Re: nslcd login issue

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Patrik <alabard [at] gmail.com>
To: Michael Ströder <michael [at] stroeder.com>
Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: nslcd login issue
Date: Sun, 5 Feb 2017 23:01:50 +0100

To me this sound like you should test your NSS map(s) first (getent passwd and friends)
> before testing login as a user via PAM.

Mike,

thanks for helping in this need! How should I test the NSS map?

For now if I have a local user (DIFFERENT PASSWORD IN LDAP!) as well it works using with the LDAP PASS, actual the right LDAP password!!

So something works.

But if I delete the local user, it does not work and the bind also it is a different auth!

Why is this?

with local user exists and ldap works with nslcd - ldap_simple_bind_s

with no local user and ldap not works with nscld - ldap_sasl_bind

Why is it different why isnt the same bind? I have not changed anything!

P L E A S E H E L P !

Patrik

GTalk:
alabard [at] gmail.com

Web:

http://www.patrikx3.tk

Mobile:

+36 20 342 8046

On Sun, Feb 5, 2017 at 10:33 PM, Michael Ströder <michael [at] stroeder.com> wrote:

Patrik Laszlo wrote:
> Also, if there is a local user with the same user, it works, if I delete the local
> user, it does not work.

To me this sound like you should test your NSS map(s) first (getent passwd and friends)
before testing login as a user via PAM.

Ciao, Michael.

> On 02/05/2017 07:52 PM, Patrik Laszlo wrote:
>>
>> *Hello!*
>>
>> *Could you help me a simple problem? (Debian Testing repo)**
>> *
>>
>> *I can login via LDAP, but I get the log like this via nslcd:*
>>
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: ldap_start_tls_s()
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG:
>> *ldap_sasl_bind("uid=patrikx3,ou=users,dc=patrikx3,dc=tk","***") (uri="ldapi:///")
>> (ppolicy=yes)*
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: *ldap_parse_result() result: Invalid credentials*
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: failed to bind to LDAP server ldapi:///:
>> Invalid credentials
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: ldap_unbind()
>> nslcd: [7b23c6] <authc="patrikx3"> uid=patrikx3,ou=users,dc=patrikx3,dc=tk: Invalid
>> credentials
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG:
>> myldap_search(base="ou=users,dc=patrikx3,dc=tk",
>> filter="(&(objectClass=shadowAccount)(uid=patrikx3))")
>> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: ldap_result():
>> uid=patrikx3,ou=users,dc=patrikx3,dc=tk
>>
>> *In LDAP START TLS it works via ldap search.Also I can see it finds the user!*
>>
>> *The settings /etc/nslcd.cong:*
>>
>> uid nslcd
>> gid nslcd
>> uri ldapi:///
>> #also
>> #uri ldap://patrikx3.tk????!StartTLS
>> base ou=users,dc=patrikx3,dc=tk
>> ssl start_tls
>> tls_reqcert never
>> tls_cacertfile /etc/ssl/certs/ca-certificates.crt
>>
>> *Could you help me?*
>>
>> Patrik

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/

nslcd login issue, Patrik Laszlo
- Re: nslcd login issue, Patrik Laszlo
  - Re: nslcd login issue, Patrik Laszlo
  - Re: nslcd login issue, Michael Ströder
    - Re: nslcd login issue, Patrik
- Re: nslcd login issue, Arthur de Jong
  - Re: nslcd login issue, Patrik
    - Re: nslcd login issue, Michael Ströder

Prev by Date: Re: nslcd login issue
Next by Date: Re: nslcd login issue
Previous by thread: Re: nslcd login issue
Next by thread: Re: nslcd login issue