Re: Passwords on FreeBSD

[Date Prev][Date Next] [Thread Prev][Thread Next]
From: Gerrit Kühn <gerrit.kuehn [at] aei.mpg.de>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: Passwords on FreeBSD
Date: Wed, 25 May 2016 12:33:25 +0200
On Wed, 25 May 2016 12:15:11 +0200 (CEST) Arthur de Jong
<arthur@arthurdejong.org> wrote about Re: Passwords on FreeBSD:

ADJ> This means that the LDAP authentication step failed. You can run
ADJ> nslcd in debug mode for more details but one relatively common thing

With debug it says

---
nslcd: DEBUG: add_uri(ldap://<ip>/)
nslcd: version 0.8.14 starting
nslcd: DEBUG: initgroups("nslcd",928) done
nslcd: DEBUG: setgid(928) done
nslcd: DEBUG: setuid(928) done
nslcd: accepting connections
nslcd: [00834d] DEBUG: connection from pid=-1 uid=0 gid=0
nslcd: [00834d] <passwd="gekueh"> DEBUG: 
myldap_search(base="dc=aei,dc=mpg,dc=de", 
filter="(&(objectClass=posixAccount)(uid=gekueh))")
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [00834d] <passwd="gekueh"> DEBUG: ldap_initialize(ldap://<ip>/)
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [00834d] <passwd="gekueh"> DEBUG: ldap_set_rebind_proc()
nslcd: [00834d] <passwd="gekueh"> DEBUG: 
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [00834d] <passwd="gekueh"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [00834d] <passwd="gekueh"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [00834d] <passwd="gekueh"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [00834d] <passwd="gekueh"> DEBUG: 
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [00834d] <passwd="gekueh"> DEBUG: 
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [00834d] <passwd="gekueh"> DEBUG: 
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [00834d] <passwd="gekueh"> DEBUG: ldap_simple_bind_s(NULL,NULL) 
(uri="ldap://<ip>/")
nslcd: [00834d] <passwd="gekueh"> DEBUG: ldap_result(): 
uid=gekueh,cn=users,dc=aei,dc=mpg,dc=de
nslcd: [00834d] <passwd="gekueh"> DEBUG: ldap_result(): end of results (1 total)
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [ac75e1] DEBUG: connection from pid=-1 uid=0 gid=0
nslcd: [ac75e1] <passwd="gekueh"> DEBUG: 
myldap_search(base="dc=aei,dc=mpg,dc=de", 
filter="(&(objectClass=posixAccount)(uid=gekueh))")
nslcd: [ac75e1] <passwd="gekueh"> DEBUG: ldap_initialize(ldap://<ip>/)
nslcd: [ac75e1] <passwd="gekueh"> DEBUG: ldap_set_rebind_proc()
nslcd: [ac75e1] <passwd="gekueh"> DEBUG: 
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [ac75e1] <passwd="gekueh"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [ac75e1] <passwd="gekueh"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [ac75e1] <passwd="gekueh"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [ac75e1] <passwd="gekueh"> DEBUG: 
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [ac75e1] <passwd="gekueh"> DEBUG: 
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [ac75e1] <passwd="gekueh"> DEBUG: 
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [ac75e1] <passwd="gekueh"> DEBUG: ldap_simple_bind_s(NULL,NULL) 
(uri="ldap://<ip>/")
nslcd: [ac75e1] <passwd="gekueh"> DEBUG: ldap_result(): 
uid=gekueh,cn=users,dc=aei,dc=mpg,dc=de
nslcd: [ac75e1] <passwd="gekueh"> DEBUG: ldap_result(): end of results (1 total)
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [6f59b2] DEBUG: connection from pid=-1 uid=0 gid=0
nslcd: [6f59b2] <passwd="gekueh"> DEBUG: 
myldap_search(base="dc=aei,dc=mpg,dc=de", 
filter="(&(objectClass=posixAccount)(uid=gekueh))")
nslcd: [6f59b2] <passwd="gekueh"> DEBUG: ldap_initialize(ldap://<ip>/)
nslcd: [6f59b2] <passwd="gekueh"> DEBUG: ldap_set_rebind_proc()
nslcd: [6f59b2] <passwd="gekueh"> DEBUG: 
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [6f59b2] <passwd="gekueh"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [6f59b2] <passwd="gekueh"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [6f59b2] <passwd="gekueh"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [6f59b2] <passwd="gekueh"> DEBUG: 
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [6f59b2] <passwd="gekueh"> DEBUG: 
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [6f59b2] <passwd="gekueh"> DEBUG: 
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [6f59b2] <passwd="gekueh"> DEBUG: ldap_simple_bind_s(NULL,NULL) 
(uri="ldap://<ip>/")
nslcd: [6f59b2] <passwd="gekueh"> DEBUG: ldap_result(): 
uid=gekueh,cn=users,dc=aei,dc=mpg,dc=de
nslcd: [6f59b2] <passwd="gekueh"> DEBUG: ldap_result(): end of results (1 total)
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [6a1853] DEBUG: connection from pid=-1 uid=0 gid=0
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [6a1853] <authc="gekueh"> DEBUG: nslcd_pam_authc("gekueh","sshd","***")
nslcd: [6a1853] <authc="gekueh"> DEBUG: 
myldap_search(base="dc=aei,dc=mpg,dc=de", 
filter="(&(objectClass=posixAccount)(uid=gekueh))")
nslcd: [6a1853] <authc="gekueh"> DEBUG: ldap_result(): 
uid=gekueh,cn=users,dc=aei,dc=mpg,dc=de
nslcd: [6a1853] <authc="gekueh"> DEBUG: 
myldap_search(base="uid=gekueh,cn=users,dc=aei,dc=mpg,dc=de", 
filter="(objectClass=*)")
nslcd: [6a1853] <authc="gekueh"> DEBUG: ldap_initialize(ldap://<ip>/)
nslcd: [6a1853] <authc="gekueh"> DEBUG: ldap_set_rebind_proc()
nslcd: [6a1853] <authc="gekueh"> DEBUG: 
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [6a1853] <authc="gekueh"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [6a1853] <authc="gekueh"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [6a1853] <authc="gekueh"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [6a1853] <authc="gekueh"> DEBUG: 
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [6a1853] <authc="gekueh"> DEBUG: 
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [6a1853] <authc="gekueh"> DEBUG: 
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [6a1853] <authc="gekueh"> DEBUG: 
ldap_simple_bind_s("uid=gekueh,cn=users,dc=aei,dc=mpg,dc=de","***") 
(uri="ldap://<ip>/")
nslcd: [6a1853] <authc="gekueh"> DEBUG: failed to bind to LDAP server 
ldap://<ip>/: Invalid credentials
nslcd: [6a1853] <authc="gekueh"> DEBUG: ldap_unbind()
nslcd: [6a1853] <authc="gekueh"> uid=gekueh,cn=users,dc=aei,dc=mpg,dc=de: 
lookup failed: Invalid credentials
nslcd: [6a1853] <authc="gekueh"> DEBUG: 
myldap_search(base="dc=aei,dc=mpg,dc=de", 
filter="(&(objectClass=shadowAccount)(uid=gekueh))")
nslcd: [6a1853] <authc="gekueh"> DEBUG: ldap_result(): 
uid=gekueh,cn=users,dc=aei,dc=mpg,dc=de
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [636f04] DEBUG: connection from pid=-1 uid=0 gid=0
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [636f04] <passwd="gekueh"> DEBUG: 
myldap_search(base="dc=aei,dc=mpg,dc=de", 
filter="(&(objectClass=posixAccount)(uid=gekueh))")
nslcd: [636f04] <passwd="gekueh"> DEBUG: ldap_initialize(ldap://<ip>/)
nslcd: [636f04] <passwd="gekueh"> DEBUG: ldap_set_rebind_proc()
nslcd: [636f04] <passwd="gekueh"> DEBUG: 
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [636f04] <passwd="gekueh"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [636f04] <passwd="gekueh"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [636f04] <passwd="gekueh"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [636f04] <passwd="gekueh"> DEBUG: 
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [636f04] <passwd="gekueh"> DEBUG: 
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [636f04] <passwd="gekueh"> DEBUG: 
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [636f04] <passwd="gekueh"> DEBUG: ldap_simple_bind_s(NULL,NULL) 
(uri="ldap://<ip>/")
nslcd: [636f04] <passwd="gekueh"> DEBUG: ldap_result(): 
uid=gekueh,cn=users,dc=aei,dc=mpg,dc=de
nslcd: [636f04] <passwd="gekueh"> DEBUG: ldap_result(): end of results (1 total)
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [0db58f] DEBUG: connection from pid=-1 uid=0 gid=0
nslcd: [0db58f] <passwd="gekueh"> DEBUG: 
myldap_search(base="dc=aei,dc=mpg,dc=de", 
filter="(&(objectClass=posixAccount)(uid=gekueh))")
nslcd: [0db58f] <passwd="gekueh"> DEBUG: ldap_result(): 
uid=gekueh,cn=users,dc=aei,dc=mpg,dc=de
nslcd: [0db58f] <passwd="gekueh"> DEBUG: ldap_result(): end of results (1 total)
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [0b1daf] DEBUG: connection from pid=-1 uid=0 gid=0
nslcd: [0b1daf] <passwd="gekueh"> DEBUG: 
myldap_search(base="dc=aei,dc=mpg,dc=de", 
filter="(&(objectClass=posixAccount)(uid=gekueh))")
nslcd: [0b1daf] <passwd="gekueh"> DEBUG: ldap_result(): 
uid=gekueh,cn=users,dc=aei,dc=mpg,dc=de
nslcd: [0b1daf] <passwd="gekueh"> DEBUG: ldap_result(): end of results (1 total)
---


ADJ> is that after an LDAP BIND operation (where the password is checked)
ADJ> nslcd performs a search operation to check if the BIND operation
ADJ> actually succeeded. There are (were) some LDAP servers that in some
ADJ> cases don't give an error on BIND.

The server is Linux (SLES with openldap presumeably, I'll have to check for the 
exact version).


cu
  Gerrit
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
Passwords on FreeBSD, Gerrit Kühn
- Re: Passwords on FreeBSD, Arthur de Jong
  - Re: Passwords on FreeBSD, Gerrit Kühn
  - Message not available
    - Re: Passwords on FreeBSD, Gerrit Kühn
Prev by Date: Re: Passwords on FreeBSD
Next by Date: Re: Passwords on FreeBSD
Previous by thread: Re: Passwords on FreeBSD
Next by thread: Re: Passwords on FreeBSD