Hi,
I have issue with my openldap client to authenticate on SSH using openldap server. It's failed to authenticate using account that i create on openldap server OR default user !. I have to reboot to single mode and change everything back to default. The SSH account that i use is "labu"
Output from /etc/passwd on openldap server (10.1.1.1):
# more /etc/passwd | grep labu labu:x:1003:1003::/home/labu:/bin/sh
Here's what i'm using on the setup:
Server (10.1.1.1): i. openldap 2.4.28-1.1 on Linux Ubuntu 12.04
Client (10.1.1.2): i. libpam-ldapd 0.8.4 on Linux Ubuntu 12.04
Here's the output when i do on openldap server itself:
# ldapsearch -h localhost -D "cn=admin,dc=ROSAK,dc=COM" -w openiam -b "dc=ROSAK,dc=COM" -s sub "objectclass=*" ldap_bind: Invalid credentials (49)
_BUT_ i'm am able to login using admin account on phpldapadmin.
Here's my /etc/ldap/slapd.conf
############################################################## # S L A P D . C O N F # ############################################################## include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema
password-hash {CLEARTEXT} allow bind_v2 pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args modulepath /usr/lib/ldap moduleload back_bdb.la #moduleload back_@BACKEND@
access to dn.exact="cn=admin,ou=Roles,dc=ROSAK,dc=COM" by * manage access to dn.exact="cn=admin,ou=Roles,dc=ROSAK,dc=COM" by * read access to attrs=userPassword by self write by anonymous auth by * none
access to * by self write by users read by anonymous auth
database bdb suffix "dc=ROSAK,dc=COM" rootdn "cn=admin,dc=ROSAK,dc=COM" rootpw {CLEARTEXT}123456 directory "/var/lib/ldap" index objectClass eq loglevel 2048
Here's /etc/nsswitch.conf from my openldap client:
# /etc/nsswitch.conf passwd: files ldap group: files ldap shadow: files ldap sudoers: files ldap services: files ldap automount: files ldap
Here's /etc/pam.d/sshd from my openldap client:
# auth include system-auth account required pam_nologin.so account include system-auth password include system-auth session optional pam_keyinit.so force revoke session include system-auth session required pam_loginuid.so
Appreciate anyone help / advice.
Thanks.
--- ded1 "The end is the beginning, the beginning is the end"
Am Thu, 16 May 2013 09:59:11 +0800 (MYT) schrieb "ded1@MyBSD.org.my" ded1@mybsd.org.my:
Hi,
I have issue with my openldap client to authenticate on SSH using openldap server. It's failed to authenticate using account that i create on openldap server OR default user !. I have to reboot to single mode and change everything back to default. The SSH account that i use is "labu"
Output from /etc/passwd on openldap server (10.1.1.1):
# more /etc/passwd | grep labu labu:x:1003:1003::/home/labu:/bin/sh
Here's what i'm using on the setup:
Server (10.1.1.1): i. openldap 2.4.28-1.1 on Linux Ubuntu 12.04
Client (10.1.1.2): i. libpam-ldapd 0.8.4 on Linux Ubuntu 12.04
Here's the output when i do on openldap server itself:
# ldapsearch -h localhost -D "cn=admin,dc=ROSAK,dc=COM" -w openiam -b "dc=ROSAK,dc=COM" -s sub "objectclass=*" ldap_bind: Invalid credentials (49)
openiam is the wrong bind passwd rootpw {CLEARTEXT}123456 this should be the correct passwd.
-Dieter
openldap-technical@openldap.org
-
ded1@MyBSD.org.my -
Dieter Klünter