[CentOS] Problems with nss_ldap - where to start?

Wed Dec 16 20:08:48 UTC 2009
Peter Serwe <peter.serwe at gmail.com>

and, of course:

Dec 16 12:05:31 ldap sshd[11705]: Failed password for invalid user tactest
from 127.0.0.1 port 52949 ssh2

Peter


On Wed, Dec 16, 2009 at 12:07 PM, Peter Serwe <peter.serwe at gmail.com> wrote:

> Found an ldif user recipe for CentOS5.2..
>
> Added the user "tactest" with the password "tactest".
>
> Dec 16 12:05:30 ldap sshd[11705]pam_unix(sshd:auth): check pass; user
> unknown
> Dec 16 12:05:30 ldap sshd[11705]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ldap
> Dec 16 12:05:30 ldap sshd[11705]: pam_succeed_if(sshd:auth): error
> retrieving information about user tactest
>
> auth still fails.
>
> Peter
>
>
> On Wed, Dec 16, 2009 at 11:49 AM, Peter Serwe <peter.serwe at gmail.com>wrote:
>
>> I was going to say no TLS on either side.
>>
>> Specifically because I wanted to make sure that I was doing it with basic
>> auth prior to using tls, but I found TLS lines in the /etc/ldap.conf.
>>
>> I commented those out, and guess what, no more nss_ldap messages in
>> /var/log/messages..
>>
>> Now, I'm somewhat guessing that my directory doesn't have the right
>> information in it.  Maybe I just need an ldif recipe for adding the users.
>>
>> Peter
>>
>>
>> On Wed, Dec 16, 2009 at 11:33 AM, <m.roth at 5-cent.us> wrote:
>>
>>>
>>> First question: do you have tls enabled on the client, and not the
>>> server,
>>> or vice versa?
>>>
>>> Second question: on the server, can you do a search?
>>>
>>> Handy tool: webmin has a whole ldap section, and can give you a *lot* of
>>> clues as to what's going wrong.
>>>
>>>       mark
>>>
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> http://lists.centos.org/mailman/listinfo/centos
>>>
>>
>>
>>
>> --
>> Peter Serwe
>> http://truthlightway.blogspot.com/
>>
>
>
>
> --
> Peter Serwe
> http://truthlightway.blogspot.com/
>



-- 
Peter Serwe
http://truthlightway.blogspot.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20091216/ad282bce/attachment-0005.html>