Hi
with pleasure, even though there is nothing relevant to ldap
authentication:
Mar 6 17:50:20 medulis sshd[4928]: Server listening on :: port 22.
Mar 6 17:50:21 medulis sshd[4928]: error: Bind to port 22 on 0.0.0.0
failed: Address already in use.
Mar 6 17:55:59 medulis sudo: root : TTY=unknown ; PWD=/ ;
USER=mirjam ; COMMAND=/usr/bin/gconftool
--get /system/http_proxy/use_http_proxy
Mar 6 17:55:59 medulis sudo: pam_unix(sudo:session): session opened for
user mirjam by (uid=0)
Mar 6 17:55:59 medulis sudo: pam_unix(sudo:session): session closed for
user mirjam
Mar 6 17:56:00 medulis sudo: root : TTY=unknown ; PWD=/ ;
USER=mirjam ; COMMAND=/usr/bin/gconftool --get /system/http_proxy/host
Mar 6 17:56:00 medulis sudo: pam_unix(sudo:session): session opened for
user mirjam by (uid=0)
Mar 6 17:56:00 medulis sudo: pam_unix(sudo:session): session closed for
user mirjam
Mar 6 17:56:00 medulis sudo: root : TTY=unknown ; PWD=/ ;
USER=mirjam ; COMMAND=/usr/bin/gconftool --get /system/http_proxy/port
Mar 6 17:56:00 medulis sudo: pam_unix(sudo:session): session opened for
user mirjam by (uid=0)
Mar 6 17:56:00 medulis sudo: pam_unix(sudo:session): session closed for
user mirjam
Mar 6 18:17:01 medulis CRON[12599]: pam_unix(cron:session): session
opened for user root by (uid=0)
Mar 6 18:17:01 medulis CRON[12599]: pam_unix(cron:session): session
closed for user root
Mar 6 18:17:17 medulis gdm[5712]: pam_unix(gdm:session): session opened
for user mirjam by (uid=0)
Mar 6 19:09:15 medulis sshd[18307]: Accepted password for fidel from
192.168.0.50 port 52652 ssh2
Mar 6 19:09:15 medulis sshd[18313]: pam_unix(sshd:session): session
opened for user fidel by (uid=0)
Mar 6 19:09:20 medulis sudo: fidel : TTY=pts/0 ; PWD=/home/fidel ;
USER=root ; COMMAND=/bin/su -
Mar 6 19:09:20 medulis sudo: pam_unix(sudo:session): session opened for
user root by fidel(uid=0)
Mar 6 19:09:20 medulis sudo: pam_unix(sudo:session): session closed for
user root
Mar 6 19:09:20 medulis su[18385]: Successful su for root by root
Mar 6 19:09:20 medulis su[18385]: + pts/0 root:root
Mar 6 19:09:20 medulis su[18385]: pam_unix(su:session): session opened
for user root by fidel(uid=0)
Really no clue, still I cannot exclude that I am missing some
configuration!!! Since on Gentoo authentication configuration is quite
transparent and in Fedora it is quite "automagic" with authconfig it is
of course possible that I did not do everything right. I already stated
the configuration of the system authentication, missed the
entire /etc/nsswitch.conf though:
/etc/nsswitch.conf:
passwd: ldap files # compat
group: ldap files # compat
shadow: ldap files # compat
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files dns
services: db files
protocols: db files
rpc: db files
ethers: db files
netgroup nis
And of course the ldap configuration:
/etc/ldap.conf:
BASE dc=hektor,dc=nigel
URI ldap://hektor.nigel
TLS_CACERT /etc/ldap/ssl/hektor.pem
TLS_REQCERT never
Greets
Dave
Am Freitag, den 06.03.2009, 16:33 +0000 schrieb Adam Sommer:
> Can you post the relevant lines of /var/log/auth.log when trying to
> login as a LDAP user?
>
Hi
with pleasure, even though there is nothing relevant to ldap
authentication:
Mar 6 17:50:20 medulis sshd[4928]: Server listening on :: port 22. /usr/bin/ gconftool http_proxy/ use_http_ proxy sudo:session) : session opened for sudo:session) : session closed for /usr/bin/ gconftool --get /system/ http_proxy/ host sudo:session) : session opened for sudo:session) : session closed for /usr/bin/ gconftool --get /system/ http_proxy/ port sudo:session) : session opened for sudo:session) : session closed for cron:session) : session cron:session) : session gdm:session) : session opened sshd:session) : session sudo:session) : session opened for sudo:session) : session closed for su:session) : session opened
Mar 6 17:50:21 medulis sshd[4928]: error: Bind to port 22 on 0.0.0.0
failed: Address already in use.
Mar 6 17:55:59 medulis sudo: root : TTY=unknown ; PWD=/ ;
USER=mirjam ; COMMAND=
--get /system/
Mar 6 17:55:59 medulis sudo: pam_unix(
user mirjam by (uid=0)
Mar 6 17:55:59 medulis sudo: pam_unix(
user mirjam
Mar 6 17:56:00 medulis sudo: root : TTY=unknown ; PWD=/ ;
USER=mirjam ; COMMAND=
Mar 6 17:56:00 medulis sudo: pam_unix(
user mirjam by (uid=0)
Mar 6 17:56:00 medulis sudo: pam_unix(
user mirjam
Mar 6 17:56:00 medulis sudo: root : TTY=unknown ; PWD=/ ;
USER=mirjam ; COMMAND=
Mar 6 17:56:00 medulis sudo: pam_unix(
user mirjam by (uid=0)
Mar 6 17:56:00 medulis sudo: pam_unix(
user mirjam
Mar 6 18:17:01 medulis CRON[12599]: pam_unix(
opened for user root by (uid=0)
Mar 6 18:17:01 medulis CRON[12599]: pam_unix(
closed for user root
Mar 6 18:17:17 medulis gdm[5712]: pam_unix(
for user mirjam by (uid=0)
Mar 6 19:09:15 medulis sshd[18307]: Accepted password for fidel from
192.168.0.50 port 52652 ssh2
Mar 6 19:09:15 medulis sshd[18313]: pam_unix(
opened for user fidel by (uid=0)
Mar 6 19:09:20 medulis sudo: fidel : TTY=pts/0 ; PWD=/home/fidel ;
USER=root ; COMMAND=/bin/su -
Mar 6 19:09:20 medulis sudo: pam_unix(
user root by fidel(uid=0)
Mar 6 19:09:20 medulis sudo: pam_unix(
user root
Mar 6 19:09:20 medulis su[18385]: Successful su for root by root
Mar 6 19:09:20 medulis su[18385]: + pts/0 root:root
Mar 6 19:09:20 medulis su[18385]: pam_unix(
for user root by fidel(uid=0)
Quite interesting though the fact, that only xscreensaver is connected ungen (Server und stehende Verbindungen) switch. :www 185.dcl: imap2 nigel:52652
to the ldap server:
# netstat -patu
Aktive Internetverbind
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 *:37379 *:*
LISTEN 5374/rpc.statd
tcp 0 0 *:33093 *:*
LISTEN -
tcp 0 0 medulis.nigel:mysql *:*
LISTEN 5055/mysqld
tcp 0 0 *:sunrpc *:*
LISTEN 4306/portmap
tcp 0 0 *:ipp *:*
LISTEN 5177/cupsd
tcp 0 0 medulis.nigel:35861 mimas-nxge0.
TIME_WAIT -
tcp 0 0 medulis.nigel:48330 192.168.0.1:ldap
VERBUNDEN 13265/xscreensaver
tcp 0 0 medulis.nigel:41590 84-75-125-
VERBUNDEN 13453/evolution
tcp 0 0 medulis.nigel:56430 ns2.whoswe.ch:imap2
VERBUNDEN 13453/evolution
tcp 0 0 medulis.nigel:999 192.168.0.1:nfs
VERBUNDEN -
tcp6 0 0 [::]:ssh [::]:*
LISTEN 4928/sshd
tcp6 0 0 [::]:ipp [::]:*
LISTEN 5177/cupsd
tcp6 0 0 medulis.nigel:ssh fidelski.
VERBUNDEN 18307/sshd: fidel [
udp 0 0 *:51257 *:*
5773/avahi-daemon:
udp 0 0 *:bootpc *:*
4320/dhclient3
udp 0 0 *:46535 *:*
5374/rpc.statd
udp 0 0 *:mdns *:*
5773/avahi-daemon:
udp 0 0 *:sunrpc *:*
4306/portmap
udp 0 0 *:886 *:*
5374/rpc.statd
udp 0 0 *:ipp *:*
5177/cupsd
Really no clue, still I cannot exclude that I am missing some
configuration!!! Since on Gentoo authentication configuration is quite
transparent and in Fedora it is quite "automagic" with authconfig it is
of course possible that I did not do everything right. I already stated
the configuration of the system authentication, missed the
entire /etc/nsswitch.conf though:
/etc/nsswitch.conf:
passwd: ldap files # compat
group: ldap files # compat
shadow: ldap files # compat
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files dns
services: db files
protocols: db files
rpc: db files
ethers: db files
netgroup nis
And of course the ldap configuration:
/etc/ldap.conf:
host 192.168.0.1
base dc=hektor,dc=nigel
uri ldap:// hektor. nigel/
ldap_version 3 dc=hektor, dc=nigel ssl/hektor. pem dc=hektor, dc=nigel dc=hektor, dc=nigel dc=hektor, dc=nigel dc=hektor, dc=nigel ignoreusers autoipd, backup, bin,daemon, dhcp,games, gdm,gnats, haldaemon, hplip,irc, klog,libuuid, list,lp, mail,man, messagebus, mysql,news, polkituser, proxy,pulse, root,sshd, statd,sync, sys,syslog, uucp,www- data
rootbindn cn=admin,
port 389
bind_policy soft
pam_password crypt
ssl start_tls
tls_checkpeer no
tls_cacertfile /etc/ldap/
nss_base_passwd ou=People,
nss_base_shadow ou=People,
nss_base_group ou=Group,
nss_base_hosts ou=Hosts,
nss_initgroups_
avahi,avahi-
/etc/ldap/ ldap.conf:
BASE dc=hektor,dc=nigel ssl/hektor. pem
URI ldap://hektor.nigel
TLS_CACERT /etc/ldap/
TLS_REQCERT never
Greets
Dave
Am Freitag, den 06.03.2009, 16:33 +0000 schrieb Adam Sommer:
> Can you post the relevant lines of /var/log/auth.log when trying to
> login as a LDAP user?
>