Success auth after pam_authc_search=NONE

[Date Prev][Date Next] [Thread Prev][Thread Next]
From: Yurij Goncharuk <lnkgyv [at] gmail.com>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Success auth after pam_authc_search=NONE
Date: Mon, 26 Feb 2018 14:55:05 +0300
Hello!

Please, give me advice.
When I use ‘pam_authc_search NONE’ then I success login.
But when it’s commented, then login is failed. When password for ‘ldapuser’ 
mismatch
then in logs listed ‘Invalid credentials’. Therefore password is correct and 
user is found. 

Config and debug are shown bellow.

Thanks! 

/etc/nslcd.conf:
uid nslcd
gid ldap

uri ldap://ldap_server_ip

base dc=company,dc=org

binddn cn=proxy,ou=users,dc=company,dc=org
bindpw bind_pwd

ldap_version 3
timelimit 30
bind_timelimit 10
idle_timelimit 3600

scope one

pagesize 1000

nss_initgroups_ignoreusers root,nslcd
nss_min_uid 10000

#pam_authc_ppolicy yes
#pam_authc_search NONE

filter passwd (objectClass=posixAccount)
base passwd ou=users,dc=company,dc=org
filter shadow (objectClass=posixAccount)
base shadow ou=users,dc=company,dc=org
base group ou=groups,dc=company,dc=org
scope passwd one
scope shadow one
scope group one

map group member uniqueMember
map group gidNumber gid
#map shadow

nslcd -d:
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [e99dd7] DEBUG: connection from pid=3093 uid=0 gid=0
nslcd: [e99dd7] <passwd="ldapuser"> DEBUG: 
myldap_search(base="ou=users,dc=company,dc=org", 
filter="(&(objectClass=posixAccount)(uid=ldapuser))")
nslcd: [e99dd7] <passwd="ldapuser"> DEBUG: myldap_session_check(): 
idle_timelimit reached
nslcd: [e99dd7] <passwd="ldapuser"> DEBUG: set_socket_timeout(15,0)
nslcd: [e99dd7] <passwd="ldapuser"> DEBUG: ldap_unbind()
nslcd: [e99dd7] <passwd=«ldapuser"> DEBUG: ldap_initialize(ldap://lda_server_ip)
nslcd: [e99dd7] <passwd="ldapuser"> DEBUG: ldap_set_rebind_proc()
nslcd: [e99dd7] <passwd="ldapuser"> DEBUG: 
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [e99dd7] <passwd="ldapuser"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [e99dd7] <passwd="ldapuser"> DEBUG: 
ldap_set_option(LDAP_OPT_TIMELIMIT,30)
nslcd: [e99dd7] <passwd="ldapuser"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,30)
nslcd: [e99dd7] <passwd="ldapuser"> DEBUG: 
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,30)
nslcd: [e99dd7] <passwd="ldapuser"> DEBUG: 
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [e99dd7] <passwd="ldapuser"> DEBUG: 
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [e99dd7] <passwd="ldapuser"> DEBUG: 
ldap_simple_bind_s("cn=proxy,ou=users,dc=company,dc=org","***") 
(uri="ldap://ldap_server_ip";)
nslcd: [e99dd7] <passwd="ldapuser"> DEBUG: set_socket_timeout(30,500000)
nslcd: [e99dd7] <passwd="ldapuser"> DEBUG: ldap_result(): 
cn=ldapuser,ou=users,dc=company,dc=org
nslcd: [e99dd7] <passwd="ldapuser"> DEBUG: ldap_result(): end of results (1 
total)
nslcd: [31b62d] DEBUG: connection from pid=3093 uid=0 gid=0
nslcd: [31b62d] <passwd="ldapuser"> DEBUG: 
myldap_search(base="ou=users,dc=company,dc=org", 
filter="(&(objectClass=posixAccount)(uid=ldapuser))")
nslcd: [31b62d] <passwd="ldapuser"> DEBUG: ldap_result(): 
cn=ldapuser,ou=users,dc=company,dc=org
nslcd: [31b62d] <passwd="ldapuser"> DEBUG: ldap_result(): end of results (1 
total)
nslcd: [49c29b] DEBUG: connection from pid=3093 uid=0 gid=0
nslcd: [49c29b] <passwd="ldapuser"> DEBUG: 
myldap_search(base="ou=users,dc=company,dc=org", 
filter="(&(objectClass=posixAccount)(uid=ldapuser))")
nslcd: [49c29b] <passwd="ldapuser"> DEBUG: ldap_result(): 
cn=ldapuser,ou=users,dc=company,dc=org
nslcd: [49c29b] <passwd="ldapuser"> DEBUG: ldap_result(): end of results (1 
total)
nslcd: [ff9d09] DEBUG: connection from pid=3093 uid=0 gid=0
nslcd: [ff9d09] <authc="ldapuser"> DEBUG: 
nslcd_pam_authc("ldapuser","login","***")
nslcd: [ff9d09] <authc="ldapuser"> DEBUG: 
myldap_search(base="ou=users,dc=company,dc=org", 
filter="(&(objectClass=posixAccount)(uid=ldapuser))")
nslcd: [ff9d09] <authc="ldapuser"> DEBUG: ldap_result(): 
cn=ldapuser,ou=users,dc=company,dc=org
nslcd: [ff9d09] <authc="ldapuser"> DEBUG: 
myldap_search(base="cn=ldapuser,ou=users,dc=company,dc=org", 
filter="(objectClass=*)")
nslcd: [ff9d09] <authc="ldapuser"> DEBUG: ldap_initialize(ldap://ldap_server_ip)
nslcd: [ff9d09] <authc="ldapuser"> DEBUG: ldap_set_rebind_proc()
nslcd: [ff9d09] <authc="ldapuser"> DEBUG: 
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [ff9d09] <authc="ldapuser"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [ff9d09] <authc="ldapuser"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,30)
nslcd: [ff9d09] <authc="ldapuser"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,30)
nslcd: [ff9d09] <authc="ldapuser"> DEBUG: 
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,30)
nslcd: [ff9d09] <authc="ldapuser"> DEBUG: 
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [ff9d09] <authc="ldapuser"> DEBUG: 
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [ff9d09] <authc=«ldapuser"> DEBUG: 
ldap_sasl_bind("cn=ldapuser,ou=users,dc=company,dc=org","***") 
(uri="ldap://ldap_server_ip";) (ppolicy=yes)
nslcd: [ff9d09] <authc="ldapuser"> DEBUG: set_socket_timeout(30,500000)
nslcd: [ff9d09] <authc="ldapuser"> DEBUG: 
myldap_search(base="cn=ldapuser,ou=users,dc=company,dc=org", 
filter="(objectClass=*)")
nslcd: [ff9d09] <authc="ldapuser"> ldap_result() failed: No such object
nslcd: [ff9d09] <authc="ldapuser"> cn=ldapuser,ou=users,dc=company,dc=org: No 
such object
nslcd: [ff9d09] <authc="ldapuser"> DEBUG: set_socket_timeout(15,0)
nslcd: [ff9d09] <authc="ldapuser"> DEBUG: ldap_unbind()
nslcd: [ff9d09] <authc="ldapuser"> DEBUG: 
myldap_search(base="ou=users,dc=company,dc=org", 
filter="(&(objectClass=posixAccount)(uid=ldapuser))")
nslcd: [ff9d09] <authc="ldapuser"> DEBUG: ldap_result(): 
cn=ldapuser,ou=users,dc=company,dc=org
nslcd: [754342] DEBUG: connection from pid=3093 uid=0 gid=0
nslcd: [754342] <passwd="ldapuser"> DEBUG: 
myldap_search(base="ou=users,dc=company,dc=org", 
filter="(&(objectClass=posixAccount)(uid=ldapuser))")
nslcd: [754342] <passwd="ldapuser"> DEBUG: ldap_result(): 
cn=ldapuser,ou=users,dc=company,dc=org
nslcd: [754342] <passwd="ldapuser"> DEBUG: ldap_result(): end of results (1 
total)
nslcd: [e7f3e5] DEBUG: connection from pid=3093 uid=0 gid=0
nslcd: [e7f3e5] <passwd="ldapuser"> DEBUG: 
myldap_search(base="ou=users,dc=company,dc=org", 
filter="(&(objectClass=posixAccount)(uid=ldapuser))")
nslcd: [e7f3e5] <passwd="ldapuser"> DEBUG: ldap_result(): 
cn=ldapuser,ou=users,dc=company,dc=org
nslcd: [e7f3e5] <passwd="ldapuser"> DEBUG: ldap_result(): end of results (1 
total)

/*————————————*/
Have a nice day!
Yurij Goncharuk
/*-------------------------*/

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/
Success auth after pam_authc_search=NONE, Yurij Goncharuk
<Possible follow-ups>
Success auth after pam_authc_search=NONE, Yurij Goncharuk
Prev by Date: Re: nslcd Connection reset by peer
Next by Date: Success auth after pam_authc_search=NONE
Previous by thread: Re: nslcd Connection reset by peer
Next by thread: Success auth after pam_authc_search=NONE