RSS feed

Fw: LDAP password is "INCORRECT"

[Date Prev][Date Next] [Thread Prev][Thread Next]

Fw: LDAP password is "INCORRECT"

On Monday, May 18, 2015 7:12 PM, "" <> wrote:

Hi Arthur,

On Sat, May 16, 2015 at 12:55:33PM +0200, Arthur de Jong wrote:
> On Fri, 2015-05-15 at 17:11 -0500, rdkehn [at] wrote:
> > I'm attempting to add LDAP authentication (against Windows Active
> > Directory) to an embedded Linux system.  I'm learning as I go so I'm
> > sure I have a lot wrong.  In Wireshark I noticed that the bind
> > password was "INCORRECT" instead of the entered password.  I haven't
> > figured out what's wrong so I thought I'd ask is generating the
> > password?
> This was interesting to track down :). Apparently sshd sets a password
> of "\b\n\r\177INCORRECT" in some cases (judging by the source at least
> when PermitRootLogin does not allow the login but also when
> sshpam_authctxt is not valid).
> I suggest running sshd in debug mode to see what goes wrong. Judging by
> the debug log of nslcd you sent, that part seems to be working OK.

Thanks for the response.

sshd calls getpwnam() to determine if the user is allowed.  When
getpwnam() was call I noted that nslcd output:

nslcd: [8b4567] <passwd="dougtest"> CN=dougtest,OU=ServicesAccounts,OU=UserIDs,DC=domain,DC=com: uidNumber: missing

This resulted in getpwnam() returning NULL which, eventually, led to

The Windows active directory domain controller was not returning
uidNumber. Updated the domain controller to return uidNumber (I
mapped uidNumber to gidNumber in nslcd.conf) and now authentication

Thanks again for the help!


To unsubscribe send an email to or see