[Fedora-directory-users] TLS Issue
mallapadi niranjan
niranjan.ashok at gmail.com
Thu Jul 24 16:15:43 UTC 2008
Hi,
Can you check What happens if you specify
ssl start_tls
instead of "ssl on"
Regards
Niranjan
On Thu, Jul 24, 2008 at 9:29 PM, Dharmin Mandalia <dharmin98 at hotmail.com>
wrote:
>
> Hello Nalin and all
>
> I just added "ssl on" to below /etc/ldap.conf file and get below error
> msg in var/log/secure file :-
>
>
> sshd[6212]: pam_unix(sshd:session): session closed for user test1
> sshd[6248]: pam_unix(sshd:auth): authentication failure; logname= uid=0
> euid=0 tty=ssh ruser= rhost=192.168.1.1 user=test1
> sshd[6248]: Accepted password for test1 from 192.168.1.1 port 47171 ssh2
> sshd[6248]: pam_unix(sshd:session): session opened for user test1 by
> (uid=0)
> sshd[6248]: pam_unix(sshd:session): session closed for user test1
> sshd[6284]: pam_unix(sshd:auth): authentication failure; logname= uid=0
> euid=0 tty=ssh ruser= rhost=192.168.1.1 user=test1
> sshd[6284]: pam_ldap: ldap_simple_bind Can't contact LDAP server
> shd[6284]: pam_ldap: reconnecting to LDAP server...
> sshd[6284]: pam_ldap: ldap_simple_bind Can't contact LDAP server
> sshd[6284]: Failed password for test1 from 192.168.1.1 port 47172 ssh2
>
> With "ssl on" in ldap.conf, am unable to login via ssh
>
> any helpers please...
>
> regards
> Dharmin
>
>
>
> ----------------------------------------
> > Date: Thu, 24 Jul 2008 11:26:46 -0400
> > From: nalin at redhat.com
> > To: dharmin98 at hotmail.com
> > CC: fedora-directory-users at redhat.com
> > Subject: Re: [Fedora-directory-users] TLS Issue
> >
> > On Thu, Jul 24, 2008 at 03:11:59PM +0000, Dharmin Mandalia wrote:
> >> I've enabled TLS and am getting below error msg's in /var/log/secure
> file on Fedora 9, which is my newly configured FDS , if disable TLS , am
> able to ssh onto the FDS server and with TLS enabled unable to login via
> ssh.
> > [snip]
> >> sshd[5487]: nss_ldap: could not search LDAP server - Server is
> unavailable
> > [snip]
> >> /etc/ldap.conf file on Fedora 9, (FDS server ) shows as :-
> > [snip]
> >> ssl start_tls
> >> tls_checkpeer yes
> >> tls_cacertfile /etc/openldap/cacerts/cacert.asc
> >> pam_password md5
> >> uri ldap://127.0.0.1/
> >> tls_cacertdir /etc/openldap/cacerts
> >
> > If you're using SSL or TLS, the LDAP client library is going to compare
> > the names in the certificate that the server uses against the value that
> > was given in the client's configuration (in this case "127.0.0.1"), and
> > it looks like they're not matching up here.
> >
> > Typically the certificate uses an actual hostname as a "CN" value in its
> > subject, so you'd need to specify the server URI using a hostname rather
> > than an IP address to make sure that they match.
> >
> > If that's not what's going on here, please post a copy of the
> > certificate that the server's using so that we can have a look.
> >
> > HTH,
> >
> > Nalin
>
> _________________________________________________________________
> Use video conversation to talk face-to-face with Windows Live Messenger.
>
> http://www.windowslive.com/messenger/connect_your_way.html?ocid=TXT_TAGLM_WL_Refresh_messenger_video_072008
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20080724/a0758769/attachment.htm>
More information about the Fedora-directory-users
mailing list