(55) done nslcd: DEBUG: setuid(65) done nslcd: accepting connections nslcd: [8b4567] DEBUG: connection from pid=4699 uid=0 gid=0 nslcd: [8b4567] <passwd="og"> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=posixAccount)(uid=og))") nslcd: [8b4567] <passwd="og"> DEBUG: ldap_initialize(ldaps://ldap.intranet.e-trust.com.br/) nslcd: [8b4567] <passwd="og"> DEBUG: ldap_set_rebind_proc() nslcd: [8b4567] <passwd="og"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) nslcd: [8b4567] <passwd="og"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0) nslcd: [8b4567] <passwd="og"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,60) nslcd: [8b4567] <passwd="og"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,60) nslcd: [8b4567] <passwd="og"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,60) nslcd: [8b4567] <passwd="og"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) nslcd: [8b4567] <passwd="og"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) nslcd: [8b4567] <passwd="og"> DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD) nslcd: [8b4567] <passwd="og"> DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://ldap.intranet.e-trust.com.br/") nslcd: [8b4567] <passwd="og"> DEBUG: set_socket_timeout(60,500000) nslcd: [8b4567] <passwd="og"> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [8b4567] <passwd="og"> (re)loading /etc/nsswitch.conf nslcd: [8b4567] <passwd="og"> DEBUG: ldap_result(): end of results (1 total) nslcd: [7b23c6] DEBUG: connection from pid=4699 uid=0 gid=0 nslcd: [7b23c6] <passwd="og"> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=posixAccount)(uid=og))") nslcd: [7b23c6] <passwd="og"> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [7b23c6] <passwd="og"> DEBUG: ldap_result(): end of results (1 total) nslcd: [3c9869] DEBUG: connection from pid=4699 uid=0 gid=0 nslcd: [3c9869] <passwd="og"> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=posixAccount)(uid=og))") nslcd: [3c9869] <passwd="og"> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [3c9869] <passwd="og"> DEBUG: ldap_result(): end of results (1 total) nslcd: [334873] DEBUG: connection from pid=4699 uid=0 gid=0 nslcd: [334873] <shadow="og"> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=shadowAccount)(uid=og))") nslcd: [334873] <shadow="og"> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [334873] <shadow="og"> DEBUG: ldap_result(): end of results (1 total) nslcd: [b0dc51] DEBUG: connection from pid=4699 uid=0 gid=0 nslcd: [b0dc51] <passwd="og"> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=posixAccount)(uid=og))") nslcd: [b0dc51] <passwd="og"> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [b0dc51] <passwd="og"> DEBUG: ldap_result(): end of results (1 total) nslcd: [495cff] DEBUG: connection from pid=4699 uid=0 gid=0 nslcd: [495cff] <authc="og"> DEBUG: nslcd_pam_authc("og","sshd","***") nslcd: [495cff] <authc="og"> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=posixAccount)(uid=og))") nslcd: [495cff] <authc="og"> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [495cff] <authc="og"> DEBUG: myldap_search(base="uid=og,ou=People,dc=e-trust,dc=com,dc=br", filter="(objectClass=*)") nslcd: [495cff] <authc="og"> DEBUG: ldap_initialize(ldaps://ldap.intranet.e-trust.com.br/) nslcd: [495cff] <authc="og"> DEBUG: ldap_set_rebind_proc() nslcd: [495cff] <authc="og"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) nslcd: [495cff] <authc="og"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0) nslcd: [495cff] <authc="og"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,60) nslcd: [495cff] <authc="og"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,60) nslcd: [495cff] <authc="og"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,60) nslcd: [495cff] <authc="og"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) nslcd: [495cff] <authc="og"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) nslcd: [495cff] <authc="og"> DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD) nslcd: [495cff] <authc="og"> DEBUG: ldap_simple_bind_s("uid=og,ou=People,dc=e-trust,dc=com,dc=br","***") (uri="ldaps://ldap.intranet.e-trust.com.br/") nslcd: [495cff] <authc="og"> DEBUG: set_socket_timeout(60,500000) nslcd: [495cff] <authc="og"> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [495cff] <authc="og"> DEBUG: set_socket_timeout(30,0) nslcd: [495cff] <authc="og"> DEBUG: ldap_unbind() nslcd: [495cff] <authc="og"> DEBUG: bind successful nslcd: [495cff] <authc="og"> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=shadowAccount)(uid=og))") nslcd: [495cff] <authc="og"> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [e8944a] DEBUG: connection from pid=4699 uid=0 gid=0 nslcd: [e8944a] <passwd="og"> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=posixAccount)(uid=og))") nslcd: [e8944a] <passwd="og"> DEBUG: ldap_initialize(ldaps://ldap.intranet.e-trust.com.br/) nslcd: [e8944a] <passwd="og"> DEBUG: ldap_set_rebind_proc() nslcd: [e8944a] <passwd="og"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) nslcd: [e8944a] <passwd="og"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0) nslcd: [e8944a] <passwd="og"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,60) nslcd: [e8944a] <passwd="og"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,60) nslcd: [e8944a] <passwd="og"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,60) nslcd: [e8944a] <passwd="og"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) nslcd: [e8944a] <passwd="og"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) nslcd: [e8944a] <passwd="og"> DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD) nslcd: [e8944a] <passwd="og"> DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://ldap.intranet.e-trust.com.br/") nslcd: [e8944a] <passwd="og"> DEBUG: set_socket_timeout(60,500000) nslcd: [e8944a] <passwd="og"> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [e8944a] <passwd="og"> DEBUG: ldap_result(): end of results (1 total) nslcd: [5558ec] DEBUG: connection from pid=4699 uid=0 gid=0 nslcd: [5558ec] <shadow="og"> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=shadowAccount)(uid=og))") nslcd: [5558ec] <shadow="og"> DEBUG: ldap_initialize(ldaps://ldap.intranet.e-trust.com.br/) nslcd: [5558ec] <shadow="og"> DEBUG: ldap_set_rebind_proc() nslcd: [5558ec] <shadow="og"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) nslcd: [5558ec] <shadow="og"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0) nslcd: [5558ec] <shadow="og"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,60) nslcd: [5558ec] <shadow="og"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,60) nslcd: [5558ec] <shadow="og"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,60) nslcd: [5558ec] <shadow="og"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) nslcd: [5558ec] <shadow="og"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) nslcd: [5558ec] <shadow="og"> DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD) nslcd: [5558ec] <shadow="og"> DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://ldap.intranet.e-trust.com.br/") nslcd: [5558ec] <shadow="og"> DEBUG: set_socket_timeout(60,500000) nslcd: [5558ec] <shadow="og"> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [5558ec] <shadow="og"> DEBUG: ldap_result(): end of results (1 total) nslcd: [8e1f29] DEBUG: connection from pid=4699 uid=0 gid=0 nslcd: [8e1f29] <passwd="og"> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=posixAccount)(uid=og))") nslcd: [8e1f29] <passwd="og"> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [8e1f29] <passwd="og"> DEBUG: ldap_result(): end of results (1 total) nslcd: [e87ccd] DEBUG: connection from pid=4699 uid=0 gid=0 nslcd: [e87ccd] <authz="og"> DEBUG: nslcd_pam_authz("og","sshd","","austin.intranet.e-trust.com.br","ssh") nslcd: [e87ccd] <authz="og"> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=posixAccount)(uid=og))") nslcd: [e87ccd] <authz="og"> DEBUG: ldap_initialize(ldaps://ldap.intranet.e-trust.com.br/) nslcd: [e87ccd] <authz="og"> DEBUG: ldap_set_rebind_proc() nslcd: [e87ccd] <authz="og"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) nslcd: [e87ccd] <authz="og"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0) nslcd: [e87ccd] <authz="og"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,60) nslcd: [e87ccd] <authz="og"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,60) nslcd: [e87ccd] <authz="og"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,60) nslcd: [e87ccd] <authz="og"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) nslcd: [e87ccd] <authz="og"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) nslcd: [e87ccd] <authz="og"> DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD) nslcd: [e87ccd] <authz="og"> DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://ldap.intranet.e-trust.com.br/") nslcd: [e87ccd] <authz="og"> DEBUG: set_socket_timeout(60,500000) nslcd: [e87ccd] <authz="og"> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [e87ccd] <authz="og"> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=shadowAccount)(uid=og))") nslcd: [e87ccd] <authz="og"> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [1b58ba] DEBUG: connection from pid=4699 uid=0 gid=0 nslcd: [1b58ba] <group/member="og"> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=posixAccount)(uid=og))") nslcd: [1b58ba] <group/member="og"> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [1b58ba] <group/member="og"> DEBUG: myldap_search(base="ou=Groups,dc=e-trust,dc=com,dc=br", filter="(&(&(objectClass=posixGroup)(cn=logonVISAO))(|(memberUid=og)(memberUID=uid=og,ou=People,dc=e-trust,dc=com,dc=br)))") nslcd: [1b58ba] <group/member="og"> DEBUG: ldap_result(): end of results (0 total) nslcd: [7ed7ab] DEBUG: connection from pid=4699 uid=0 gid=0 nslcd: [7ed7ab] <passwd="og"> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=posixAccount)(uid=og))") nslcd: [7ed7ab] <passwd="og"> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [7ed7ab] <passwd="og"> DEBUG: ldap_result(): end of results (1 total) nslcd: [b141f2] DEBUG: connection from pid=4699 uid=0 gid=0 nslcd: [b141f2] <passwd="og"> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=posixAccount)(uid=og))") nslcd: [b141f2] <passwd="og"> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [b141f2] <passwd="og"> DEBUG: ldap_result(): end of results (1 total) nslcd: [b71efb] DEBUG: connection from pid=4699 uid=0 gid=0 nslcd: [b71efb] <passwd="og"> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=posixAccount)(uid=og))") nslcd: [b71efb] <passwd="og"> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [b71efb] <passwd="og"> DEBUG: ldap_result(): end of results (1 total) nslcd: [e2a9e3] DEBUG: connection from pid=4699 uid=0 gid=0 nslcd: [e2a9e3] <passwd="og"> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=posixAccount)(uid=og))") nslcd: [e2a9e3] <passwd="og"> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [e2a9e3] <passwd="og"> DEBUG: ldap_result(): end of results (1 total) nslcd: [45e146] DEBUG: connection from pid=4699 uid=0 gid=0 nslcd: [45e146] <passwd="og"> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=posixAccount)(uid=og))") nslcd: [45e146] <passwd="og"> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [45e146] <passwd="og"> DEBUG: ldap_result(): end of results (1 total) nslcd: [5f007c] DEBUG: connection from pid=426 uid=0 gid=0 nslcd: [5f007c] <passwd=61676> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=posixAccount)(uidNumber=61676))") nslcd: [5f007c] <passwd=61676> DEBUG: ldap_initialize(ldaps://ldap.intranet.e-trust.com.br/) nslcd: [5f007c] <passwd=61676> DEBUG: ldap_set_rebind_proc() nslcd: [5f007c] <passwd=61676> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) nslcd: [5f007c] <passwd=61676> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0) nslcd: [5f007c] <passwd=61676> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,60) nslcd: [5f007c] <passwd=61676> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,60) nslcd: [5f007c] <passwd=61676> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,60) nslcd: [5f007c] <passwd=61676> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) nslcd: [5f007c] <passwd=61676> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) nslcd: [5f007c] <passwd=61676> DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD) nslcd: [5f007c] <passwd=61676> DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://ldap.intranet.e-trust.com.br/") nslcd: [5f007c] <passwd=61676> DEBUG: set_socket_timeout(60,500000) nslcd: [5f007c] <passwd=61676> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [5f007c] <passwd=61676> DEBUG: ldap_result(): end of results (1 total) nslcd: [d062c2] DEBUG: connection from pid=4699 uid=0 gid=0 nslcd: [d062c2] <sess_o="og"> DEBUG: nslcd_pam_sess_o("og","sshd","ssh","austin.intranet.e-trust.com.br","") nslcd: [200854] DEBUG: connection from pid=4699 uid=0 gid=0 nslcd: [200854] <passwd="og"> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=posixAccount)(uid=og))") nslcd: [200854] <passwd="og"> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [200854] <passwd="og"> DEBUG: ldap_result(): end of results (1 total) nslcd: [b127f8] DEBUG: connection from pid=4699 uid=0 gid=0 nslcd: [b127f8] <passwd="og"> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=posixAccount)(uid=og))") nslcd: [b127f8] <passwd="og"> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [b127f8] <passwd="og"> DEBUG: ldap_result(): end of results (1 total) nslcd: [16231b] DEBUG: connection from pid=4701 uid=0 gid=513 nslcd: [16231b] <group/member="og"> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=posixAccount)(uid=og))") nslcd: [16231b] <group/member="og"> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [16231b] <group/member="og"> DEBUG: myldap_search(base="ou=Groups,dc=e-trust,dc=com,dc=br", filter="(&(&(objectClass=posixGroup)(cn=logonVISAO))(|(memberUid=og)(memberUID=uid=og,ou=People,dc=e-trust,dc=com,dc=br)))") nslcd: [16231b] <group/member="og"> DEBUG: ldap_result(): end of results (0 total) nslcd: [16e9e8] DEBUG: connection from pid=4699 uid=0 gid=0 nslcd: [16e9e8] <passwd=61676> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=posixAccount)(uidNumber=61676))") nslcd: [16e9e8] <passwd=61676> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [16e9e8] <passwd=61676> DEBUG: ldap_result(): end of results (1 total) nslcd: [90cde7] DEBUG: connection from pid=4699 uid=0 gid=0 nslcd: [90cde7] <passwd="og"> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=posixAccount)(uid=og))") nslcd: [90cde7] <passwd="og"> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [90cde7] <passwd="og"> DEBUG: ldap_result(): end of results (1 total) nslcd: [ef438d] DEBUG: connection from pid=4702 uid=61676 gid=513 nslcd: [ef438d] <passwd=61676> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=posixAccount)(uidNumber=61676))") nslcd: [ef438d] <passwd=61676> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [ef438d] <passwd=61676> DEBUG: ldap_result(): end of results (1 total) nslcd: [0e0f76] DEBUG: connection from pid=4704 uid=61676 gid=513 nslcd: [0e0f76] <passwd=61676> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=posixAccount)(uidNumber=61676))") nslcd: [0e0f76] <passwd=61676> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [0e0f76] <passwd=61676> DEBUG: ldap_result(): end of results (1 total) nslcd: [52255a] DEBUG: connection from pid=4708 uid=61676 gid=513 nslcd: [52255a] <group=513> DEBUG: myldap_search(base="ou=Groups,dc=e-trust,dc=com,dc=br", filter="(&(&(objectClass=posixGroup)(cn=logonVISAO))(gidNumber=513))") nslcd: [52255a] <group=513> DEBUG: ldap_result(): end of results (0 total) nslcd: [9cf92e] DEBUG: connection from pid=4710 uid=61676 gid=513 nslcd: [9cf92e] <passwd=61676> DEBUG: myldap_search(base="ou=People,dc=e-trust,dc=com,dc=br", filter="(&(objectClass=posixAccount)(uidNumber=61676))") nslcd: [9cf92e] <passwd=61676> DEBUG: ldap_result(): uid=og,ou=People,dc=e-trust,dc=com,dc=br nslcd: [9cf92e] <passwd=61676> DEBUG: ldap_result(): end of results (1 total) ---------------------------------------------------------- /var/log/secure: Dec 14 08:40:10 lab2-ldapauth sshd[4699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=austin.intranet.e-trust.com.br user=og Dec 14 08:40:10 lab2-ldapauth sshd[4699]: pam_ldap(sshd:auth): nslcd authentication; user=og Dec 14 08:40:10 lab2-ldapauth sshd[4699]: pam_ldap(sshd:auth): authentication succeeded Dec 14 08:40:10 lab2-ldapauth sshd[4699]: Accepted password for og from 192.168.2.183 port 50134 ssh2 ---------------------------------------------------------- /var/log/pam_debug.log: Dec 14 08:40:10 lab2-ldapauth sshd[4699]: pam_ldap(sshd:auth): nslcd authentication; user=og Dec 14 08:40:10 lab2-ldapauth sshd[4699]: pam_ldap(sshd:auth): authentication succeeded Dec 14 08:40:10 lab2-ldapauth sshd[4699]: Accepted password for og from 192.168.2.183 port 50134 ssh2 Dec 14 08:40:10 lab2-ldapauth systemd: Created slice user-61676.slice. Dec 14 08:40:10 lab2-ldapauth systemd: Starting Session 77 of user og. Dec 14 08:40:10 lab2-ldapauth systemd-logind: New session 77 of user og. Dec 14 08:40:10 lab2-ldapauth systemd: Started Session 77 of user og. Dec 14 08:40:10 lab2-ldapauth sshd[4699]: pam_unix(sshd:session): session opened for user og by (uid=0) Dec 14 08:40:10 lab2-ldapauth sshd[4699]: pam_unix(sshd:session): session opened for user og by (uid=0) --
Esta mensagem pode conter informações confidenciais ou privilegiadas. Se você recebeu esta mensagem por engano, você não deve usar, copiar, divulgar ou tomar qualquer atitude com base nestas informações. Solicitamos que você apague a mensagem imediatamente e avise a E-TRUST, enviando um e-mail para suporte [at] e-trust.com.br. Opiniões, conclusões ou informações contidas nesta mensagem não necessariamente refletem a posição oficial da E-TRUST. Caso assinada digitalmente, a autenticidade desta mensagem pode ser confirmada pela Autoridade Certificadora Privada E-TRUST, disponível em www.e-trust.com.br. This message may contain privileged and confidential information for the use of the intended recipients only. If you are not an intended recipient then you should not disseminate, copy, or take any action based on its contents. If you have received this message in error then please notify E-TRUST by sending an e-mail message to suporte [at] e-trust.com.br immediately. Views and opinions expressed in this message do not necessarily reflect the position of E-TRUST. If this message is digitally signed, its authenticity can be confirmed by E-TRUST Private Certificate Authority, available at www.e-trust.com.br. |
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see http://lists.arthurdejong.org/nss-pam-ldapd-users/
- Filter by group seens to be not working, Otavio Campos Velho Gloria
- Re: Filter by group seens to be not working,
Dennis Leeuw
- Re: Filter by group seens to be not working, Otavio Campos Velho Gloria
- Re: Filter by group seens to be not working,
Arthur de Jong
- Re: Filter by group seens to be not working, Otavio Campos Velho Gloria
- Prev by Date: Re: rootpwmoddn seems not be working properly
- Next by Date: Re: Filter by group seens to be not working
- Previous by thread: Re: rootpwmoddn seems not be working properly
- Next by thread: Re: Filter by group seens to be not working