and, of course:
Dec 16 12:05:31 ldap sshd[11705]: Failed password for invalid user tactest from 127.0.0.1 port 52949 ssh2
Peter
On Wed, Dec 16, 2009 at 12:07 PM, Peter Serwe peter.serwe@gmail.com wrote:
Found an ldif user recipe for CentOS5.2..
Added the user "tactest" with the password "tactest".
Dec 16 12:05:30 ldap sshd[11705]pam_unix(sshd:auth): check pass; user unknown Dec 16 12:05:30 ldap sshd[11705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ldap Dec 16 12:05:30 ldap sshd[11705]: pam_succeed_if(sshd:auth): error retrieving information about user tactest
auth still fails.
Peter
On Wed, Dec 16, 2009 at 11:49 AM, Peter Serwe peter.serwe@gmail.comwrote:
I was going to say no TLS on either side.
Specifically because I wanted to make sure that I was doing it with basic auth prior to using tls, but I found TLS lines in the /etc/ldap.conf.
I commented those out, and guess what, no more nss_ldap messages in /var/log/messages..
Now, I'm somewhat guessing that my directory doesn't have the right information in it. Maybe I just need an ldif recipe for adding the users.
Peter
On Wed, Dec 16, 2009 at 11:33 AM, m.roth@5-cent.us wrote:
First question: do you have tls enabled on the client, and not the server, or vice versa?
Second question: on the server, can you do a search?
Handy tool: webmin has a whole ldap section, and can give you a *lot* of clues as to what's going wrong.
mark
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Peter Serwe http://truthlightway.blogspot.com/
-- Peter Serwe http://truthlightway.blogspot.com/