1 |
Le Thu, 20 Apr 2006 09:02:45 -0400, Christophe PEREZ a écrit : |
2 |
|
3 |
> De plus, poursuivant à l'instant mes investigations, je me rends compte |
4 |
> que ldapsearch -x -W -D "cn=Manager,dc=novazur,dc=fr" "uid=chris" en root |
5 |
> me donne bien le résultat souhaité, aussi bien sur le serveur que le |
6 |
> client. |
7 |
|
8 |
Bon, stupide erreur de ma part. Evidemment, une simple question de droits. |
9 |
En effet, nss_ldap se base sur /etc/ldap.conf, mais les outils openldap |
10 |
(ldapsearch etc...) eux, même sur le client, se basent sur |
11 |
/etc/openldap/ldap.conf. |
12 |
Or, ce fichier était en 640 root:ldap, donc évidemment lisible |
13 |
uniquement en root. |
14 |
|
15 |
[...] |
16 |
> Ceci dit, je ne vois pas comment un problème de paramétrage sur le |
17 |
> serveur pourrait causer un dysfonctionnement de ssh sur un seul poste. |
18 |
|
19 |
Et évidemment, ça ne règle absolument pas le pb d'accès ssh. |
20 |
C'est quand même dingue. |
21 |
|
22 |
Voici les logs les plus verbeux que j'ai avec ssh, mais ça ne me |
23 |
renseigne pas beaucoup plus sur l'erreur nss_ldap : |
24 |
|
25 |
Apr 21 16:47:45 KanelXP sshd[18203]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7 |
26 |
Apr 21 16:47:45 KanelXP sshd[18194]: debug1: Forked child 18203. |
27 |
Apr 21 16:47:45 KanelXP sshd[18203]: debug1: inetd sockets after dupping: 3, 3 |
28 |
Apr 21 16:47:45 KanelXP sshd[18203]: Connection from 192.168.0.101 port 37307 |
29 |
Apr 21 16:47:45 KanelXP sshd[18203]: debug1: Client protocol version 2.0; client software version OpenSSH_4.3 |
30 |
Apr 21 16:47:45 KanelXP sshd[18203]: debug1: match: OpenSSH_4.3 pat OpenSSH* |
31 |
Apr 21 16:47:45 KanelXP sshd[18203]: debug1: Enabling compatibility mode for protocol 2.0 |
32 |
Apr 21 16:47:45 KanelXP sshd[18203]: debug1: Local version string SSH-2.0-OpenSSH_4.3 |
33 |
Apr 21 16:47:45 KanelXP sshd[18203]: debug1: temporarily_use_uid: 501/100 (e=0/0) |
34 |
Apr 21 16:47:45 KanelXP sshd[18203]: debug1: trying public key file /home/chris/.ssh/authorized_keys |
35 |
Apr 21 16:47:45 KanelXP sshd[18203]: debug1: matching key found: file /home/chris/.ssh/authorized_keys, line 2 |
36 |
Apr 21 16:47:45 KanelXP sshd[18203]: Found matching RSA key: 40:74:69:42:64:d1:0e:f6:06:58:b9:04:f5:8a:43:72 |
37 |
Apr 21 16:47:45 KanelXP sshd[18203]: debug1: restore_uid: 0/0 |
38 |
Apr 21 16:47:45 KanelXP sshd[18203]: debug1: temporarily_use_uid: 501/100 (e=0/0) |
39 |
Apr 21 16:47:45 KanelXP sshd[18203]: debug1: trying public key file /home/chris/.ssh/authorized_keys |
40 |
Apr 21 16:47:45 KanelXP sshd[18203]: debug1: matching key found: file /home/chris/.ssh/authorized_keys, line 2 |
41 |
Apr 21 16:47:45 KanelXP sshd[18203]: Found matching RSA key: 40:74:69:42:64:d1:0e:f6:06:58:b9:04:f5:8a:43:72 |
42 |
Apr 21 16:47:45 KanelXP sshd[18203]: debug1: restore_uid: 0/0 |
43 |
Apr 21 16:47:45 KanelXP sshd[18203]: debug1: ssh_rsa_verify: signature correct |
44 |
Apr 21 16:47:45 KanelXP sshd[18203]: Accepted publickey for chris from 192.168.0.101 port 37307 ssh2 |
45 |
Apr 21 16:47:45 KanelXP sshd[18203]: debug1: monitor_child_preauth: chris has been authenticated by privileged process |
46 |
Apr 21 16:47:45 KanelXP sshd[18208]: debug1: permanently_set_uid: 501/100 |
47 |
Apr 21 16:47:45 KanelXP sshd[18208]: debug1: Entering interactive session for SSH2. |
48 |
Apr 21 16:47:45 KanelXP sshd[18208]: debug1: server_init_dispatch_20 |
49 |
Apr 21 16:47:45 KanelXP sshd[18208]: debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384 |
50 |
Apr 21 16:47:45 KanelXP sshd[18208]: debug1: input_session_request |
51 |
Apr 21 16:47:45 KanelXP sshd[18208]: debug1: channel 0: new [server-session] |
52 |
Apr 21 16:47:45 KanelXP sshd[18208]: debug1: session_new: init |
53 |
Apr 21 16:47:45 KanelXP sshd[18208]: debug1: session_new: session 0 |
54 |
Apr 21 16:47:45 KanelXP sshd[18208]: debug1: session_open: channel 0 |
55 |
Apr 21 16:47:45 KanelXP sshd[18208]: debug1: session_open: session 0: link with channel 0 |
56 |
Apr 21 16:47:45 KanelXP sshd[18208]: debug1: server_input_channel_open: confirm session |
57 |
Apr 21 16:47:45 KanelXP sshd[18208]: debug1: server_input_channel_req: channel 0 request pty-req reply 0 |
58 |
Apr 21 16:47:45 KanelXP sshd[18208]: debug1: session_by_channel: session 0 channel 0 |
59 |
Apr 21 16:47:45 KanelXP sshd[18208]: debug1: session_input_channel_req: session 0 req pty-req |
60 |
Apr 21 16:47:45 KanelXP sshd[18208]: debug1: Allocating pty. |
61 |
Apr 21 16:47:45 KanelXP sshd[18203]: debug1: session_new: init |
62 |
Apr 21 16:47:45 KanelXP sshd[18203]: debug1: session_new: session 0 |
63 |
Apr 21 16:47:45 KanelXP sshd[18203]: nss_ldap: could not search LDAP server - Can't contact LDAP server |
64 |
Apr 21 16:47:45 KanelXP sshd[18203]: fatal: login_get_lastlog: Cannot find account for uid 501 |
65 |
Apr 21 16:47:45 KanelXP sshd[18203]: debug1: do_cleanup |
66 |
Apr 21 16:47:45 KanelXP sshd[18203]: debug1: session_pty_cleanup: session 0 release /dev/pts/6 |
67 |
Apr 21 16:47:45 KanelXP sshd[18203]: nss_ldap: could not search LDAP server - Can't contact LDAP server |
68 |
Apr 21 16:47:45 KanelXP sshd[18203]: fatal: login_init_entry: Cannot find user "chris" |
69 |
Apr 21 16:47:45 KanelXP sshd[18203]: debug1: do_cleanup |
70 |
Apr 21 16:47:45 KanelXP sshd[18208]: debug1: do_cleanup |
71 |
|
72 |
Je poursuis mes recherches, mais si quelqu'un a une idée... |
73 |
Merci. |
74 |
|
75 |
-- |
76 |
Christophe PEREZ |
77 |
-- |
78 |
gentoo-user-fr@g.o mailing list |