[Fedora-directory-devel] LDAP Authentication

Michiel van Heukelom - Van Boxtel Software BV mvheukelom at van-boxtel-software.nl
Wed Feb 28 15:32:49 UTC 2007 

When comminting out, it seems to work fine.

[28/Feb/2007:18:31:42 +0100] conn=21 op=-1 fd=66 closed error 104 (Connection reset by peer) - TCP connection reset by peer.
[28/Feb/2007:18:31:45 +0100] conn=114 fd=66 slot=66 connection from 192.168.100.118 to 192.168.100.120
[28/Feb/2007:18:31:45 +0100] conn=114 op=0 BIND dn="" method=128 version=3
[28/Feb/2007:18:31:45 +0100] conn=114 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[28/Feb/2007:18:31:45 +0100] conn=114 op=1 SRCH base="dc=van-boxtel-software,dc=nl" scope=2 filter="(&(objectClass=posixAccount)(uid=mvheukelom))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass"
[28/Feb/2007:18:31:45 +0100] conn=114 op=1 RESULT err=0 tag=101 nentries=0 etime=0
[28/Feb/2007:18:31:45 +0100] conn=114 op=2 SRCH base="dc=van-boxtel-software,dc=nl" scope=2 filter="(&(objectClass=posixAccount)(uid=mvheukelom))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass"
[28/Feb/2007:18:31:45 +0100] conn=114 op=2 RESULT err=0 tag=101 nentries=0 etime=0
[28/Feb/2007:18:31:54 +0100] conn=114 op=3 SRCH base="dc=van-boxtel-software,dc=nl" scope=2 filter="(&(objectClass=posixAccount)(uid=mvheukelom))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass"
[28/Feb/2007:18:31:54 +0100] conn=114 op=3 RESULT err=0 tag=101 nentries=0 etime=0
[28/Feb/2007:18:31:54 +0100] conn=22 op=-1 fd=67 closed error 104 (Connection reset by peer) - TCP connection reset by peer.
[28/Feb/2007:18:31:57 +0100] conn=115 fd=67 slot=67 connection from 192.168.100.118 to 192.168.100.120
[28/Feb/2007:18:31:57 +0100] conn=115 op=0 BIND dn="" method=128 version=3
[28/Feb/2007:18:31:57 +0100] conn=115 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[28/Feb/2007:18:31:57 +0100] conn=115 op=1 SRCH base="dc=van-boxtel-software,dc=nl" scope=2 filter="(uid=mvheukelom)" attrs=ALL
[28/Feb/2007:18:31:57 +0100] conn=115 op=1 RESULT err=0 tag=101 nentries=0 etime=0
[28/Feb/2007:18:31:59 +0100] conn=114 op=5 SRCH base="dc=van-boxtel-software,dc=nl" scope=2 filter="(&(objectClass=posixAccount)(uid=mvheukelom))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass"
[28/Feb/2007:18:31:59 +0100] conn=114 op=5 RESULT err=0 tag=101 nentries=0 etime=0

err=0 so it looks o.k.

thnx

  ----- Original Message ----- 
  From: J. Hartman 
  To: Fedora Directory server developer discussion. 
  Sent: Wednesday, February 28, 2007 4:02 PM
  Subject: Re: [Fedora-directory-devel] LDAP Authentication


  Hi,

  In your client's ldap.conf, the rootbinddn should be set to a real account object, possibly the "cn=directory manager".

  In access log, you can see that the client is trying to bind as "dc=example,dc=com" (server's naming context!), and err=48 shows that the entry doesn't have userPassword attribute.

  Try commenting out the rootbinddn line or use "cn=directory manager". 

  Regards,
  Joona Hartman


  On 2/28/07, Michiel van Heukelom - Van Boxtel Software BV < mvheukelom at van-boxtel-software.nl> wrote:

    Problem with authenticate. 

    I've installed fedora-ds-1.0.4-1.RHEL4.i386.opt.rpm and it seems to be working fine. I can manage users by the console. On another machine i want to use the directory, but when ik log in, in /var/log/messages i get the following error: 

    Feb 23 13:07:59 ldap-vm4 remote(pam_unix)[3885]: check pass; user unknown 

    Feb 23 13:07:59 ldap-vm4 remote(pam_unix)[3885]: authentication failure; logname= uid=0 euid=0 tty=pts/2 ruser= rhost=192.168.100.176 

    Feb 23 13:07:59 ldap-vm4 remote(pam_unix)[3885]: could not identify user (from getpwnam(mvheukelom)) 

    Feb 23 13:07:59 ldap-vm4 login[3885]: User not known to the underlying authentication module 

    On my ldap server the file /opt/fedora-ds/slapd/logs/access

    [28/Feb/2007:11:27:49 +0100] conn=250 op=0 BIND dn="dc=example,dc=com" method=128 version=3
    [28/Feb/2007:11:27:49 +0100] conn=250 op=0 RESULT err=48 tag=97 nentries=0 etime=0
    [28/Feb/2007:11:27:51 +0100] conn=251 fd=67 slot=67 connection from 192.168.100.118 to 192.168.100.119
    [28/Feb/2007:11:27:51 +0100] conn=251 op=0 BIND dn="dc=example,dc=com" method=128 version=3
    [28/Feb/2007:11:27:51 +0100] conn=251 op=0 RESULT err=48 tag=97 nentries=0 etime=0
    [28/Feb/2007:11:27:51 +0100] conn=251 op=1 UNBIND
    [28/Feb/2007:11:27:51 +0100] conn=251 op=1 fd=67 closed - U1


    my ldap.conf on my client:

    host 192.168.100.119

    base dc=Example,dc=com

    rootbinddn dc=example,dc=com

    In authconfig i've made the changes to: use ladap and user ldap authentication. I've also filled in my server (IP-number) and my base. 

    Can someone advise me what to check please.... 


    Best regards,

    Michiel van Heukelom

    Van Boxtel Software B.V.




          Phone: +31 (0) 492 - 327 357 
          Fax:  +31 (0) 492 - 324 326 
          E-mail: mvheukelom at van-boxtel-software.nl  
          Website: www.van-boxtel-software.nl 


    --
    Fedora-directory-devel mailing list
    Fedora-directory-devel at redhat.com
    https://www.redhat.com/mailman/listinfo/fedora-directory-devel






------------------------------------------------------------------------------


  --
  Fedora-directory-devel mailing list
  Fedora-directory-devel at redhat.com
  https://www.redhat.com/mailman/listinfo/fedora-directory-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20070228/52d6e231/attachment.htm>

More information about the Fedora-directory-devel mailing list