lists.arthurdejong.org
RSS feed

Re: Weird error

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Weird error



Hi!

How are you!

Never mind, I found it, some weird permission I had to chown patrikx3:patrikx3 /home/patrikx3, so weird it was 10000, already good, but now it works. Thanks! Ciao!


On 07/16/2017 05:45 AM, Patrik Laszlo wrote:

Ciao!

How are you!

Everything was fine. I tried to downgrade my Debian from Buster to Stretch, but it was too late, so I put back the backup via CloneZilla.

Same exact disk 30 minutes before. Everything was working. Put back the clone backup.

Now on my server nslcd not working, but on my clients it is working. Same exact settings!

Even works on my server via PHP LDAP.

I tried with IP address, domain name, same error, ahhh and with git-user is working, with my user patrikx3 is not working.

How can it be? I can even login into my Domain in Windows and on Linux Mint, but when I try to SSH into my server and use my logins for git via PAM with NSLCD, I get:

nslcd -d

nslcd: [a7c4c9] DEBUG: connection from pid=8756 uid=0 gid=0
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: nslcd_pam_authc("patrikx3","sshd","***")
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: myldap_search(base="DC=p3x-dc,DC=patrikx3,DC=com", filter="(&(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))(sAMAccountName=patrikx3))")
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: ldap_result(): CN=patrikx3,CN=Users,DC=p3x-dc,DC=patrikx3,DC=com
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: myldap_search(base="CN=patrikx3,CN=Users,DC=p3x-dc,DC=patrikx3,DC=com", filter="(objectClass=*)")
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: ldap_initialize(ldaps://patrikx3.com:636/)
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: ldap_set_rebind_proc()
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_OFF)
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: ldap_sasl_bind("CN=patrikx3,CN=Users,DC=p3x-dc,DC=patrikx3,DC=com","***") (uri="ldaps://192.168.78.20:636/") (ppolicy=yes)
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: ldap_parse_result() result: Invalid credentials: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: failed to bind to LDAP server ldaps://192.168.78.20:636/: Invalid credentials: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: ldap_unbind()
nslcd: [a7c4c9] <authc="patrikx3"> CN=patrikx3,CN=Users,DC=p3x-dc,DC=patrikx3,DC=com: Invalid credentials
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: myldap_search(base="DC=p3x-dc,DC=patrikx3,DC=com", filter="(&(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))(sAMAccountName=patrikx3))")
nslcd: [a7c4c9] <authc="patrikx3"> DEBUG: ldap_result(): CN=patrikx3,CN=Users,DC=p3x-dc,DC=patrikx3,DC=com

Settings:

ldap_version 3
uid nslcd
gid nslcd
uri ldaps://patrikx3.com636/
ssl             on
tls_reqcert allow
base DC=p3x-dc,DC=patrikx3,DC=com
pagesize        1000
referrals       off
nss_nested_groups yes

binddn cn=public,cn=Users,dc=p3x-dc,dc=patrikx3,dc=com
bindpw etc...etc...

filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map    passwd uid           sAMAccountName
map    passwd homeDirectory unixHomeDirectory
map    passwd gecos         displayName
map    passwd gidNumber     uidNumber
filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map    shadow uid           sAMAccountName
map    shadow shadowLastChange pwdLastSet
filter group (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map    group  cn            sAMAccountName
map    group  gidNumber     uidNumber
map    group  memberUid     sAMAccountName
tls_cacertfile /etc/ssl/certs/ca-certificates.crt




-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/