Hello

I have a problem authenticating from a client RedHat 6.3 to a server RedHat 6.3
Connection is ok

I can  change user when I am root with su paula with no problem

When I change from non root to paula su paula : I am requested a password,
 but I get an incorrect password  message despite the password bieng correct

Here are the details :


SERVER Configuration (obtained with slapcat)


The first database does not allow slapcat; using the first available one (2)
bdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap: (2).
Expect poor performance for suffix "dc=jcs-PC,dc=home".
dn: dc=jcs-PC,dc=home
dc: jcs-PC
objectClass: dcObject
objectClass: organization
o: NETEXPANSION
structuralObjectClass: organization
entryUUID: b9dcdb1e-f628-1032-8eef-4f234421cd34
creatorsName: cn=ldapadmin,dc=jcs-PC,dc=home
createTimestamp: 20131210205228Z
entryCSN: 20131210205228.791640Z#000000#000#000000
modifiersName: cn=ldapadmin,dc=jcs-PC,dc=home
modifyTimestamp: 20131210205228Z


dn: ou=employes,dc=jcs-PC,dc=home
objectClass: organizationalUnit
ou: employes
structuralObjectClass: organizationalUnit
entryUUID: 2008d924-f629-1032-8ef0-4f234421cd34
creatorsName: cn=ldapadmin,dc=jcs-PC,dc=home
createTimestamp: 20131210205520Z
entryCSN: 20131210205520.207551Z#000000#000#000000
modifiersName: cn=ldapadmin,dc=jcs-PC,dc=home
modifyTimestamp: 20131210205520Z


dn: cn=Paula Bionda,ou=employes,dc=jcs-PC,dc=home
cn: Paula Bionda
sn: Bionda
uid: paula
uidNumber: 503
gidNumber: 1100
gecos: Paula Bionda
homeDirectory: /home/paula
shadowLastChange: 10877
shadowMin: 0
shadowMax: 999999
shadowWarning: 7
shadowInactive: -1
shadowExpire: -1
shadowFlag: 0
structuralObjectClass: person
entryUUID: e4f37848-f930-1032-985a-91cf669ea788
creatorsName: cn=ldapadmin,dc=jcs-PC,dc=home
createTimestamp: 20131214172830Z
loginShell: /bin/bash
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
userPassword:: e1NTSEF9aEFzWFZFejlIa2xQSUpFSFF2SnpoZmo1cTYzdzRLUlg=
entryCSN: 20131219155524.533147Z#000000#000#000000
modifiersName: cn=Paula Bionda,ou=employes,dc=jcs-PC,dc=home
modifyTimestamp: 20131219155524Z


dn: ou=groups,dc=jcs-PC,dc=home
objectClass: organizationalUnit
ou: groups
structuralObjectClass: organizationalUnit
entryUUID: e1a8545a-fa85-1032-84b7-a9514c4c1551
creatorsName: cn=ldapadmin,dc=jcs-PC,dc=home
createTimestamp: 20131216100923Z
entryCSN: 20131216100923.403228Z#000000#000#000000
modifiersName: cn=ldapadmin,dc=jcs-PC,dc=home
modifyTimestamp: 20131216100923Z



dn: cn=mygroup,ou=groups,dc=jcs-PC,dc=home
objectClass: top
objectClass: posixGroup
cn: mygroup
gidNumber: 1100
memberUid: paula
memberUid: giuseppe
structuralObjectClass: posixGroup
entryUUID: c26713a0-fa9f-1032-8b7d-155dd966052d
creatorsName: cn=ldapadmin,dc=jcs-PC,dc=home
createTimestamp: 20131216131437Z
entryCSN: 20131216131437.881194Z#000000#000#000000
modifiersName: cn=ldapadmin,dc=jcs-PC,dc=home
modifyTimestamp: 20131216131437Z




CLIENT Configuration

authconfig-tui gives
[]   Cache Infomation
[*] Use LDAP
[]  Use NIS
[]  Use IPAV2
[]  Use WinBind
[*] Use MD5 Passwords
[*] Use Shadow Passwords
[*] Use LDAP Authentication
[]  Use Kerboros
[*] Use Fingerprint Reader
[]  Use Windbind Authentication
[*] Local Authorization is sufficient

[] Use TLS
ldap://192.168.1.12/
Base DN: dc=jcs-PC,dc=home


Result su paula

a) when I am logged in as root, su paula  logs me into paula : no problem

b) when I am not logged in as root and I do  su paula
I am requested a password (as expected),  but then I get incorrect password despite the password being correct


Here is the log

Dec 19 18:49:50 jcs-PC slapd[6441]: => slap_access_allowed: backend default read access granted to "(anonymous)"

Dec 19 18:49:50 jcs-PC slapd[6441]: => access_allowed: read access granted by read(=rscxd)
Dec 19 18:49:50 jcs-PC slapd[6441]: conn=1005 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=

Dec 19 18:49:50 jcs-PC slapd[6441]: conn=1006 fd=21 ACCEPT from IP=192.168.1.17:56000 (IP=0.0.0.0:389)

Dec 19 18:49:50 jcs-PC slapd[6441]: conn=1006 op=0 EXT oid=1.3.6.1.4.1.1466.20037

Dec 19 18:49:50 jcs-PC slapd[6441]: conn=1006 op=0 STARTTLS

Dec 19 18:49:50 jcs-PC slapd[6441]: conn=1006 op=0 RESULT oid= err=0 text=

Dec 19 18:49:50 jcs-PC slapd[6441]: conn=1006 fd=21 closed (TLS negotiation failure)

Dec 19 19:04:43 jcs-PC slapd[6441]: conn=1005 op=4 UNBIND

Dec 19 19:04:43 jcs-PC slapd[6441]: conn=1005 fd=14 closed



And these are the last 2 lines of wireshark

Source                            Destination                                               Protocol      Info
192.168.1.17(Client)      192.168.1.12 (Server)                                LDAP        
ExtendedReq     LDAP_START_TLS_OID
192.168.1.12                  192.168.1.17                                              LDAP        ExtendedResp   LDAP_START_TLS_OID  responseName missing


I am surprised about STARTLS because there seems to be nothing in my configuration files about TLS


Thank you


Axel
 
--