Ciao!
How are you!
Everything was fine. I tried to downgrade my Debian from Buster
to Stretch, but it was too late, so I put back the backup via
CloneZilla.
Same exact disk 30 minutes before. Everything was working. Put
back the clone backup.
Now on my server nslcd not working, but on my clients it is
working. Same exact settings!
Even works on my server via PHP LDAP.
I tried with IP address, domain name, same error, ahhh and with git-user
is working, with my user patrikx3 is not working.
How can it be? I can even login into my Domain in Windows and on
Linux Mint, but when I try to SSH into my server and use my logins
for git via PAM with NSLCD, I get:
nslcd -d
nslcd: [a7c4c9] DEBUG: connection from pid=8756 uid=0 gid=0
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG:
nslcd_pam_authc("patrikx3","sshd","***")
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG:
myldap_search(base="DC=p3x-dc,DC=patrikx3,DC=com",
filter="(&(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))(sAMAccountName=patrikx3))")
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: ldap_result():
CN=patrikx3,CN=Users,DC=p3x-dc,DC=patrikx3,DC=com
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG:
myldap_search(base="CN=patrikx3,CN=Users,DC=p3x-dc,DC=patrikx3,DC=com",
filter="(objectClass=*)")
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG:
ldap_initialize(ldaps://patrikx3.com:636/)
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG:
ldap_set_rebind_proc()
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG:
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG:
ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG:
ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG:
ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG:
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG:
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_OFF)
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG:
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG:
ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG:
ldap_sasl_bind("CN=patrikx3,CN=Users,DC=p3x-dc,DC=patrikx3,DC=com","***")
(uri="ldaps://192.168.78.20:636/") (ppolicy=yes)
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG:
ldap_parse_result() result: Invalid credentials: 80090308: LdapErr:
DSID-0C0903A9, comment: AcceptSecurityContext error,
data 52e, v1db1
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: failed to bind
to LDAP server ldaps://192.168.78.20:636/: Invalid credentials:
80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext
error, data 52e, v1db1
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: ldap_unbind()
nslcd: [a7c4c9] <authc="patrikx3"> CN=patrikx3,CN=Users,DC=p3x-dc,DC=patrikx3,DC=com:
Invalid credentials
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG:
myldap_search(base="DC=p3x-dc,DC=patrikx3,DC=com",
filter="(&(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))(sAMAccountName=patrikx3))")
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: ldap_result():
CN=patrikx3,CN=Users,DC=p3x-dc,DC=patrikx3,DC=com
Settings:
ldap_version 3
uid nslcd
gid nslcd
uri ldaps://patrikx3.com636/
ssl on
tls_reqcert allow
base DC=p3x-dc,DC=patrikx3,DC=com
pagesize 1000
referrals off
nss_nested_groups yes
binddn cn=public,cn=Users,dc=p3x-dc,dc=patrikx3,dc=com
bindpw etc...etc...
filter passwd
(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map passwd uid sAMAccountName
map passwd homeDirectory unixHomeDirectory
map passwd gecos displayName
map passwd gidNumber uidNumber
filter shadow
(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map shadow uid sAMAccountName
map shadow shadowLastChange pwdLastSet
filter group
(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map group cn sAMAccountName
map group gidNumber uidNumber
map group memberUid sAMAccountName
tls_cacertfile /etc/ssl/certs/ca-certificates.crt
