LDAP NSLCD SSH Confusion
by nitrohuffer2001 from LinuxQuestions.org on (#51K1F)
Hey folks,
I feel like a real noob asking this but it has been perplexing me to no end, for about a month now.
The scenario: I have an openeldap server and I am trying to auth to it with a linux client. Easy enough right.....
Here are my setup and some notes:
PHP Code:From the client trying to auth to ldap
Red Hat Enterprise Linux Server release 7.3 (Maipo)
* certs are in place
I can search:
PHP Code:ldapsearch -x uid=* -b dc=team,dc=company,dc=com -LLL -ZZZ
eg:
dn: uid=ldapballs,ou=People,dc=team,dc=company,dc=com
objectClass: ldapPublicKey
objectClass: person
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
cn: LDAP Balls
gidNumber: 100
homeDirectory: /ngs/app/home/ldapballs
sn: Balls
uid: ldapballs
uidNumber: 9989
gecos: LDAP Balls
givenName: LDAP
loginShell: /bin/bash
shadowLastChange: 15300
shadowMax: 99999
I can perform basic LDAP queries:
PHP Code:getent passwd ldapballs
ldapballs:x:9989:100:LDAP Balls:/ngs/app/home/ldapballs:/bin/bash
getent shadow ldapballs
ldapballs:*:15300::99999::::0
id ldapballs
uid=9989(ldapballs) gid=100(team-si) groups=100(team-si)
and i can su up if i am logged in a root already:
[root@myserver /var/log]$ su ldapballs
[ldapballs@myserver /var/log]$ id
uid=9989(ldapballs) gid=100(team-si) groups=100(team-si
Here are my configs:
PHP Code:[B]more /etc/openldap/ldap.conf[/B]
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
TLS_CACERTDIR /etc/openldap/cacerts
TLS_REQCERT allow
SSL start_tls
# Turning this off breaks GSSAPI used with krb5 when rdns = false
SASL_NOCANON on
URI ldap://site1-ldapc1.company.com/ ldap://site2-ldap1.company.com/ ldap://site3-ldap1.company.com/
BASE dc=team,dc=company,dc=com
more /etc/nsswitch.conf
PHP Code:
passwd: files compat ldap
shadow: files compat ldap
group: files compat ldap
hosts: files dns myhostname
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss
netgroup: files sss ldap
publickey: nisplus
automount: files ldap
aliases: files nisplus
more /etc/nslcd.conf
PHP Code:
# The user and group nslcd should run as.
uid nslcd
gid ldap
base dc=team,dc=company,dc=com
ssl start_tls
tls_reqcert allow
tls_cacertdir /etc/openldap/cacerts
more /etc/pam.d/system-auth
PHP Code:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session optional pam_mkhomedir.so umask=0077
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
more /etc/pam.d/password-auth
PHP Code: #%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session optional pam_mkhomedir.so umask=0077
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
Then there is my authconfig:
PHP Code:authconfig --enableldap --enableldapauth --ldapserver=site1-ldapc1.company.com,site2-ldapc1.company.com,site3-ldapc1.company.com --ldapbasedn="dc=team,dc=company,dc=com" --enablemkhomedir --update
authconfig --enableldaptls --update
authconfig --test
caching is disabled
nss_files is always enabled
nss_compat is enabled
nss_db is disabled
nss_hesiod is disabled
hesiod LHS = ""
hesiod RHS = ""
nss_ldap is enabled
LDAP+TLS is enabled
LDAP server = "ldap://site1-ldapc1.company.com/,ldap://site2-ldapc1.company.com/,ldap://site3-ldapc1.company.com/"
LDAP base DN = "dc=team,dc=company,dc=com"
nss_nis is disabled
NIS server = ""
NIS domain = ""
nss_nisplus is disabled
nss_winbind is disabled
SMB workgroup = ""
SMB servers = ""
SMB security = "user"
SMB realm = ""
Winbind template shell = "/bin/false"
SMB idmap range = "16777216-33554431"
nss_sss is enabled by default
nss_wins is disabled
nss_mdns4_minimal is disabled
myhostname is enabled
DNS preference over NSS or WINS is disabled
pam_unix is always enabled
shadow passwords are enabled
password hashing algorithm is sha512
pam_krb5 is disabled
krb5 realm = ""
krb5 realm via dns is disabled
krb5 kdc = ""
krb5 kdc via dns is disabled
krb5 admin server = ""
pam_ldap is enabled
LDAP+TLS is enabled
LDAP server = "ldap://site1-ldapc1.company.com/,ldap://site2-ldapc1.company.com/,ldap://site3-ldapc1.company.com/"
LDAP base DN = "dc=team,dc=company,dc=com"
LDAP schema = "rfc2307"
pam_pkcs11 is disabled
use only smartcard for login is disabled
smartcard module = ""
smartcard removal action = ""
pam_fprintd is disabled
pam_ecryptfs is disabled
pam_winbind is disabled
SMB workgroup = ""
SMB servers = ""
SMB security = "user"
SMB realm = ""
pam_sss is disabled by default
credential caching in SSSD is enabled
SSSD use instead of legacy services if possible is enabled
IPAv2 is disabled
IPAv2 domain was not joined
IPAv2 server = ""
IPAv2 realm = ""
IPAv2 domain = ""
pam_pwquality is enabled (try_first_pass local_users_only retry=3 authtok_type=)
pam_passwdqc is disabled ()
pam_access is disabled ()
pam_mkhomedir or pam_oddjob_mkhomedir is enabled (umask=0077)
Always authorize local users is enabled ()
Authenticate system accounts against network services is disabled
My sshd config
PHP Code:Protocol 2
SyslogFacility AUTHPRIV
PasswordAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysCommand /usr/local/bin/fetchSSHKeysFromLDAP
#AuthorizedKeysCommandUser root
ChallengeResponseAuthentication yes
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
PermitRootLogin yes
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION LC_ALL
X11Forwarding yes
Ciphers aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr
AllowGroups root team-si team-support team-dev couch-support oracle-support oracle-support1 users lala* haha*
Match Group root,team-si,team-support,team-dev,couch-support,oracle-support,oracle-support1
PermitOpen any
Match Group root,team-si,team-support,team-dev,couch-support,oracle-support,oracle-support1
Match Group lala haha
All seems to be good and then....when I attempt to login.
PHP Code:[B]In /var/log/secure when i try to login[/B]
Mar 31 23:04:48 myhost sshd[22557]: User ldapballs from myserver.company.com not allowed because not in any group
Mar 31 23:04:48 myhost sshd[22557]: input_userauth_request: invalid user ldapballs [preauth]
Mar 31 23:04:48 myhost sshd[22557]: Postponed keyboard-interactive for invalid user ldapballs from "myserver.company.com" port 52176 ssh2 [preauth]
Mar 31 23:04:53 myhost sshd[22559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=myserver.company.com user=ldapballs
Mar 31 23:04:53 myhost sshd[22559]: pam_ldap(sshd:auth): Authentication failure; user=ldapballs
Mar 31 23:04:55 myhost sshd[22557]: error: PAM: Authentication failure for illegal user ldapballs from myserver.company.com
Mar 31 23:04:55 myhostsshd[22557]: Failed keyboard-interactive/pam for invalid user ldapballs from myserver.company.com port 52176 ssh2
Mar 31 23:04:55 myserver.company.com sshd[22557]: Postponed keyboard-interactive for invalid user ldapballs from "remotehost.company.com" port 52176 ssh2 [preauth]
In /var/log/messages
PHP Code:
Apr 1 20:03:05 myserver.company.com sshd[4510]: error: Could not load host key: /etc/ssh/ssh_host_dsa_key
Apr 1 20:03:12 myserver.company.com nslcd[4159]: [58fd05] <authc="ldapballs"> uid=ldapballs,ou=People,dc=team,dc=company,dc=com: lookup failed: Invalid credentials
This is on the actual LDAP server now:
PHP Code:on actual ldapserver:
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1029 op=45 SRCH attr=uid uidNumber
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: <= bdb_equality_candidates: (uid) not indexed
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1029 op=45 SEARCH RESULT tag=101 err=0 nentries=1 text=
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1041 fd=24 ACCEPT from IP=myserver.company.com:58026 (IP=0.0.0.0:389)
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1041 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1041 op=0 STARTTLS
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1041 op=0 RESULT oid= err=0 text=
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1041 fd=24 TLS established tls_ssf=256 ssf=256
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1041 op=1 BIND dn="uid=ldapballs,ou=People,dc=team,dc=company,dc=com" method=128
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1041 op=1 RESULT tag=97 err=49 text=
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1041 op=2 UNBIND
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1041 fd=24 closed
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1029 op=46 SRCH base="ou=People,dc=team,dc=company,dc=com" scope=2 deref=0 filter="(&(objectClass=shadowAccount)(uid=ldapballs))"
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1029 op=46 SRCH attr=shadowExpire shadowInactive shadowFlag shadowWarning shadowLastChange uid shadowMin shadowMax
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: <= bdb_equality_candidates: (uid) not indexed
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1029 op=46 SEARCH RESULT tag=101 err=0 nentries=1 text=
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1029 op=47 ABANDON msg=47
Apr 1 20:13:15 bylg-ldapc1 slapd[24753]: conn=1035 op=43 SRCH base="ou=People,dc=team,dc=company,dc=com" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=ldapballs))"
Apr 1 20:13:15 bylg-ldapc1 slapd[24753]: conn=1035 op=43 SRCH attr=loginShell cn gidNumber uidNumber objectClass homeDirectory gecos uid
Apr 1 20:13:15 bylg-ldapc1 slapd[24753]: <= bdb_equality_candidates: (uid) not indexed
Apr 1 20:13:15 bylg-ldapc1 slapd[24753]: conn=1035 op=43 SEARCH RESULT tag=101 err=0 nentries=1 text=
After I enter the password for ldapballs (account made out of frustration) it just keeps prompting for the password again.
Any and all advice at this point would be greatly appreciated.
Sorry this is so long but wanted to present all the relevant information.
Thanks
Huff
I feel like a real noob asking this but it has been perplexing me to no end, for about a month now.
The scenario: I have an openeldap server and I am trying to auth to it with a linux client. Easy enough right.....
Here are my setup and some notes:
PHP Code:From the client trying to auth to ldap
Red Hat Enterprise Linux Server release 7.3 (Maipo)
* certs are in place
I can search:
PHP Code:ldapsearch -x uid=* -b dc=team,dc=company,dc=com -LLL -ZZZ
eg:
dn: uid=ldapballs,ou=People,dc=team,dc=company,dc=com
objectClass: ldapPublicKey
objectClass: person
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
cn: LDAP Balls
gidNumber: 100
homeDirectory: /ngs/app/home/ldapballs
sn: Balls
uid: ldapballs
uidNumber: 9989
gecos: LDAP Balls
givenName: LDAP
loginShell: /bin/bash
shadowLastChange: 15300
shadowMax: 99999
I can perform basic LDAP queries:
PHP Code:getent passwd ldapballs
ldapballs:x:9989:100:LDAP Balls:/ngs/app/home/ldapballs:/bin/bash
getent shadow ldapballs
ldapballs:*:15300::99999::::0
id ldapballs
uid=9989(ldapballs) gid=100(team-si) groups=100(team-si)
and i can su up if i am logged in a root already:
[root@myserver /var/log]$ su ldapballs
[ldapballs@myserver /var/log]$ id
uid=9989(ldapballs) gid=100(team-si) groups=100(team-si
Here are my configs:
PHP Code:[B]more /etc/openldap/ldap.conf[/B]
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
TLS_CACERTDIR /etc/openldap/cacerts
TLS_REQCERT allow
SSL start_tls
# Turning this off breaks GSSAPI used with krb5 when rdns = false
SASL_NOCANON on
URI ldap://site1-ldapc1.company.com/ ldap://site2-ldap1.company.com/ ldap://site3-ldap1.company.com/
BASE dc=team,dc=company,dc=com
more /etc/nsswitch.conf
PHP Code:
passwd: files compat ldap
shadow: files compat ldap
group: files compat ldap
hosts: files dns myhostname
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss
netgroup: files sss ldap
publickey: nisplus
automount: files ldap
aliases: files nisplus
more /etc/nslcd.conf
PHP Code:
# The user and group nslcd should run as.
uid nslcd
gid ldap
base dc=team,dc=company,dc=com
ssl start_tls
tls_reqcert allow
tls_cacertdir /etc/openldap/cacerts
more /etc/pam.d/system-auth
PHP Code:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session optional pam_mkhomedir.so umask=0077
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
more /etc/pam.d/password-auth
PHP Code: #%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session optional pam_mkhomedir.so umask=0077
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
Then there is my authconfig:
PHP Code:authconfig --enableldap --enableldapauth --ldapserver=site1-ldapc1.company.com,site2-ldapc1.company.com,site3-ldapc1.company.com --ldapbasedn="dc=team,dc=company,dc=com" --enablemkhomedir --update
authconfig --enableldaptls --update
authconfig --test
caching is disabled
nss_files is always enabled
nss_compat is enabled
nss_db is disabled
nss_hesiod is disabled
hesiod LHS = ""
hesiod RHS = ""
nss_ldap is enabled
LDAP+TLS is enabled
LDAP server = "ldap://site1-ldapc1.company.com/,ldap://site2-ldapc1.company.com/,ldap://site3-ldapc1.company.com/"
LDAP base DN = "dc=team,dc=company,dc=com"
nss_nis is disabled
NIS server = ""
NIS domain = ""
nss_nisplus is disabled
nss_winbind is disabled
SMB workgroup = ""
SMB servers = ""
SMB security = "user"
SMB realm = ""
Winbind template shell = "/bin/false"
SMB idmap range = "16777216-33554431"
nss_sss is enabled by default
nss_wins is disabled
nss_mdns4_minimal is disabled
myhostname is enabled
DNS preference over NSS or WINS is disabled
pam_unix is always enabled
shadow passwords are enabled
password hashing algorithm is sha512
pam_krb5 is disabled
krb5 realm = ""
krb5 realm via dns is disabled
krb5 kdc = ""
krb5 kdc via dns is disabled
krb5 admin server = ""
pam_ldap is enabled
LDAP+TLS is enabled
LDAP server = "ldap://site1-ldapc1.company.com/,ldap://site2-ldapc1.company.com/,ldap://site3-ldapc1.company.com/"
LDAP base DN = "dc=team,dc=company,dc=com"
LDAP schema = "rfc2307"
pam_pkcs11 is disabled
use only smartcard for login is disabled
smartcard module = ""
smartcard removal action = ""
pam_fprintd is disabled
pam_ecryptfs is disabled
pam_winbind is disabled
SMB workgroup = ""
SMB servers = ""
SMB security = "user"
SMB realm = ""
pam_sss is disabled by default
credential caching in SSSD is enabled
SSSD use instead of legacy services if possible is enabled
IPAv2 is disabled
IPAv2 domain was not joined
IPAv2 server = ""
IPAv2 realm = ""
IPAv2 domain = ""
pam_pwquality is enabled (try_first_pass local_users_only retry=3 authtok_type=)
pam_passwdqc is disabled ()
pam_access is disabled ()
pam_mkhomedir or pam_oddjob_mkhomedir is enabled (umask=0077)
Always authorize local users is enabled ()
Authenticate system accounts against network services is disabled
My sshd config
PHP Code:Protocol 2
SyslogFacility AUTHPRIV
PasswordAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysCommand /usr/local/bin/fetchSSHKeysFromLDAP
#AuthorizedKeysCommandUser root
ChallengeResponseAuthentication yes
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
PermitRootLogin yes
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION LC_ALL
X11Forwarding yes
Ciphers aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr
AllowGroups root team-si team-support team-dev couch-support oracle-support oracle-support1 users lala* haha*
Match Group root,team-si,team-support,team-dev,couch-support,oracle-support,oracle-support1
PermitOpen any
Match Group root,team-si,team-support,team-dev,couch-support,oracle-support,oracle-support1
Match Group lala haha
All seems to be good and then....when I attempt to login.
PHP Code:[B]In /var/log/secure when i try to login[/B]
Mar 31 23:04:48 myhost sshd[22557]: User ldapballs from myserver.company.com not allowed because not in any group
Mar 31 23:04:48 myhost sshd[22557]: input_userauth_request: invalid user ldapballs [preauth]
Mar 31 23:04:48 myhost sshd[22557]: Postponed keyboard-interactive for invalid user ldapballs from "myserver.company.com" port 52176 ssh2 [preauth]
Mar 31 23:04:53 myhost sshd[22559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=myserver.company.com user=ldapballs
Mar 31 23:04:53 myhost sshd[22559]: pam_ldap(sshd:auth): Authentication failure; user=ldapballs
Mar 31 23:04:55 myhost sshd[22557]: error: PAM: Authentication failure for illegal user ldapballs from myserver.company.com
Mar 31 23:04:55 myhostsshd[22557]: Failed keyboard-interactive/pam for invalid user ldapballs from myserver.company.com port 52176 ssh2
Mar 31 23:04:55 myserver.company.com sshd[22557]: Postponed keyboard-interactive for invalid user ldapballs from "remotehost.company.com" port 52176 ssh2 [preauth]
In /var/log/messages
PHP Code:
Apr 1 20:03:05 myserver.company.com sshd[4510]: error: Could not load host key: /etc/ssh/ssh_host_dsa_key
Apr 1 20:03:12 myserver.company.com nslcd[4159]: [58fd05] <authc="ldapballs"> uid=ldapballs,ou=People,dc=team,dc=company,dc=com: lookup failed: Invalid credentials
This is on the actual LDAP server now:
PHP Code:on actual ldapserver:
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1029 op=45 SRCH attr=uid uidNumber
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: <= bdb_equality_candidates: (uid) not indexed
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1029 op=45 SEARCH RESULT tag=101 err=0 nentries=1 text=
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1041 fd=24 ACCEPT from IP=myserver.company.com:58026 (IP=0.0.0.0:389)
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1041 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1041 op=0 STARTTLS
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1041 op=0 RESULT oid= err=0 text=
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1041 fd=24 TLS established tls_ssf=256 ssf=256
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1041 op=1 BIND dn="uid=ldapballs,ou=People,dc=team,dc=company,dc=com" method=128
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1041 op=1 RESULT tag=97 err=49 text=
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1041 op=2 UNBIND
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1041 fd=24 closed
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1029 op=46 SRCH base="ou=People,dc=team,dc=company,dc=com" scope=2 deref=0 filter="(&(objectClass=shadowAccount)(uid=ldapballs))"
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1029 op=46 SRCH attr=shadowExpire shadowInactive shadowFlag shadowWarning shadowLastChange uid shadowMin shadowMax
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: <= bdb_equality_candidates: (uid) not indexed
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1029 op=46 SEARCH RESULT tag=101 err=0 nentries=1 text=
Apr 1 20:13:12 bylg-ldapc1 slapd[24753]: conn=1029 op=47 ABANDON msg=47
Apr 1 20:13:15 bylg-ldapc1 slapd[24753]: conn=1035 op=43 SRCH base="ou=People,dc=team,dc=company,dc=com" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=ldapballs))"
Apr 1 20:13:15 bylg-ldapc1 slapd[24753]: conn=1035 op=43 SRCH attr=loginShell cn gidNumber uidNumber objectClass homeDirectory gecos uid
Apr 1 20:13:15 bylg-ldapc1 slapd[24753]: <= bdb_equality_candidates: (uid) not indexed
Apr 1 20:13:15 bylg-ldapc1 slapd[24753]: conn=1035 op=43 SEARCH RESULT tag=101 err=0 nentries=1 text=
After I enter the password for ldapballs (account made out of frustration) it just keeps prompting for the password again.
Any and all advice at this point would be greatly appreciated.
Sorry this is so long but wanted to present all the relevant information.
Thanks
Huff