[Fedora-directory-users] Authentication problems

Rich Megginson rmeggins at redhat.com
Fri Jan 30 15:50:57 UTC 2009 

Per Qvindesland wrote:
> Hi 
>
> Thanks again for the response.
>
>
> I have managed to find some logs now that to Rich's message but I am unsure
> of what they mean:
> [30/Jan/2009:10:28:49 -0500] conn=46 fd=66 slot=66 connection from
> 83.140.187.52 to 83.140.187.43
> [30/Jan/2009:10:28:49 -0500] conn=46 op=0 BIND dn="" method=128 version=3
>   
Bind as anonymous (dn="")
> [30/Jan/2009:10:28:49 -0500] conn=46 op=0 RESULT err=0 tag=97 nentries=0
> etime=0 dn=""
>   
Result is good (err=0)
> [30/Jan/2009:10:28:49 -0500] conn=46 op=1 SRCH
> base="dc=sms,dc=mycompany,dc=com" scope=2
> filter="(&(objectClass=posixAccount)(uid=pq))" attrs="uid userPassword
> uidNumber gidNumber cn homeDirectory loginShell gecos description
> objectClass"
>   
Search for user uid=pq with objectClass=posixAccount anywhere under 
dc=sms,dc=mycompany,dc=com and return the attributes uid userPassword 
uidNumber gidNumber cn homeDirectory loginShell gecos description 
objectClass

> [30/Jan/2009:10:28:49 -0500] conn=46 op=1 RESULT err=0 tag=101 nentries=0
> etime=0
>   
There were no errors (err=0), but no entries were found that matched.
> [30/Jan/2009:10:28:49 -0500] conn=46 op=-1 fd=66 closed - B1
>
> Does any one have any idea?
>
> Regards
> Per Qvindesland
>
> On 1/29/09 4:18 PM, "Rich Megginson" <rmeggins at redhat.com> wrote:
>
>   
>> Per Qvindesland wrote:
>>     
>>> Hi
>>>
>>> Thanks so much for responding to my post.
>>>
>>> I managed to find out this but from what I don't get is why after having
>>> installed and configured clients to authenticate towards the server
>>> correctly they still don't do it, I have looked for any log files that could
>>> give me some clue of what I have done rong but no luck the error log in the
>>> admin interface says nothing that is of use, I have also read the manual
>>> from one side to the other but I can not find anything that tells me what
>>> steps that I have been forgetting.
>>>
>>> Is there any error logs that it generats that it generates that can give me
>>> some more clues?
>>>   
>>>       
>> I'm not sure where pam and nss log - possibly /var/log/secure
>> You can see what searches are being performed against the directory
>> server by looking at /var/log/dirsrv/slapd-yourinstance/access
>>     
>>> Regards
>>> Per Qvindesland
>>>
>>>
>>> On 1/28/09 4:37 PM, "Rich Megginson" <rmeggins at redhat.com> wrote:
>>>
>>>   
>>>       
>>>> Per Qvindesland wrote:
>>>>     
>>>>         
>>>>> Hi List
>>>>>
>>>>> After having installed Directory Server with no problems and created a test
>>>>> user account I then go ahead to configure a client to test the
>>>>> authentication to my new directory server, sadly after a reboot I can't
>>>>> login with my new user account that I created, I have spent a few days
>>>>> reading up about what the problem may be but until now I have had very
>>>>> little joy.
>>>>>
>>>>> If I try ldapsearch -v then I get error message:
>>>>> SASL/EXTERNAL authentication started
>>>>> Ldap_sasl_interactive_bind_s:unknown authentication method (-6)
>>>>>    additional info: SASL(-4): no mechanism available:
>>>>>   
>>>>>       
>>>>>           
>>>> This is because the openldap ldapsearch client attempts SASL
>>>> authentication by default.  You have to specify -x to make it use simple
>>>> (username/password or anonymous) authentication.
>>>>     
>>>>         
>>>>> If i use ldapsearch -x then I get the output of a ldif file with all
>>>>> groups,
>>>>> users and domains available so there is apparently nothing rong with the
>>>>> communication, I truly belive that this is a security problem that sits
>>>>> somewhere but I have no idea.
>>>>>   
>>>>>       
>>>>>           
>>>> I don't think this is a security problem.
>>>>     
>>>>         
>>>>> Could anyone give me some pointers to how I could fix this problem?
>>>>>
>>>>> Regards
>>>>> Per Qvindesland
>>>>>
>>>>>
>>>>> --
>>>>> Fedora-directory-users mailing list
>>>>> Fedora-directory-users at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>   
>>>>>       
>>>>>           
>>>> --
>>>> Fedora-directory-users mailing list
>>>> Fedora-directory-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>     
>>>>         
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>   
>>>       
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>     
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20090130/0148992a/attachment.bin>

More information about the Fedora-directory-users mailing list