LDAP Auth
Per Hjartoy
per at ACTIUS.COM
Mon Nov 24 09:11:48 UTC 2003
On Thu, 2003-11-20 at 23:50, Per Hjartoy wrote:
> I'm having the same problem as described and I'm running against the
AD4Unix
> schema as well. On my RH8 box, there is no problem, and I can log in via
> PAM. My FC1 was a clean install and I've updated the config files by using
a
> merge tool to make sure that I don't transfer in deprecated settings from
my
> RH8 config files. I've already spent many hours on this problem, nice to
> know that I'm not alone ;-) Hilsen, Per
I've managed to work around the issue by installing the RPM that I had
originally rebuilt for RedHat 7.3 of nss_ldap_189 for some reason
version 207 has regressed and does not authenticate to Active Directory.
I've not had a chance to rebuild the RPM source, but will try later and
let the list know of the results. The older version seems to work well
and I would be glad to make it available if anyone wants to test it.
Regards,
Joseph
-----------------
Thx Joe, I'll in urgent need of a fix. Reposting my diagnose reply as I
appears to have gotten lost during the last two days list downtime.
All,
I have traced the getent command and it fails to bind to the LDAP Server. On
my FC1 box, I get the following error (I have replaced the password with
XXXXXXXX):
uname({sys="Linux", node="odin.actius.com", ...}) = 0
time(NULL) = 1069495427
write(3,
"0B\2\1\1`=\2\1\3\4+cn=Administrator,cn=Users,dc=actius,dc=com\r\200\vXXXXXX
XXXX\r", 68) = 68
time(NULL) = 1069495427
select(1024, [3], [], NULL, {30, 0}) = 1 (in [3], left {30, 0})
read(3, "0\204\0\0\0g\2\1", 8) = 8
read(3, "\1a\204\0\0\0^\n\0011\4\0\4W80090308: LdapErr: DSID-0C09030B,
comment: AcceptSecurityContext error, data 525, v893\0", 101) = 101
time(NULL) = 1069495427
>From the RH8 box with the same configuration file it works without any
problem with the following trace:
uname({sys="Linux", node="tor.actius.com", ...}) = 0
time(NULL) = 1069494811
write(3,
"0@\2\1\1`;\2\1\3\4*cn=Administrator,cn=Users,dc=actius,dc=com\200\nXXXXXXXX
XX", 66) = 66
time(NULL) = 1069494811
select(1024, [3], [], NULL, {30, 0}) = 1 (in [3], left {30, 0})
read(3, "0\204\0\0\0\20\2\1\1a\204\0\0\0\7\n\1\0\4\0\4\0", 16384) = 22
time(NULL) = 1069494811
>From my Google search, several folks have indicated that pam/ldap is broken
in FC1. Can anyone help out and make sense of this trace?
Hilsen, Per
--
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
More information about the users
mailing list