Hello
commented out "ssl start_tls" and added "ssl on" , in ldap.conf file get below errors in /var/log/secure file :-
Jul 24 15:55:40 matrix sshd[2480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=matrix.trues.co.uk user=test1 Jul 24 15:55:40 matrix sshd[2480]: pam_ldap: ldap_simple_bind Can't contact LDAP server Jul 24 15:55:40 matrix sshd[2480]: pam_ldap: reconnecting to LDAP server... Jul 24 15:55:40 matrix sshd[2480]: pam_ldap: ldap_simple_bind Can't contact LDAP server Jul 24 15:55:42 matrix sshd[2480]: Failed password for test1 from 192.168.1.129 port 59436 ssh2
where the server matrix is FDS what I did was from FDS "ssh matrix.trues.co.uk -l test1" where test1 users exists in ldap dir
Regards Dharmin
Hi,
Can you check What happens if you specify
ssl start_tls
instead of "ssl on"
Regards Niranjan
On Thu, Jul 24, 2008 at 9:29 PM, Dharmin Mandalia wrote:
Hello Nalin and all
I just added "ssl on" to below /etc/ldap.conf file and get below error msg in var/log/secure file :-
sshd[6212]: pam_unix(sshd:session): session closed for user test1 sshd[6248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.1 user=test1 sshd[6248]: Accepted password for test1 from 192.168.1.1 port 47171 ssh2 sshd[6248]: pam_unix(sshd:session): session opened for user test1 by (uid=0) sshd[6248]: pam_unix(sshd:session): session closed for user test1 sshd[6284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.1 user=test1 sshd[6284]: pam_ldap: ldap_simple_bind Can't contact LDAP server shd[6284]: pam_ldap: reconnecting to LDAP server... sshd[6284]: pam_ldap: ldap_simple_bind Can't contact LDAP server sshd[6284]: Failed password for test1 from 192.168.1.1 port 47172 ssh2
With "ssl on" in ldap.conf, am unable to login via ssh
any helpers please...
regards Dharmin
Date: Thu, 24 Jul 2008 11:26:46 -0400 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: fedora-directory-users@redhat.com Subject: Re: [Fedora-directory-users] TLS Issue
On Thu, Jul 24, 2008 at 03:11:59PM +0000, Dharmin Mandalia wrote:
I've enabled TLS and am getting below error msg's in /var/log/secure
file on Fedora 9, which is my newly configured FDS , if disable TLS , am able to ssh onto the FDS server and with TLS enabled unable to login via ssh.
[snip]
sshd[5487]: nss_ldap: could not search LDAP server - Server is
unavailable
[snip]
/etc/ldap.conf file on Fedora 9, (FDS server ) shows as :-
[snip]
ssl start_tls tls_checkpeer yes tls_cacertfile /etc/openldap/cacerts/cacert.asc pam_password md5 uri ldap://127.0.0.1/ tls_cacertdir /etc/openldap/cacerts
If you're using SSL or TLS, the LDAP client library is going to compare the names in the certificate that the server uses against the value that was given in the client's configuration (in this case "127.0.0.1"), and it looks like they're not matching up here.
Typically the certificate uses an actual hostname as a "CN" value in its subject, so you'd need to specify the server URI using a hostname rather than an IP address to make sure that they match.
If that's not what's going on here, please post a copy of the certificate that the server's using so that we can have a look.
HTH,
Nalin
_________________________________________________________________ Use video conversation to talk face-to-face with Windows Live Messenger. http://www.windowslive.com/messenger/connect_your_way.html?ocid=TXT_TAGLM_WL...
On Fri, Jul 25, 2008 at 1:32 PM, Dharmin Mandalia dharmin98@hotmail.comwrote:
Hello
commented out "ssl start_tls" and added "ssl on" , in ldap.conf file get below errors in /var/log/secure file :-
Jul 24 15:55:40 matrix sshd[2480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=matrix.trues.co.uk user=test1 Jul 24 15:55:40 matrix sshd[2480]: pam_ldap: ldap_simple_bind Can't contact LDAP server Jul 24 15:55:40 matrix sshd[2480]: pam_ldap: reconnecting to LDAP server... Jul 24 15:55:40 matrix sshd[2480]: pam_ldap: ldap_simple_bind Can't contact LDAP server Jul 24 15:55:42 matrix sshd[2480]: Failed password for test1 from 192.168.1.129 port 59436 ssh2
What do you see in the FDS logs (tail /var/log/dirsrv/slapd-<instance-name>/access Can you check the basic things
1. Is the DIrectory server running on port 636 (netstat -tlnp | grep 636)
2. If you do ldapsearch -x -ZZ -b "your basedn" are you able to search
3. Does getent passwd and getent group enumerate users on the client ?
Regards Niranjan
where the server matrix is FDS what I did was from FDS "ssh matrix.trues.co.uk -l test1" where test1 users exists in ldap dir
Regards Dharmin
Hi,
Can you check What happens if you specify
ssl start_tls
instead of "ssl on"
Regards Niranjan
On Thu, Jul 24, 2008 at 9:29 PM, Dharmin Mandalia wrote:
Hello Nalin and all
I just added "ssl on" to below /etc/ldap.conf file and get below error msg in var/log/secure file :-
sshd[6212]: pam_unix(sshd:session): session closed for user test1 sshd[6248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.1 user=test1 sshd[6248]: Accepted password for test1 from 192.168.1.1 port 47171 ssh2 sshd[6248]: pam_unix(sshd:session): session opened for user test1 by (uid=0) sshd[6248]: pam_unix(sshd:session): session closed for user test1 sshd[6284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.1 user=test1 sshd[6284]: pam_ldap: ldap_simple_bind Can't contact LDAP server shd[6284]: pam_ldap: reconnecting to LDAP server... sshd[6284]: pam_ldap: ldap_simple_bind Can't contact LDAP server sshd[6284]: Failed password for test1 from 192.168.1.1 port 47172 ssh2
With "ssl on" in ldap.conf, am unable to login via ssh
any helpers please...
regards Dharmin
Date: Thu, 24 Jul 2008 11:26:46 -0400 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: fedora-directory-users@redhat.com Subject: Re: [Fedora-directory-users] TLS Issue
On Thu, Jul 24, 2008 at 03:11:59PM +0000, Dharmin Mandalia wrote:
I've enabled TLS and am getting below error msg's in /var/log/secure
file on Fedora 9, which is my newly configured FDS , if disable TLS , am able to ssh onto the FDS server and with TLS enabled unable to login via ssh.
[snip]
sshd[5487]: nss_ldap: could not search LDAP server - Server is
unavailable
[snip]
/etc/ldap.conf file on Fedora 9, (FDS server ) shows as :-
[snip]
ssl start_tls tls_checkpeer yes tls_cacertfile /etc/openldap/cacerts/cacert.asc pam_password md5 uri ldap://127.0.0.1/ tls_cacertdir /etc/openldap/cacerts
If you're using SSL or TLS, the LDAP client library is going to compare the names in the certificate that the server uses against the value that was given in the client's configuration (in this case "127.0.0.1"), and it looks like they're not matching up here.
Typically the certificate uses an actual hostname as a "CN" value in its subject, so you'd need to specify the server URI using a hostname rather than an IP address to make sure that they match.
If that's not what's going on here, please post a copy of the certificate that the server's using so that we can have a look.
HTH,
Nalin
Use video conversation to talk face-to-face with Windows Live Messenger.
http://www.windowslive.com/messenger/connect_your_way.html?ocid=TXT_TAGLM_WL...
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
389-users@lists.fedoraproject.org