Problem with authenticate.
I've installed fedora-ds-1.0.4-1.RHEL4.i386.opt.rpm and it seems to be working fine. I can manage users by the console. On another machine i want to use the directory, but when ik log in, in /var/log/messages i get the following error:
Feb 23 13:07:59 ldap-vm4 remote(pam_unix)[3885]: check pass; user unknown
Feb 23 13:07:59 ldap-vm4 remote(pam_unix)[3885]: authentication failure; logname= uid=0 euid=0 tty=pts/2 ruser= rhost=192.168.100.176
Feb 23 13:07:59 ldap-vm4 remote(pam_unix)[3885]: could not identify user (from getpwnam(mvheukelom))
Feb 23 13:07:59 ldap-vm4 login[3885]: User not known to the underlying authentication module
On my ldap server the file /opt/fedora-ds/slapd/logs/access
[28/Feb/2007:11:27:49 +0100] conn=250 op=0 BIND dn="dc=example,dc=com" method=128 version=3 [28/Feb/2007:11:27:49 +0100] conn=250 op=0 RESULT err=48 tag=97 nentries=0 etime=0 [28/Feb/2007:11:27:51 +0100] conn=251 fd=67 slot=67 connection from 192.168.100.118 to 192.168.100.119 [28/Feb/2007:11:27:51 +0100] conn=251 op=0 BIND dn="dc=example,dc=com" method=128 version=3 [28/Feb/2007:11:27:51 +0100] conn=251 op=0 RESULT err=48 tag=97 nentries=0 etime=0 [28/Feb/2007:11:27:51 +0100] conn=251 op=1 UNBIND [28/Feb/2007:11:27:51 +0100] conn=251 op=1 fd=67 closed - U1
my ldap.conf on my client:
host 192.168.100.119
base dc=Example,dc=com
rootbinddn dc=example,dc=com
In authconfig i've made the changes to: use ladap and user ldap authentication. I've also filled in my server (IP-number) and my base.
Can someone advise me what to check please....
Best regards,
Michiel van Heukelom
Van Boxtel Software B.V.
Phone: +31 (0) 492 - 327 357 Fax: +31 (0) 492 - 324 326 E-mail: mvheukelom@van-boxtel-software.nl Website: www.van-boxtel-software.nl
Michiel van Heukelom - Van Boxtel Software BV wrote:
Problem with authenticate.
I've installed fedora-ds-1.0.4-1.RHEL4.i386.opt.rpm and it seems to be working fine. I can manage users by the console. On another machine i want to use the directory, but when ik log in, in /var/log/messages i get the following error:
Feb 23 13:07:59 ldap-vm4 remote(pam_unix)[3885]: check pass; user unknown
Feb 23 13:07:59 ldap-vm4 remote(pam_unix)[3885]: authentication failure; logname= uid=0 euid=0 tty=pts/2 ruser= rhost=192.168.100.176
Feb 23 13:07:59 ldap-vm4 remote(pam_unix)[3885]: could not identify user (from getpwnam(mvheukelom))
Feb 23 13:07:59 ldap-vm4 login[3885]: User not known to the underlying authentication module
On my ldap server the file /opt/fedora-ds/slapd/logs/access
[28/Feb/2007:11:27:49 +0100] conn=250 op=0 BIND dn="dc=example,dc=com" method=128 version=3 [28/Feb/2007:11:27:49 +0100] conn=250 op=0 RESULT err=48 tag=97 nentries=0 etime=0 [28/Feb/2007:11:27:51 +0100] conn=251 fd=67 slot=67 connection from 192.168.100.118 to 192.168.100.119 [28/Feb/2007:11:27:51 +0100] conn=251 op=0 BIND dn="dc=example,dc=com" method=128 version=3 [28/Feb/2007:11:27:51 +0100] conn=251 op=0 RESULT err=48 tag=97 nentries=0 etime=0 [28/Feb/2007:11:27:51 +0100] conn=251 op=1 UNBIND [28/Feb/2007:11:27:51 +0100] conn=251 op=1 fd=67 closed - U1
my ldap.conf on my client:
host 192.168.100.119
base dc=Example,dc=com
rootbinddn dc=example,dc=com
The rootbinddn is usually something like "cn=Directory Manager" for Fedora DS. Do you need a rootbinddn?
In authconfig i've made the changes to: use ladap and user ldap authentication. I've also filled in my server (IP-number) and my base.
Can someone advise me what to check please....
**
Best regards,*
*Michiel van Heukelom*
**Van Boxtel Software B.V.**
Phone: +31 (0) 492 - 327 357 Fax: +31 (0) 492 - 324 326 E-mail: mvheukelom@van-boxtel-software.nl mailto:mvheukelom@van-boxtel-software.nl Website: www.van-boxtel-software.nl http://www.van-boxtel-software.nl/
-- Fedora-directory-devel mailing list Fedora-directory-devel@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-devel
Hi,
In your client's ldap.conf, the rootbinddn should be set to a real account object, possibly the "cn=directory manager".
In access log, you can see that the client is trying to bind as "dc=example,dc=com" (server's naming context!), and err=48 shows that the entry doesn't have userPassword attribute.
Try commenting out the rootbinddn line or use "cn=directory manager".
Regards, Joona Hartman
On 2/28/07, Michiel van Heukelom - Van Boxtel Software BV < mvheukelom@van-boxtel-software.nl> wrote:
Problem with authenticate.
I've installed fedora-ds-1.0.4-1.RHEL4.i386.opt.rpm and it seems to be working fine. I can manage users by the console. On another machine i want to use the directory, but when ik log in, in /var/log/messages i get the following error:
Feb 23 13:07:59 ldap-vm4 remote(pam_unix)[3885]: check pass; user unknown
Feb 23 13:07:59 ldap-vm4 remote(pam_unix)[3885]: authentication failure; logname= uid=0 euid=0 tty=pts/2 ruser= rhost=192.168.100.176
Feb 23 13:07:59 ldap-vm4 remote(pam_unix)[3885]: could not identify user (from getpwnam(mvheukelom))
Feb 23 13:07:59 ldap-vm4 login[3885]: User not known to the underlying authentication module
On my ldap server the file /opt/fedora-ds/slapd/logs/access
[28/Feb/2007:11:27:49 +0100] conn=250 op=0 BIND dn="dc=example,dc=com" method=128 version=3 [28/Feb/2007:11:27:49 +0100] conn=250 op=0 RESULT err=48 tag=97 nentries=0 etime=0 [28/Feb/2007:11:27:51 +0100] conn=251 fd=67 slot=67 connection from 192.168.100.118 to 192.168.100.119 [28/Feb/2007:11:27:51 +0100] conn=251 op=0 BIND dn="dc=example,dc=com" method=128 version=3 [28/Feb/2007:11:27:51 +0100] conn=251 op=0 RESULT err=48 tag=97 nentries=0 etime=0 [28/Feb/2007:11:27:51 +0100] conn=251 op=1 UNBIND [28/Feb/2007:11:27:51 +0100] conn=251 op=1 fd=67 closed - U1
my ldap.conf on my client:
host 192.168.100.119
base dc=Example,dc=com
rootbinddn dc=example,dc=com
In authconfig i've made the changes to: use ladap and user ldap authentication. I've also filled in my server (IP-number) and my base.
Can someone advise me what to check please....
Best regards,
Michiel van Heukelom
Van Boxtel Software B.V.
Phone: +31 (0) 492 - 327 357 Fax: +31 (0) 492 - 324 326 E-mail: mvheukelom@van-boxtel-software.nl Website: www.van-boxtel-software.nl*
-- Fedora-directory-devel mailing list Fedora-directory-devel@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-devel
When comminting out, it seems to work fine.
[28/Feb/2007:18:31:42 +0100] conn=21 op=-1 fd=66 closed error 104 (Connection reset by peer) - TCP connection reset by peer. [28/Feb/2007:18:31:45 +0100] conn=114 fd=66 slot=66 connection from 192.168.100.118 to 192.168.100.120 [28/Feb/2007:18:31:45 +0100] conn=114 op=0 BIND dn="" method=128 version=3 [28/Feb/2007:18:31:45 +0100] conn=114 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [28/Feb/2007:18:31:45 +0100] conn=114 op=1 SRCH base="dc=van-boxtel-software,dc=nl" scope=2 filter="(&(objectClass=posixAccount)(uid=mvheukelom))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [28/Feb/2007:18:31:45 +0100] conn=114 op=1 RESULT err=0 tag=101 nentries=0 etime=0 [28/Feb/2007:18:31:45 +0100] conn=114 op=2 SRCH base="dc=van-boxtel-software,dc=nl" scope=2 filter="(&(objectClass=posixAccount)(uid=mvheukelom))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [28/Feb/2007:18:31:45 +0100] conn=114 op=2 RESULT err=0 tag=101 nentries=0 etime=0 [28/Feb/2007:18:31:54 +0100] conn=114 op=3 SRCH base="dc=van-boxtel-software,dc=nl" scope=2 filter="(&(objectClass=posixAccount)(uid=mvheukelom))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [28/Feb/2007:18:31:54 +0100] conn=114 op=3 RESULT err=0 tag=101 nentries=0 etime=0 [28/Feb/2007:18:31:54 +0100] conn=22 op=-1 fd=67 closed error 104 (Connection reset by peer) - TCP connection reset by peer. [28/Feb/2007:18:31:57 +0100] conn=115 fd=67 slot=67 connection from 192.168.100.118 to 192.168.100.120 [28/Feb/2007:18:31:57 +0100] conn=115 op=0 BIND dn="" method=128 version=3 [28/Feb/2007:18:31:57 +0100] conn=115 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [28/Feb/2007:18:31:57 +0100] conn=115 op=1 SRCH base="dc=van-boxtel-software,dc=nl" scope=2 filter="(uid=mvheukelom)" attrs=ALL [28/Feb/2007:18:31:57 +0100] conn=115 op=1 RESULT err=0 tag=101 nentries=0 etime=0 [28/Feb/2007:18:31:59 +0100] conn=114 op=5 SRCH base="dc=van-boxtel-software,dc=nl" scope=2 filter="(&(objectClass=posixAccount)(uid=mvheukelom))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [28/Feb/2007:18:31:59 +0100] conn=114 op=5 RESULT err=0 tag=101 nentries=0 etime=0
err=0 so it looks o.k.
thnx
----- Original Message ----- From: J. Hartman To: Fedora Directory server developer discussion. Sent: Wednesday, February 28, 2007 4:02 PM Subject: Re: [Fedora-directory-devel] LDAP Authentication
Hi,
In your client's ldap.conf, the rootbinddn should be set to a real account object, possibly the "cn=directory manager".
In access log, you can see that the client is trying to bind as "dc=example,dc=com" (server's naming context!), and err=48 shows that the entry doesn't have userPassword attribute.
Try commenting out the rootbinddn line or use "cn=directory manager".
Regards, Joona Hartman
On 2/28/07, Michiel van Heukelom - Van Boxtel Software BV < mvheukelom@van-boxtel-software.nl> wrote:
Problem with authenticate.
I've installed fedora-ds-1.0.4-1.RHEL4.i386.opt.rpm and it seems to be working fine. I can manage users by the console. On another machine i want to use the directory, but when ik log in, in /var/log/messages i get the following error:
Feb 23 13:07:59 ldap-vm4 remote(pam_unix)[3885]: check pass; user unknown
Feb 23 13:07:59 ldap-vm4 remote(pam_unix)[3885]: authentication failure; logname= uid=0 euid=0 tty=pts/2 ruser= rhost=192.168.100.176
Feb 23 13:07:59 ldap-vm4 remote(pam_unix)[3885]: could not identify user (from getpwnam(mvheukelom))
Feb 23 13:07:59 ldap-vm4 login[3885]: User not known to the underlying authentication module
On my ldap server the file /opt/fedora-ds/slapd/logs/access
[28/Feb/2007:11:27:49 +0100] conn=250 op=0 BIND dn="dc=example,dc=com" method=128 version=3 [28/Feb/2007:11:27:49 +0100] conn=250 op=0 RESULT err=48 tag=97 nentries=0 etime=0 [28/Feb/2007:11:27:51 +0100] conn=251 fd=67 slot=67 connection from 192.168.100.118 to 192.168.100.119 [28/Feb/2007:11:27:51 +0100] conn=251 op=0 BIND dn="dc=example,dc=com" method=128 version=3 [28/Feb/2007:11:27:51 +0100] conn=251 op=0 RESULT err=48 tag=97 nentries=0 etime=0 [28/Feb/2007:11:27:51 +0100] conn=251 op=1 UNBIND [28/Feb/2007:11:27:51 +0100] conn=251 op=1 fd=67 closed - U1
my ldap.conf on my client:
host 192.168.100.119
base dc=Example,dc=com
rootbinddn dc=example,dc=com
In authconfig i've made the changes to: use ladap and user ldap authentication. I've also filled in my server (IP-number) and my base.
Can someone advise me what to check please....
Best regards,
Michiel van Heukelom
Van Boxtel Software B.V.
Phone: +31 (0) 492 - 327 357 Fax: +31 (0) 492 - 324 326 E-mail: mvheukelom@van-boxtel-software.nl Website: www.van-boxtel-software.nl
-- Fedora-directory-devel mailing list Fedora-directory-devel@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-devel
------------------------------------------------------------------------------
-- Fedora-directory-devel mailing list Fedora-directory-devel@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-devel
389-devel@lists.fedoraproject.org
-
J. Hartman -
Michiel van Heukelom - Van Boxtel Software BV -
Rich Megginson