Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user-fr

From: Christophe PEREZ <christophe.perez@×××××××.com>
To: gentoo-user-fr@l.g.o
Subject: [gentoo-user-fr] Re: ssh et ldap
Date: Fri, 21 Apr 2006 20:53:10
Message-Id: pan.2006.04.21.20.52.26.418238@novazur.fr
In Reply to: [gentoo-user-fr] Re: ssh et ldap by Christophe PEREZ
1 Le Thu, 20 Apr 2006 09:02:45 -0400, Christophe PEREZ a écrit :
2
3 > De plus, poursuivant à l'instant mes investigations, je me rends compte
4 > que ldapsearch -x -W -D "cn=Manager,dc=novazur,dc=fr" "uid=chris" en root
5 > me donne bien le résultat souhaité, aussi bien sur le serveur que le
6 > client.
7
8 Bon, stupide erreur de ma part. Evidemment, une simple question de droits.
9 En effet, nss_ldap se base sur /etc/ldap.conf, mais les outils openldap
10 (ldapsearch etc...) eux, même sur le client, se basent sur
11 /etc/openldap/ldap.conf.
12 Or, ce fichier était en 640 root:ldap, donc évidemment lisible
13 uniquement en root.
14
15 [...]
16 > Ceci dit, je ne vois pas comment un problème de paramétrage sur le
17 > serveur pourrait causer un dysfonctionnement de ssh sur un seul poste.
18
19 Et évidemment, ça ne règle absolument pas le pb d'accès ssh.
20 C'est quand même dingue.
21
22 Voici les logs les plus verbeux que j'ai avec ssh, mais ça ne me
23 renseigne pas beaucoup plus sur l'erreur nss_ldap :
24
25 Apr 21 16:47:45 KanelXP sshd[18203]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7
26 Apr 21 16:47:45 KanelXP sshd[18194]: debug1: Forked child 18203.
27 Apr 21 16:47:45 KanelXP sshd[18203]: debug1: inetd sockets after dupping: 3, 3
28 Apr 21 16:47:45 KanelXP sshd[18203]: Connection from 192.168.0.101 port 37307
29 Apr 21 16:47:45 KanelXP sshd[18203]: debug1: Client protocol version 2.0; client software version OpenSSH_4.3
30 Apr 21 16:47:45 KanelXP sshd[18203]: debug1: match: OpenSSH_4.3 pat OpenSSH*
31 Apr 21 16:47:45 KanelXP sshd[18203]: debug1: Enabling compatibility mode for protocol 2.0
32 Apr 21 16:47:45 KanelXP sshd[18203]: debug1: Local version string SSH-2.0-OpenSSH_4.3
33 Apr 21 16:47:45 KanelXP sshd[18203]: debug1: temporarily_use_uid: 501/100 (e=0/0)
34 Apr 21 16:47:45 KanelXP sshd[18203]: debug1: trying public key file /home/chris/.ssh/authorized_keys
35 Apr 21 16:47:45 KanelXP sshd[18203]: debug1: matching key found: file /home/chris/.ssh/authorized_keys, line 2
36 Apr 21 16:47:45 KanelXP sshd[18203]: Found matching RSA key: 40:74:69:42:64:d1:0e:f6:06:58:b9:04:f5:8a:43:72
37 Apr 21 16:47:45 KanelXP sshd[18203]: debug1: restore_uid: 0/0
38 Apr 21 16:47:45 KanelXP sshd[18203]: debug1: temporarily_use_uid: 501/100 (e=0/0)
39 Apr 21 16:47:45 KanelXP sshd[18203]: debug1: trying public key file /home/chris/.ssh/authorized_keys
40 Apr 21 16:47:45 KanelXP sshd[18203]: debug1: matching key found: file /home/chris/.ssh/authorized_keys, line 2
41 Apr 21 16:47:45 KanelXP sshd[18203]: Found matching RSA key: 40:74:69:42:64:d1:0e:f6:06:58:b9:04:f5:8a:43:72
42 Apr 21 16:47:45 KanelXP sshd[18203]: debug1: restore_uid: 0/0
43 Apr 21 16:47:45 KanelXP sshd[18203]: debug1: ssh_rsa_verify: signature correct
44 Apr 21 16:47:45 KanelXP sshd[18203]: Accepted publickey for chris from 192.168.0.101 port 37307 ssh2
45 Apr 21 16:47:45 KanelXP sshd[18203]: debug1: monitor_child_preauth: chris has been authenticated by privileged process
46 Apr 21 16:47:45 KanelXP sshd[18208]: debug1: permanently_set_uid: 501/100
47 Apr 21 16:47:45 KanelXP sshd[18208]: debug1: Entering interactive session for SSH2.
48 Apr 21 16:47:45 KanelXP sshd[18208]: debug1: server_init_dispatch_20
49 Apr 21 16:47:45 KanelXP sshd[18208]: debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384
50 Apr 21 16:47:45 KanelXP sshd[18208]: debug1: input_session_request
51 Apr 21 16:47:45 KanelXP sshd[18208]: debug1: channel 0: new [server-session]
52 Apr 21 16:47:45 KanelXP sshd[18208]: debug1: session_new: init
53 Apr 21 16:47:45 KanelXP sshd[18208]: debug1: session_new: session 0
54 Apr 21 16:47:45 KanelXP sshd[18208]: debug1: session_open: channel 0
55 Apr 21 16:47:45 KanelXP sshd[18208]: debug1: session_open: session 0: link with channel 0
56 Apr 21 16:47:45 KanelXP sshd[18208]: debug1: server_input_channel_open: confirm session
57 Apr 21 16:47:45 KanelXP sshd[18208]: debug1: server_input_channel_req: channel 0 request pty-req reply 0
58 Apr 21 16:47:45 KanelXP sshd[18208]: debug1: session_by_channel: session 0 channel 0
59 Apr 21 16:47:45 KanelXP sshd[18208]: debug1: session_input_channel_req: session 0 req pty-req
60 Apr 21 16:47:45 KanelXP sshd[18208]: debug1: Allocating pty.
61 Apr 21 16:47:45 KanelXP sshd[18203]: debug1: session_new: init
62 Apr 21 16:47:45 KanelXP sshd[18203]: debug1: session_new: session 0
63 Apr 21 16:47:45 KanelXP sshd[18203]: nss_ldap: could not search LDAP server - Can't contact LDAP server
64 Apr 21 16:47:45 KanelXP sshd[18203]: fatal: login_get_lastlog: Cannot find account for uid 501
65 Apr 21 16:47:45 KanelXP sshd[18203]: debug1: do_cleanup
66 Apr 21 16:47:45 KanelXP sshd[18203]: debug1: session_pty_cleanup: session 0 release /dev/pts/6
67 Apr 21 16:47:45 KanelXP sshd[18203]: nss_ldap: could not search LDAP server - Can't contact LDAP server
68 Apr 21 16:47:45 KanelXP sshd[18203]: fatal: login_init_entry: Cannot find user "chris"
69 Apr 21 16:47:45 KanelXP sshd[18203]: debug1: do_cleanup
70 Apr 21 16:47:45 KanelXP sshd[18208]: debug1: do_cleanup
71
72 Je poursuis mes recherches, mais si quelqu'un a une idée...
73 Merci.
74
75 --
76 Christophe PEREZ
77 --
78 gentoo-user-fr@g.o mailing list

Replies

Subject Author
[gentoo-user-fr] Re: ssh et ldap Christophe PEREZ <christophe.perez@×××××××.com>
Report Message
Find on MARC Find on Google Groups