Failed to login using a serial connection.

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: "eRIC" <fremeneric [at] gmail.com>
To: <nss-pam-ldapd-users [at] lists.arthurdejong.org>
Subject: Failed to login using a serial connection.
Date: Wed, 11 Nov 2015 10:27:10 -0500

Hi guys,

Still have an issue with login.

I can login using a telnet session but I can not using a serial connection.

When I look at the trace from the debug everything seem ok but the serialpart just don't do the next step.

If I look at Wireshark trace, it is the same.

Here is my config files:

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         files ldap
group:          files ldap
shadow:         files ldap

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files

netgroup:       nis



# This is the configuration file for the LDAP nameservice
# switch library's nslcd daemon. It configures the mapping
# between NSS names (see /etc/nsswitch.conf) and LDAP
# information in the directory.
# See the manual page nslcd.conf(5) for more information.

# The user and group nslcd should run as.
uid root
gid root

# The uri pointing to the LDAP server to use for name lookups.
# Multiple entries may be specified. The address that is used
# here should be resolvable without using LDAP (obviously).
uri ldap://192.168.119.134/

# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3

# The distinguished name of the search base.
base ou=users,ou=ion,dc=ionharris,dc=com

# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.

binddn CN=AD LDAP Service Account,CN=Managed ServiceAccounts,DC=ionharris,DC=com


# The credentials to bind with.
# Optional: default is no credentials.

# Note that if you set a bindpw you should check the permissions of thisfile.

bindpw Nvslab!123456

# The distinguished name to perform password modifications by root by.
#rootpwmoddn cn=admin,dc=example,dc=com

# The default search scope.
scope sub
#scope one
#scope base

# Customize certain database lookups.
#base   group  ou=Groups,dc=example,dc=com
#base   passwd ou=People,dc=example,dc=com
#base   shadow ou=People,dc=example,dc=com
#scope  group  onelevel
#scope  hosts  sub

# Bind/connect timelimit.
bind_timelimit 5

# Search timelimit.
timelimit 5

# Idle timelimit. nslcd will close connections if the
# server has not been contacted for the number of seconds.
#idle_timelimit 3600

# Use StartTLS without verifying the server certificate.
#ssl on
#ssl start_tls
#tls_reqcert never

# CA certificates for server certificate verification
#tls_cacertdir /etc/ssl/certs
#tls_cacertfile /etc/ssl/ca.cert

# Seed the PRNG if /dev/urandom is not provided
#tls_randfile /var/run/egd-pool

# SSL cipher suite
# See man ciphers for syntax
#tls_ciphers TLSv1

# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key


pagesize 1000
referrals off
idle_timelimit 3600

filter passwd (objectClass=user)
map    passwd uid              cn
map    passwd gidNumber        primaryGroupID
map    passwd gecos            name
map    passwd homeDirectory    "home"
map    passwd loginShell    "/bin/bash"


/etc/pam.d   cat login
#%PAM-1.0
auth       required     /lib/security/pam_nologin.so
auth       sufficient   /lib/security/pam_unix.so
auth       sufficient   /lib/security/pam_ldap.so use_first_pass
auth       required     /lib/security/pam_deny.so
account    required     /lib/security/pam_unix.so

account required /lib/security/pam_ldap.so ignore_authinfo_unavailignore_unknown_user

password   required     /lib/security/pam_unix.so shadow sha512
session    required     /lib/security/pam_unix.so


/etc/pam.d   cat sshd
#%PAM-1.0
auth       required     /lib/security/pam_nologin.so
auth       sufficient   /lib/security/pam_unix.so
auth       sufficient   /lib/security/pam_ldap.so use_first_pass
auth       required     /lib/security/pam_deny.so
account    required     /lib/security/pam_unix.so

account required /lib/security/pam_ldap.so ignore_authinfo_unavailignore_unknown_user

password   required     /lib/security/pam_unix.so shadow sha512
session    required     /lib/security/pam_unix.so

Here is my trace, from what I can see is the telnet uses "sshd" file for theauthentication and the "login" for the serial.


Serial login:

nslcd: [b0dc51] DEBUG: connection from pid=742 uid=0 gid=0

nslcd: [b0dc51] <passwd="sleduc"> DEBUG:myldap_search(base="ou=users,ou=ion,dc=ionharris,dc=com",filter="(&(objectClass=user)(cn=sleduc))")nslcd: [b0dc51] <passwd="sleduc"> DEBUG: ldap_result():CN=sleduc,OU=Users,OU=ION,DC=ionharris,DC=comnslcd: [b0dc51] <passwd="sleduc"> DEBUG: ldap_result(): end of results (1total)

nslcd: [495cff] DEBUG: connection from pid=742 uid=0 gid=0

nslcd: [495cff] <authc="sleduc"> DEBUG:nslcd_pam_authc("sleduc","login","***")nslcd: [495cff] <authc="sleduc"> DEBUG:myldap_search(base="ou=users,ou=ion,dc=ionharris,dc=com",filter="(&(objectClass=user)(cn=sleduc))")nslcd: [495cff] <authc="sleduc"> DEBUG: ldap_result():CN=sleduc,OU=Users,OU=ION,DC=ionharris,DC=comnslcd: [495cff] <authc="sleduc"> DEBUG:myldap_search(base="CN=sleduc,OU=Users,OU=ION,DC=ionharris,DC=com",filter="(objectClass=*)")nslcd: [495cff] <authc="sleduc"> DEBUG:ldap_initialize(ldap://192.168.119.134/)

nslcd: [495cff] <authc="sleduc"> DEBUG: ldap_set_rebind_proc()

nslcd: [495cff] <authc="sleduc"> DEBUG:ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)

nslcd: [495cff] <authc="sleduc"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)

nslcd: [495cff] <authc="sleduc"> DEBUG:ldap_set_option(LDAP_OPT_TIMELIMIT,5)

nslcd: [495cff] <authc="sleduc"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,5)

nslcd: [495cff] <authc="sleduc"> DEBUG:ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,5)nslcd: [495cff] <authc="sleduc"> DEBUG:ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_OFF)nslcd: [495cff] <authc="sleduc"> DEBUG:ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)nslcd: [495cff] <authc="sleduc"> DEBUG:ldap_sasl_bind("CN=sleduc,OU=Users,OU=ION,DC=ionharris,DC=com","***")(uri="ldap://192.168.119.134/";)

nslcd: [495cff] <authc="sleduc"> DEBUG: set_socket_timeout(5,500000)

nslcd: [495cff] <authc="sleduc"> DEBUG: ldap_result():CN=sleduc,OU=Users,OU=ION,DC=ionharris,DC=com

nslcd: [495cff] <authc="sleduc"> DEBUG: set_socket_timeout(2,0)
nslcd: [495cff] <authc="sleduc"> DEBUG: ldap_unbind()
nslcd: [495cff] <authc="sleduc"> DEBUG: bind successful

nslcd: [495cff] <authc="sleduc"> DEBUG:myldap_search(base="ou=users,ou=ion,dc=ionharris,dc=com",filter="(&(objectClass=shadowAccount)(uid=sleduc))")nslcd: [495cff] <authc="sleduc"> DEBUG: ldap_result(): end of results (0total)

nslcd: [e8944a] DEBUG: connection from pid=742 uid=0 gid=0

nslcd: [e8944a] <passwd="sleduc"> DEBUG:myldap_search(base="ou=users,ou=ion,dc=ionharris,dc=com",filter="(&(objectClass=user)(cn=sleduc))")nslcd: [e8944a] <passwd="sleduc"> DEBUG:ldap_initialize(ldap://192.168.119.134/)

nslcd: [e8944a] <passwd="sleduc"> DEBUG: ldap_set_rebind_proc()

nslcd: [e8944a] <passwd="sleduc"> DEBUG:ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)

nslcd: [e8944a] <passwd="sleduc"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)

nslcd: [e8944a] <passwd="sleduc"> DEBUG:ldap_set_option(LDAP_OPT_TIMELIMIT,5)

nslcd: [e8944a] <passwd="sleduc"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,5)

nslcd: [e8944a] <passwd="sleduc"> DEBUG:ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,5)nslcd: [e8944a] <passwd="sleduc"> DEBUG:ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_OFF)nslcd: [e8944a] <passwd="sleduc"> DEBUG:ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)nslcd: [e8944a] <passwd="sleduc"> DEBUG: ldap_simple_bind_s("CN=AD LDAPService Account,CN=Managed Service Accounts,DC=ionharris,DC=com","***")(uri="ldap://192.168.119.134/";)

nslcd: [e8944a] <passwd="sleduc"> DEBUG: set_socket_timeout(5,500000)

nslcd: [e8944a] <passwd="sleduc"> DEBUG: ldap_result():CN=sleduc,OU=Users,OU=ION,DC=ionharris,DC=comnslcd: [e8944a] <passwd="sleduc"> DEBUG: ldap_result(): end of results (1total)

nslcd: [5558ec] DEBUG: connection from pid=742 uid=0 gid=0

nslcd: [5558ec] <authz="sleduc"> DEBUG:nslcd_pam_authz("sleduc","login","","","ttyO1")nslcd: [5558ec] <authz="sleduc"> DEBUG:myldap_search(base="ou=users,ou=ion,dc=ionharris,dc=com",filter="(&(objectClass=user)(cn=sleduc))")nslcd: [5558ec] <authz="sleduc"> DEBUG: ldap_result():CN=sleduc,OU=Users,OU=ION,DC=ionharris,DC=comnslcd: [5558ec] <authz="sleduc"> DEBUG:myldap_search(base="ou=users,ou=ion,dc=ionharris,dc=com",filter="(&(objectClass=shadowAccount)(uid=sleduc))")nslcd: [5558ec] <authz="sleduc"> DEBUG: ldap_result(): end of results (0total)




Telnet login:

nslcd: [8e1f29] DEBUG: connection from pid=847 uid=0 gid=0

nslcd: [8e1f29] <passwd="sleduc"> DEBUG:myldap_search(base="ou=users,ou=ion,dc=ionharris,dc=com",filter="(&(objectClass=user)(cn=sleduc))")nslcd: [8e1f29] <passwd="sleduc"> DEBUG: ldap_result():CN=sleduc,OU=Users,OU=ION,DC=ionharris,DC=comnslcd: [8e1f29] <passwd="sleduc"> DEBUG: ldap_result(): end of results (1total)

nslcd: [e87ccd] DEBUG: connection from pid=853 uid=0 gid=0

nslcd: [e87ccd] <passwd="sleduc"> DEBUG:myldap_search(base="ou=users,ou=ion,dc=ionharris,dc=com",filter="(&(objectClass=user)(cn=sleduc))")nslcd: [e87ccd] <passwd="sleduc"> DEBUG: ldap_result():CN=sleduc,OU=Users,OU=ION,DC=ionharris,DC=comnslcd: [e87ccd] <passwd="sleduc"> DEBUG: ldap_result(): end of results (1total)

nslcd: [1b58ba] DEBUG: connection from pid=853 uid=0 gid=0

nslcd: [1b58ba] <authc="sleduc"> DEBUG:nslcd_pam_authc("sleduc","sshd","***")nslcd: [1b58ba] <authc="sleduc"> DEBUG:myldap_search(base="ou=users,ou=ion,dc=ionharris,dc=com",filter="(&(objectClass=user)(cn=sleduc))")nslcd: [1b58ba] <authc="sleduc"> DEBUG: ldap_result():CN=sleduc,OU=Users,OU=ION,DC=ionharris,DC=comnslcd: [1b58ba] <authc="sleduc"> DEBUG:myldap_search(base="CN=sleduc,OU=Users,OU=ION,DC=ionharris,DC=com",filter="(objectClass=*)")nslcd: [1b58ba] <authc="sleduc"> DEBUG:ldap_initialize(ldap://192.168.119.134/)

nslcd: [1b58ba] <authc="sleduc"> DEBUG: ldap_set_rebind_proc()

nslcd: [1b58ba] <authc="sleduc"> DEBUG:ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)

nslcd: [1b58ba] <authc="sleduc"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)

nslcd: [1b58ba] <authc="sleduc"> DEBUG:ldap_set_option(LDAP_OPT_TIMELIMIT,5)

nslcd: [1b58ba] <authc="sleduc"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,5)

nslcd: [1b58ba] <authc="sleduc"> DEBUG:ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,5)nslcd: [1b58ba] <authc="sleduc"> DEBUG:ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_OFF)nslcd: [1b58ba] <authc="sleduc"> DEBUG:ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)nslcd: [1b58ba] <authc="sleduc"> DEBUG:ldap_sasl_bind("CN=sleduc,OU=Users,OU=ION,DC=ionharris,DC=com","***")(uri="ldap://192.168.119.134/";)

nslcd: [1b58ba] <authc="sleduc"> DEBUG: set_socket_timeout(5,500000)

nslcd: [1b58ba] <authc="sleduc"> DEBUG: ldap_result():CN=sleduc,OU=Users,OU=ION,DC=ionharris,DC=com

nslcd: [1b58ba] <authc="sleduc"> DEBUG: set_socket_timeout(2,0)
nslcd: [1b58ba] <authc="sleduc"> DEBUG: ldap_unbind()
nslcd: [1b58ba] <authc="sleduc"> DEBUG: bind successful

nslcd: [1b58ba] <authc="sleduc"> DEBUG:myldap_search(base="ou=users,ou=ion,dc=ionharris,dc=com",filter="(&(objectClass=shadowAccount)(uid=sleduc))")nslcd: [1b58ba] <authc="sleduc"> DEBUG: ldap_result(): end of results (0total)

nslcd: [7ed7ab] DEBUG: connection from pid=853 uid=0 gid=0

nslcd: [7ed7ab] <passwd="sleduc"> DEBUG:myldap_search(base="ou=users,ou=ion,dc=ionharris,dc=com",filter="(&(objectClass=user)(cn=sleduc))")nslcd: [7ed7ab] <passwd="sleduc"> DEBUG: ldap_result():CN=sleduc,OU=Users,OU=ION,DC=ionharris,DC=comnslcd: [7ed7ab] <passwd="sleduc"> DEBUG: ldap_result(): end of results (1total)

nslcd: [b141f2] DEBUG: connection from pid=853 uid=0 gid=0

nslcd: [b141f2] <authz="sleduc"> DEBUG:nslcd_pam_authz("sleduc","sshd","","198.105.24.253","ssh")nslcd: [b141f2] <authz="sleduc"> DEBUG:myldap_search(base="ou=users,ou=ion,dc=ionharris,dc=com",filter="(&(objectClass=user)(cn=sleduc))")nslcd: [b141f2] <authz="sleduc"> DEBUG: ldap_result():CN=sleduc,OU=Users,OU=ION,DC=ionharris,DC=comnslcd: [b141f2] <authz="sleduc"> DEBUG:myldap_search(base="ou=users,ou=ion,dc=ionharris,dc=com",filter="(&(objectClass=shadowAccount)(uid=sleduc))")nslcd: [b141f2] <authz="sleduc"> DEBUG: ldap_result(): end of results (0total)

nslcd: [b71efb] DEBUG: connection from pid=861 uid=0 gid=513

nslcd: [b71efb] <group/member="sleduc"> DEBUG:myldap_search(base="ou=users,ou=ion,dc=ionharris,dc=com",filter="(&(objectClass=user)(cn=sleduc))")nslcd: [b71efb] <group/member="sleduc"> DEBUG: ldap_result():CN=sleduc,OU=Users,OU=ION,DC=ionharris,DC=comnslcd: [b71efb] <group/member="sleduc"> DEBUG:myldap_search(base="ou=users,ou=ion,dc=ionharris,dc=com",filter="(&(objectClass=posixGroup)(|(memberUid=sleduc)(member=CN=sleduc,OU=Users,OU=ION,DC=ionharris,DC=com)))")nslcd: [b71efb] <group/member="sleduc"> DEBUG: ldap_result(): end of results(0 total)

nslcd: [e2a9e3] DEBUG: connection from pid=847 uid=0 gid=0

nslcd: [e2a9e3] <passwd=1000> DEBUG:myldap_search(base="ou=users,ou=ion,dc=ionharris,dc=com",filter="(&(objectClass=user)(uidNumber=1000))")nslcd: [e2a9e3] <passwd=1000> DEBUG: ldap_result():CN=sleduc,OU=Users,OU=ION,DC=ionharris,DC=com

nslcd: [e2a9e3] <passwd=1000> DEBUG: ldap_result(): end of results (1 total)
nslcd: [45e146] DEBUG: connection from pid=847 uid=0 gid=0

nslcd: [45e146] <passwd="sleduc"> DEBUG:myldap_search(base="ou=users,ou=ion,dc=ionharris,dc=com",filter="(&(objectClass=user)(cn=sleduc))")nslcd: [45e146] <passwd="sleduc"> DEBUG: ldap_result():CN=sleduc,OU=Users,OU=ION,DC=ionharris,DC=comnslcd: [45e146] <passwd="sleduc"> DEBUG: ldap_result(): end of results (1total)

nslcd: [5f007c] DEBUG: connection from pid=862 uid=1000 gid=513

nslcd: [5f007c] <passwd=1000> DEBUG:myldap_search(base="ou=users,ou=ion,dc=ionharris,dc=com",filter="(&(objectClass=user)(uidNumber=1000))")nslcd: [5f007c] <passwd=1000> DEBUG: ldap_result():CN=sleduc,OU=Users,OU=ION,DC=ionharris,DC=com

nslcd: [5f007c] <passwd=1000> DEBUG: ldap_result(): end of results (1 total)

One question I also have is about the filter, there is always that defaultfilter <filter="(&(objectClass=shadowAccount)(uid=sleduc))")>, is there away to remove it ?

Our LDAP server doesn't have those defined.


Thanks for your help, greatly appreciated.

Eric


--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

Failed to login using a serial connection., eRIC

Re: Failed to login using a serial connection., Berend De Schouwer
- Re: Failed to login using a serial connection., Eric
  - Re: Failed to login using a serial connection., Berend De Schouwer
    - Re: Failed to login using a serial connection., Eric

Prev by Date: Re: [PATCH] allow tls_randfile to be a file or a character device
Next by Date: Re: Failed to login using a serial connection.
Previous by thread: Re: getent gid does not return group name
Next by thread: Re: Failed to login using a serial connection.