[openldap/sssd] Inloggen op ldap users faalt

zondag 10 juni 2012 11:45

Acties:

0 Henk 'm!

Topicstarter

Hallo allen,

Ik probeer in mijn eigen speeltuintje thuis een ldap authenticatierealm in elkaar te zetten. Nu dacht ik er bijna te zijn, maar toch niet helemaal...

Ik kan met getent de ldap users zien maar inloggen lukt niet...

De log van de sssd backend ziet er als volgt uit

code:

Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [be_get_account_info] (4): Got request for [3][1][name=wouterhummelink]
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [fo_resolve_service_send] (4): Trying to resolve service 'LDAP'
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [set_server_common_status] (4): Marking server '127.0.0.1' as 'resolving name'
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [set_server_common_status] (4): Marking server '127.0.0.1' as 'name resolved'
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [be_resolve_server_done] (4): Found address for server 127.0.0.1: [127.0.0.1] TTL 7200
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [sdap_get_server_opts_from_rootdse] (5): No known USN scheme is supported by this server!
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [sdap_get_server_opts_from_rootdse] (5): Will use modification timestamp as usn!
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [simple_bind_send] (4): Executing simple bind as: (null)
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [simple_bind_done] (5): Server returned no controls.
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [simple_bind_done] (3): Bind result: Success(0), (null)
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [fo_set_port_status] (4): Marking port 389 of server '127.0.0.1' as 'working'
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [set_server_common_status] (4): Marking server '127.0.0.1' as 'working'
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [acctinfo_callback] (4): Request processed. Returned 0,0,Success
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [be_pam_handler] (4): Got request with the following data
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [pam_print_data] (4): command: PAM_AUTHENTICATE
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [pam_print_data] (4): domain: BLAEYZE.NET
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [pam_print_data] (4): user: wouterhummelink
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [pam_print_data] (4): service: su
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [pam_print_data] (4): tty: pts/1
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [pam_print_data] (4): ruser: wouter
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [pam_print_data] (4): rhost: 
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [pam_print_data] (4): authtok type: 1
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [pam_print_data] (4): authtok size: 10
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [pam_print_data] (4): newauthtok type: 0
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [pam_print_data] (4): newauthtok size: 0
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [pam_print_data] (4): priv: 0
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [pam_print_data] (4): cli_pid: 10037
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [fo_resolve_service_send] (4): Trying to resolve service 'LDAP'
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [be_resolve_server_done] (4): Found address for server 127.0.0.1: [127.0.0.1] TTL 7200
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [sdap_sys_connect_done] (4): Executing START TLS
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [sdap_connect_done] (3): START TLS result: Success(0), (null)
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [fo_set_port_status] (4): Marking port 389 of server '127.0.0.1' as 'working'
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [set_server_common_status] (4): Marking server '127.0.0.1' as 'working'
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [simple_bind_send] (4): Executing simple bind as: uid=wouterhummelink,ou=People,dc=blaeyze,dc=net
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [sdap_process_result] (4): ldap_result gave -1, something bad happend!
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [be_pam_handler_callback] (4): Backend returned: (3, 4, <NULL>) [Internal Error (System error)]
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [be_pam_handler_callback] (4): Sending result [4][BLAEYZE.NET]
(Sun Jun 10 11:23:21 2012) [sssd[be[BLAEYZE.NET]]] [be_pam_handler_callback] (4): Sent result [4][BLAEYZE.NET]

Ik kan helaas op google niks vinden wat [sdap_process_result] (4): ldap_result gave -1, something bad happend! zou moeten inhouden, laat staan een oplossing.
Getent geeft echter wel netjes de juiste info terug

code:

1 2	[wouter@savil ~]$ getent -s sss passwd wouterhummelink wouterhummelink:*:502:502:wouter:/home/wouterhummelink:/bin/bash

Wie heeft er suggesties?

maandag 11 juni 2012 09:54

Acties:

0 Henk 'm!

Yarno

Ik zie constant localhost IP's voorbij komen.
Probeer je op de machine zelf aan te melden of een externe machine?

maandag 11 juni 2012 10:41

Acties:

0 Henk 'm!

delenn

Topicstarter

Ik probeer het eerst lokaal op die machine werkend te krijgen ja.
Mijn andere machine komt nauwelijks verder overigens maar die heeft nog een ander issue met certificaat vertrouwen uit een self-signed CA.

dinsdag 12 juni 2012 18:03

Acties:

0 Henk 'm!

Oid

Enige configuratie is wel handig denk ik om te kunnen troubleshooten.

Onderwerpen