[Fedora-directory-users] ssh login fail

Richard Megginson rmeggins at redhat.com
Tue Sep 11 13:22:08 UTC 2007 

Steven Jones wrote:
> I am getting things like this, but I did not enter them, so these are
> some sort of defaults?
>   
Yes.  By default, Fedora DS setup will create some organizational 
entries for you.  If you do not want to do this, you can run setup in 
Custom mode and tell it to not add these entries.
> 8><--------
> # PD Managers, groups, vuw.ac.nz
> dn: cn=PD Managers,ou=groups,dc=vuw,dc=ac,dc=nz
> objectClass: top
> objectClass: groupOfUniqueNames
> cn: PD Managers
> ou: groups
> description: People who can manage engineer entries
> 8><--------
>
> Yet I cannot find then under the FDS gui....
>   
Try changing your identity in the console to cn=Directory Manager.  
Under the File menu, select the option to login as another user.  Or use 
the Tasks tab - there is a button there to do the same thing.
> regards
>
> Steven Jones
> Senior  Linux/Unix/San/Vmware System Administrator
> APG -Technology Integration Team
> Victoria University of Wellington
> Phone: +64 4 463 6272
>
> -----Original Message-----
> From: fedora-directory-users-bounces at redhat.com
> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Steven
> Jones
> Sent: Tuesday, 11 September 2007 12:41 p.m.
> To: General discussion list for the Fedora Directory server project.
> Subject: RE: [Fedora-directory-users] ssh login fail
>
> There you go,
>
> Looks like it is not in the right place in FDS....or it is but LDAP is
> looking in the wrong place...
>
> root at vuwunicvfwall02 openldap]# ldapsearch -x -D
> "uid=jonesst1,ou=People,dc=vuw,dc=ac,dc=nz" -w xxxxx -s base -b ""
> ldap_bind: No such object (32)
>         matched DN: ou=people,dc=vuw,dc=ac,dc=nz
> [root at vuwunicvfwall02 openldap]# ldapsearch -x -D
> "uid=jonesst1,dc=vuw,dc=ac,dc=nz" -w xxxxx -s base -b ""
> ldap_bind: No such object (32)
>         matched DN: dc=vuw,dc=ac,dc=nz
>
> ho hum....
>
> regards
>
> Steven Jones
> Senior  Linux/Unix/San/Vmware System Administrator
> APG -Technology Integration Team
> Victoria University of Wellington
> Phone: +64 4 463 6272
>
> -----Original Message-----
> From: fedora-directory-users-bounces at redhat.com
> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard
> Megginson
> Sent: Tuesday, 11 September 2007 11:59 a.m.
> To: General discussion list for the Fedora Directory server project.
> Subject: Re: [Fedora-directory-users] ssh login fail
>
> Steven Jones wrote:
>   
>> Yes I have run this before, vuw exists (see below),
>>
>> By password return I assume the client is querying LDAP to ask if the
>> user jonesst1 exists and either sends the hash of the password I used
>>     
> to
>   
>> try and login or asks for the hash to do a comparison if it matches a
>> login is allowed....
>>   
>>     
> I hope not.  It really should do an LDAP BIND operation, which means it 
> sends the clear text password to the server in the BIND request (for 
> simple username/password auth).
>
> So, try
> ldapsearch -x -D "uid=someuser,ou=People,dc=vuw,dc=ac,dc=nz" -w 
> thepasssword -s base -b ""
> That will test to see if that user exists and that the password is
> correct.
>
>   
>> I assume pam.d on the client is doing the hash comparison, so if the
>> hash method on the client is different to FDS its not going to get
>> anywhere.
>>
>> Querying via the FDS gui shows the user so it is in the database
>> somewhere....
>>
>> So the possible errors are wrong hash or looking in the wrong place,
>>     
> or
>   
>> some other error.
>>   
>>     
> looking in the wrong place would be my guess, based on the err=32 in the
>
> previous logs you posted.
>   
>> regards
>>
>> Steven Jones
>> Senior  Linux/Unix/San/Vmware System Administrator
>> APG -Technology Integration Team
>> Victoria University of Wellington
>> Phone: +64 4 463 6272
>>
>> 8><-----
>>
>> [root at vuwunicvfwall02 openldap]# more output
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=vuw,dc=ac,dc=nz> with scope sub
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>>  
>> # vuw.ac.nz
>> dn: dc=vuw,dc=ac,dc=nz
>> objectClass: top
>> objectClass: domain
>> dc: vuw
>>  
>> # Directory Administrators, vuw.ac.nz
>> dn: cn=Directory Administrators, dc=vuw,dc=ac,dc=nz
>> objectClass: top
>> objectClass: groupofuniquenames
>> cn: Directory Administrators
>>  
>> # Groups, vuw.ac.nz
>> dn: ou=Groups, dc=vuw,dc=ac,dc=nz
>> objectClass: top
>> objectClass: organizationalunit
>> ou: Groups
>>  
>> # People, vuw.ac.nz
>> dn: ou=People, dc=vuw,dc=ac,dc=nz
>> objectClass: top
>> objectClass: organizationalunit
>> ou: People
>>  
>> # Special Users, vuw.ac.nz
>> dn: ou=Special Users,dc=vuw,dc=ac,dc=nz
>> objectClass: top
>>
>> 8><------
>>
>> # PD Managers, groups, vuw.ac.nz
>> dn: cn=PD Managers,ou=groups,dc=vuw,dc=ac,dc=nz
>> objectClass: top
>> objectClass: groupOfUniqueNames
>> cn: PD Managers
>> ou: groups
>> description: People who can manage engineer entries
>>  
>>
>> # search result
>> search: 2
>> result: 0 Success
>>  
>> # numResponses: 10
>> # numEntries: 9
>>
>> ==================
>>
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>   
>>     
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070911/ea7541fa/attachment.bin>

More information about the Fedora-directory-users mailing list