1 |
server: OpenLDAP 2.4.43 |
2 |
clients: nss-pam-ldapd 0.9.6 |
3 |
|
4 |
I have a user configured in the OpenLDAP database and I can run ldapsearch |
5 |
from the server and get back valid results. However, I'm unable to log into |
6 |
the LDAP client from the server. It looks like the LDAP client machine is |
7 |
not authenticating, so I'm hoping to get some thoughts from others on how |
8 |
to get past this. |
9 |
|
10 |
Below is what I'm seeing when trying to log into the LDAP client from the |
11 |
server. |
12 |
|
13 |
$ ssh 10.0.1.1 |
14 |
You are required to change your password immediately (root enforced) |
15 |
WARNING: Your password has expired. |
16 |
You must change your password now and login again! |
17 |
(current) LDAP Password: |
18 |
passwd: User not known to the underlying authentication module |
19 |
passwd: password unchanged |
20 |
Connection to 10.0.1.1 closed. |
21 |
|
22 |
On the LDAP client, the following output is from running nslcd -d (debug). |
23 |
So I believe this is telling me that the LDAP client is talking to the LDAP |
24 |
server. But I do not understand why the connection is being closed, or why |
25 |
the passwd is expired.Also, running 'getent passwd' on the server returns |
26 |
all users withing /etc/passwd. Running the same command from the LDAP |
27 |
client looks like it's only returning the users from the LDAP client's |
28 |
/etc/passwd file (no users). |
29 |
|
30 |
nslcd: DEBUG: NSS_LDAP nss-pam-ldapd 0.9.6 |
31 |
nslcd: DEBUG: CFG: threads 5 |
32 |
nslcd: DEBUG: CFG: uid nslcd |
33 |
nslcd: DEBUG: CFG: gid 246 |
34 |
nslcd: DEBUG: CFG: uri ldap://10.0.0.11/ |
35 |
nslcd: DEBUG: CFG: ldap_version 3 |
36 |
nslcd: DEBUG: CFG: base dc=my,dc=example,dc=com |
37 |
nslcd: DEBUG: CFG: scope sub |
38 |
nslcd: DEBUG: CFG: deref never |
39 |
nslcd: DEBUG: CFG: referrals yes |
40 |
nslcd: DEBUG: CFG: filter aliases (objectClass=nisMailAlias) |
41 |
nslcd: DEBUG: CFG: filter ethers (objectClass=ieee802Device) |
42 |
nslcd: DEBUG: CFG: filter group (objectClass=posixGroup) |
43 |
nslcd: DEBUG: CFG: filter hosts (objectClass=ipHost) |
44 |
nslcd: DEBUG: CFG: filter netgroup (objectClass=nisNetgroup) |
45 |
nslcd: DEBUG: CFG: filter networks (objectClass=ipNetwork) |
46 |
nslcd: DEBUG: CFG: filter passwd (objectClass=posixAccount) |
47 |
nslcd: DEBUG: CFG: filter protocols (objectClass=ipProtocol) |
48 |
nslcd: DEBUG: CFG: filter rpc (objectClass=oncRpc) |
49 |
nslcd: DEBUG: CFG: filter services (objectClass=ipService) |
50 |
nslcd: DEBUG: CFG: filter shadow (objectClass=shadowAccount) |
51 |
nslcd: DEBUG: CFG: map group userPassword "*" |
52 |
nslcd: DEBUG: CFG: map passwd userPassword "*" |
53 |
nslcd: DEBUG: CFG: map passwd gecos "${gecos:-$cn}" |
54 |
nslcd: DEBUG: CFG: map shadow userPassword "*" |
55 |
nslcd: DEBUG: CFG: map shadow shadowLastChange "${shadowLastChange:--1}" |
56 |
nslcd: DEBUG: CFG: map shadow shadowMin "${shadowMin:--1}" |
57 |
nslcd: DEBUG: CFG: map shadow shadowMax "${shadowMax:--1}" |
58 |
nslcd: DEBUG: CFG: map shadow shadowWarning "${shadowWarning:--1}" |
59 |
nslcd: DEBUG: CFG: map shadow shadowInactive "${shadowInactive:--1}" |
60 |
nslcd: DEBUG: CFG: map shadow shadowExpire "${shadowExpire:--1}" |
61 |
nslcd: DEBUG: CFG: map shadow shadowFlag "${shadowFlag:-0}" |
62 |
nslcd: DEBUG: CFG: bind_timelimit 10 |
63 |
nslcd: DEBUG: CFG: timelimit 0 |
64 |
nslcd: DEBUG: CFG: idle_timelimit 0 |
65 |
nslcd: DEBUG: CFG: reconnect_sleeptime 1 |
66 |
nslcd: DEBUG: CFG: reconnect_retrytime 10 |
67 |
nslcd: DEBUG: CFG: ssl off |
68 |
nslcd: DEBUG: CFG: tls_reqcert demand |
69 |
nslcd: DEBUG: CFG: pagesize 0 |
70 |
nslcd: DEBUG: CFG: nss_min_uid 0 |
71 |
nslcd: DEBUG: CFG: nss_nested_groups no |
72 |
nslcd: DEBUG: CFG: nss_getgrent_skipmembers no |
73 |
nslcd: DEBUG: CFG: nss_disable_enumeration no |
74 |
nslcd: DEBUG: CFG: validnames /^[a-z0-9._@$()]([a-z0-9._@$() \~-]*[a-z0-9._@ |
75 |
$()~-])?$/i |
76 |
nslcd: DEBUG: CFG: ignorecase no |
77 |
nslcd: DEBUG: CFG: cache dn2uid 15m 15m |
78 |
nslcd: version 0.9.6 starting |
79 |
nslcd: DEBUG: unlink() of /run/nslcd/socket failed (ignored): No such file |
80 |
or directory |
81 |
nslcd: DEBUG: initgroups("nslcd",246) done |
82 |
nslcd: DEBUG: setgid(246) done |
83 |
nslcd: DEBUG: setuid(101) done |
84 |
nslcd: accepting connections |
85 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
86 |
nslcd: [8b4567] DEBUG: connection from pid=2850 uid=0 gid=0 |
87 |
nslcd: [8b4567] <group/member="root"> DEBUG: |
88 |
myldap_search(base="dc=my,dc=example,dc=com", |
89 |
filter="(&(objectClass=posixAccount)(uid=root))") |
90 |
nslcd: [8b4567] <group/member="root"> DEBUG: ldap_initialize(ldap:// |
91 |
10.0.0.11/) |
92 |
nslcd: [8b4567] <group/member="root"> DEBUG: ldap_set_rebind_proc() |
93 |
nslcd: [8b4567] <group/member="root"> DEBUG: |
94 |
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) |
95 |
nslcd: [8b4567] <group/member="root"> DEBUG: |
96 |
ldap_set_option(LDAP_OPT_DEREF,0) |
97 |
nslcd: [8b4567] <group/member="root"> DEBUG: |
98 |
ldap_set_option(LDAP_OPT_TIMELIMIT,0) |
99 |
nslcd: [8b4567] <group/member="root"> DEBUG: |
100 |
ldap_set_option(LDAP_OPT_TIMEOUT,0) |
101 |
nslcd: [8b4567] <group/member="root"> DEBUG: |
102 |
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0) |
103 |
nslcd: [8b4567] <group/member="root"> DEBUG: |
104 |
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) |
105 |
nslcd: [8b4567] <group/member="root"> DEBUG: |
106 |
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) |
107 |
nslcd: [8b4567] <group/member="root"> DEBUG: ldap_simple_bind_s(NULL,NULL) |
108 |
(uri="ldap://10.0.0.11/") |
109 |
nslcd: [8b4567] <group/member="root"> DEBUG: ldap_result(): end of results |
110 |
(0 total) |
111 |
nslcd: [8b4567] <group/member="root"> DEBUG: |
112 |
myldap_search(base="dc=my,dc=example,dc=com", |
113 |
filter="(&(objectClass=posixGroup)(memberUid=root))") |
114 |
nslcd: [8b4567] <group/member="root"> DEBUG: ldap_result(): end of results |
115 |
(0 total) |
116 |
nslcd: [7b23c6] DEBUG: connection from pid=27158 uid=0 gid=0 |
117 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
118 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
119 |
nslcd: [7b23c6] <passwd="james"> DEBUG: |
120 |
myldap_search(base="dc=my,dc=example,dc=com", |
121 |
filter="(&(objectClass=posixAccount)(uid=james))") |
122 |
nslcd: [7b23c6] <passwd="james"> DEBUG: ldap_initialize(ldap://10.0.0.11/) |
123 |
nslcd: [7b23c6] <passwd="james"> DEBUG: ldap_set_rebind_proc() |
124 |
nslcd: [7b23c6] <passwd="james"> DEBUG: |
125 |
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) |
126 |
nslcd: [7b23c6] <passwd="james"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0) |
127 |
nslcd: [7b23c6] <passwd="james"> DEBUG: |
128 |
ldap_set_option(LDAP_OPT_TIMELIMIT,0) |
129 |
nslcd: [7b23c6] <passwd="james"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0) |
130 |
nslcd: [7b23c6] <passwd="james"> DEBUG: |
131 |
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0) |
132 |
nslcd: [7b23c6] <passwd="james"> DEBUG: |
133 |
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) |
134 |
nslcd: [7b23c6] <passwd="james"> DEBUG: |
135 |
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) |
136 |
nslcd: [7b23c6] <passwd="james"> DEBUG: ldap_simple_bind_s(NULL,NULL) |
137 |
(uri="ldap://10.0.0.11/") |
138 |
nslcd: [7b23c6] <passwd="james"> DEBUG: ldap_result(): |
139 |
uid=james,ou=users,dc=my,dc=example,dc=com |
140 |
nslcd: [7b23c6] <passwd="james"> (re)loading /etc/nsswitch.conf |
141 |
nslcd: [7b23c6] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
142 |
total) |
143 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
144 |
nslcd: [3c9869] DEBUG: connection from pid=27158 uid=0 gid=0 |
145 |
nslcd: [3c9869] <group/member="james"> DEBUG: |
146 |
myldap_search(base="dc=my,dc=example,dc=com", |
147 |
filter="(&(objectClass=posixAccount)(uid=james))") |
148 |
nslcd: [3c9869] <group/member="james"> DEBUG: ldap_result(): |
149 |
uid=james,ou=users,dc=my,dc=example,dc=com |
150 |
nslcd: [3c9869] <group/member="james"> DEBUG: |
151 |
myldap_search(base="dc=my,dc=example,dc=com", |
152 |
filter="(&(objectClass=posixGroup)(|(memberUid=james)(member=uid=james,ou=users,dc=my,dc=example,dc=com)))") |
153 |
nslcd: [3c9869] <group/member="james"> DEBUG: ldap_result(): end of results |
154 |
(0 total) |
155 |
nslcd: [334873] DEBUG: connection from pid=27158 uid=0 gid=0 |
156 |
nslcd: [334873] <passwd="james"> DEBUG: |
157 |
myldap_search(base="dc=my,dc=example,dc=com", |
158 |
filter="(&(objectClass=posixAccount)(uid=james))") |
159 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
160 |
nslcd: [334873] <passwd="james"> DEBUG: ldap_result(): |
161 |
uid=james,ou=users,dc=my,dc=example,dc=com |
162 |
nslcd: [334873] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
163 |
total) |
164 |
nslcd: [b0dc51] DEBUG: connection from pid=27158 uid=0 gid=0 |
165 |
nslcd: [b0dc51] <passwd="james"> DEBUG: |
166 |
myldap_search(base="dc=my,dc=example,dc=com", |
167 |
filter="(&(objectClass=posixAccount)(uid=james))") |
168 |
nslcd: [b0dc51] <passwd="james"> DEBUG: ldap_result(): |
169 |
uid=james,ou=users,dc=my,dc=example,dc=com |
170 |
nslcd: [b0dc51] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
171 |
total) |
172 |
nslcd: [495cff] DEBUG: connection from pid=27158 uid=0 gid=0 |
173 |
nslcd: [495cff] <shadow="james"> DEBUG: |
174 |
myldap_search(base="dc=my,dc=example,dc=com", |
175 |
filter="(&(objectClass=shadowAccount)(uid=james))") |
176 |
nslcd: [495cff] <shadow="james"> DEBUG: ldap_result(): |
177 |
uid=james,ou=users,dc=my,dc=example,dc=com |
178 |
nslcd: [495cff] <shadow="james"> DEBUG: ldap_result(): end of results (1 |
179 |
total) |
180 |
nslcd: [e8944a] DEBUG: connection from pid=27158 uid=0 gid=0 |
181 |
nslcd: [e8944a] <passwd="james"> DEBUG: |
182 |
myldap_search(base="dc=my,dc=example,dc=com", |
183 |
filter="(&(objectClass=posixAccount)(uid=james))") |
184 |
nslcd: [e8944a] <passwd="james"> DEBUG: ldap_result(): |
185 |
uid=james,ou=users,dc=my,dc=example,dc=com |
186 |
nslcd: [e8944a] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
187 |
total) |
188 |
nslcd: [5558ec] DEBUG: connection from pid=27158 uid=0 gid=0 |
189 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
190 |
nslcd: [5558ec] <authz="james"> DEBUG: |
191 |
nslcd_pam_authz("james","sshd","","10.0.0.11","ssh") |
192 |
nslcd: [5558ec] <authz="james"> DEBUG: |
193 |
myldap_search(base="dc=my,dc=example,dc=com", |
194 |
filter="(&(objectClass=posixAccount)(uid=james))") |
195 |
nslcd: [5558ec] <authz="james"> DEBUG: ldap_result(): |
196 |
uid=james,ou=users,dc=my,dc=example,dc=com |
197 |
nslcd: [5558ec] <authz="james"> DEBUG: |
198 |
myldap_search(base="dc=my,dc=example,dc=com", |
199 |
filter="(&(objectClass=shadowAccount)(uid=james))") |
200 |
nslcd: [5558ec] <authz="james"> DEBUG: ldap_result(): |
201 |
uid=james,ou=users,dc=my,dc=example,dc=com |
202 |
nslcd: [8e1f29] DEBUG: connection from pid=27158 uid=0 gid=0 |
203 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
204 |
nslcd: [8e1f29] <passwd="james"> DEBUG: |
205 |
myldap_search(base="dc=my,dc=example,dc=com", |
206 |
filter="(&(objectClass=posixAccount)(uid=james))") |
207 |
nslcd: [8e1f29] <passwd="james"> DEBUG: ldap_result(): |
208 |
uid=james,ou=users,dc=my,dc=example,dc=com |
209 |
nslcd: [8e1f29] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
210 |
total) |
211 |
nslcd: [e87ccd] DEBUG: connection from pid=27158 uid=0 gid=0 |
212 |
nslcd: [e87ccd] <passwd="james"> DEBUG: |
213 |
myldap_search(base="dc=my,dc=example,dc=com", |
214 |
filter="(&(objectClass=posixAccount)(uid=james))") |
215 |
nslcd: [e87ccd] <passwd="james"> DEBUG: ldap_result(): |
216 |
uid=james,ou=users,dc=my,dc=example,dc=com |
217 |
nslcd: [e87ccd] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
218 |
total) |
219 |
nslcd: [1b58ba] DEBUG: connection from pid=27158 uid=0 gid=0 |
220 |
nslcd: [1b58ba] <passwd="james"> DEBUG: |
221 |
myldap_search(base="dc=my,dc=example,dc=com", |
222 |
filter="(&(objectClass=posixAccount)(uid=james))") |
223 |
nslcd: [1b58ba] <passwd="james"> DEBUG: ldap_result(): |
224 |
uid=james,ou=users,dc=my,dc=example,dc=com |
225 |
nslcd: [1b58ba] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
226 |
total) |
227 |
nslcd: [7ed7ab] DEBUG: connection from pid=27158 uid=0 gid=0 |
228 |
nslcd: [7ed7ab] <passwd="james"> DEBUG: |
229 |
myldap_search(base="dc=my,dc=example,dc=com", |
230 |
filter="(&(objectClass=posixAccount)(uid=james))") |
231 |
nslcd: [7ed7ab] <passwd="james"> DEBUG: ldap_result(): |
232 |
uid=james,ou=users,dc=my,dc=example,dc=com |
233 |
nslcd: [7ed7ab] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
234 |
total) |
235 |
nslcd: [b141f2] DEBUG: connection from pid=27158 uid=0 gid=0 |
236 |
nslcd: [b141f2] <passwd="james"> DEBUG: |
237 |
myldap_search(base="dc=my,dc=example,dc=com", |
238 |
filter="(&(objectClass=posixAccount)(uid=james))") |
239 |
nslcd: [b141f2] <passwd="james"> DEBUG: ldap_result(): |
240 |
uid=james,ou=users,dc=my,dc=example,dc=com |
241 |
nslcd: [b141f2] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
242 |
total) |
243 |
nslcd: [b71efb] DEBUG: connection from pid=27158 uid=0 gid=0 |
244 |
nslcd: [b71efb] <passwd="james"> DEBUG: |
245 |
myldap_search(base="dc=my,dc=example,dc=com", |
246 |
filter="(&(objectClass=posixAccount)(uid=james))") |
247 |
nslcd: [b71efb] <passwd="james"> DEBUG: ldap_result(): |
248 |
uid=james,ou=users,dc=my,dc=example,dc=com |
249 |
nslcd: [b71efb] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
250 |
total) |
251 |
nslcd: [e2a9e3] DEBUG: connection from pid=27158 uid=0 gid=0 |
252 |
nslcd: [e2a9e3] <passwd="james"> DEBUG: |
253 |
myldap_search(base="dc=my,dc=example,dc=com", |
254 |
filter="(&(objectClass=posixAccount)(uid=james))") |
255 |
nslcd: [e2a9e3] <passwd="james"> DEBUG: ldap_result(): |
256 |
uid=james,ou=users,dc=my,dc=example,dc=com |
257 |
nslcd: [e2a9e3] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
258 |
total) |
259 |
nslcd: [45e146] DEBUG: connection from pid=27158 uid=0 gid=0 |
260 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
261 |
nslcd: [45e146] <passwd="james"> DEBUG: |
262 |
myldap_search(base="dc=my,dc=example,dc=com", |
263 |
filter="(&(objectClass=posixAccount)(uid=james))") |
264 |
nslcd: [45e146] <passwd="james"> DEBUG: ldap_result(): |
265 |
uid=james,ou=users,dc=my,dc=example,dc=com |
266 |
nslcd: [45e146] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
267 |
total) |
268 |
nslcd: [5f007c] DEBUG: connection from pid=27158 uid=0 gid=0 |
269 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
270 |
nslcd: [5f007c] <sess_o="james"> DEBUG: |
271 |
nslcd_pam_sess_o("james","sshd","ssh","10.0.0.11",""): |
272 |
kQlRjhzsaaNBTFAtM7eBH6QP |
273 |
nslcd: [8c895d] DEBUG: connection from pid=27158 uid=0 gid=0 |
274 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
275 |
nslcd: [8c895d] <passwd="james"> DEBUG: |
276 |
myldap_search(base="dc=my,dc=example,dc=com", |
277 |
filter="(&(objectClass=posixAccount)(uid=james))") |
278 |
nslcd: [8c895d] <passwd="james"> DEBUG: ldap_result(): |
279 |
uid=james,ou=users,dc=my,dc=example,dc=com |
280 |
nslcd: [8c895d] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
281 |
total) |
282 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
283 |
nslcd: [3ab105] DEBUG: connection from pid=27163 uid=0 gid=1000 |
284 |
nslcd: [3ab105] <group/member="james"> DEBUG: |
285 |
myldap_search(base="dc=my,dc=example,dc=com", |
286 |
filter="(&(objectClass=posixAccount)(uid=james))") |
287 |
nslcd: [3ab105] <group/member="james"> DEBUG: ldap_initialize(ldap:// |
288 |
10.0.0.11/) |
289 |
nslcd: [3ab105] <group/member="james"> DEBUG: ldap_set_rebind_proc() |
290 |
nslcd: [3ab105] <group/member="james"> DEBUG: |
291 |
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) |
292 |
nslcd: [3ab105] <group/member="james"> DEBUG: |
293 |
ldap_set_option(LDAP_OPT_DEREF,0) |
294 |
nslcd: [3ab105] <group/member="james"> DEBUG: |
295 |
ldap_set_option(LDAP_OPT_TIMELIMIT,0) |
296 |
nslcd: [3ab105] <group/member="james"> DEBUG: |
297 |
ldap_set_option(LDAP_OPT_TIMEOUT,0) |
298 |
nslcd: [3ab105] <group/member="james"> DEBUG: |
299 |
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0) |
300 |
nslcd: [3ab105] <group/member="james"> DEBUG: |
301 |
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) |
302 |
nslcd: [3ab105] <group/member="james"> DEBUG: |
303 |
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) |
304 |
nslcd: [3ab105] <group/member="james"> DEBUG: ldap_simple_bind_s(NULL,NULL) |
305 |
(uri="ldap://10.0.0.11/") |
306 |
nslcd: [3ab105] <group/member="james"> DEBUG: ldap_result(): |
307 |
uid=james,ou=users,dc=my,dc=example,dc=com |
308 |
nslcd: [3ab105] <group/member="james"> DEBUG: |
309 |
myldap_search(base="dc=my,dc=example,dc=com", |
310 |
filter="(&(objectClass=posixGroup)(|(memberUid=james)(member=uid=james,ou=users,dc=my,dc=example,dc=com)))") |
311 |
nslcd: [3ab105] <group/member="james"> DEBUG: ldap_result(): end of results |
312 |
(0 total) |
313 |
nslcd: [1da317] DEBUG: connection from pid=27163 uid=0 gid=1000 |
314 |
nslcd: [1da317] <passwd="james"> DEBUG: |
315 |
myldap_search(base="dc=my,dc=example,dc=com", |
316 |
filter="(&(objectClass=posixAccount)(uid=james))") |
317 |
nslcd: [1da317] <passwd="james"> DEBUG: ldap_result(): |
318 |
uid=james,ou=users,dc=my,dc=example,dc=com |
319 |
nslcd: [1da317] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
320 |
total) |
321 |
nslcd: [43a858] DEBUG: connection from pid=27163 uid=0 gid=1000 |
322 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
323 |
nslcd: [43a858] <passwd="james"> DEBUG: |
324 |
myldap_search(base="dc=my,dc=example,dc=com", |
325 |
filter="(&(objectClass=posixAccount)(uid=james))") |
326 |
nslcd: [43a858] <passwd="james"> DEBUG: ldap_result(): |
327 |
uid=james,ou=users,dc=my,dc=example,dc=com |
328 |
nslcd: [43a858] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
329 |
total) |
330 |
nslcd: [1d5ae9] DEBUG: connection from pid=27158 uid=0 gid=0 |
331 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
332 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
333 |
nslcd: [1d5ae9] <passwd="james"> DEBUG: |
334 |
myldap_search(base="dc=my,dc=example,dc=com", |
335 |
filter="(&(objectClass=posixAccount)(uid=james))") |
336 |
nslcd: [1d5ae9] <passwd="james"> DEBUG: ldap_result(): |
337 |
uid=james,ou=users,dc=my,dc=example,dc=com |
338 |
nslcd: [1d5ae9] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
339 |
total) |
340 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
341 |
nslcd: [63845e] DEBUG: connection from pid=27164 uid=0 gid=1000 |
342 |
nslcd: [63845e] <passwd=1000> DEBUG: |
343 |
myldap_search(base="dc=my,dc=example,dc=com", |
344 |
filter="(&(objectClass=posixAccount)(uidNumber=1000))") |
345 |
nslcd: [63845e] <passwd=1000> DEBUG: ldap_result(): |
346 |
uid=james,ou=users,dc=my,dc=example,dc=com |
347 |
nslcd: [63845e] <passwd=1000> DEBUG: ldap_result(): end of results (1 total) |
348 |
nslcd: [a2a8d4] DEBUG: connection from pid=27164 uid=0 gid=1000 |
349 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
350 |
nslcd: [a2a8d4] <passwd="james"> DEBUG: |
351 |
myldap_search(base="dc=my,dc=example,dc=com", |
352 |
filter="(&(objectClass=posixAccount)(uid=james))") |
353 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
354 |
nslcd: [a2a8d4] <passwd="james"> DEBUG: ldap_result(): |
355 |
uid=james,ou=users,dc=my,dc=example,dc=com |
356 |
nslcd: [a2a8d4] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
357 |
total) |
358 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
359 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
360 |
nslcd: [edbdab] DEBUG: connection from pid=27164 uid=0 gid=1000 |
361 |
nslcd: [edbdab] <passwd="james"> DEBUG: |
362 |
myldap_search(base="dc=my,dc=example,dc=com", |
363 |
filter="(&(objectClass=posixAccount)(uid=james))") |
364 |
nslcd: [edbdab] <passwd="james"> DEBUG: ldap_result(): |
365 |
uid=james,ou=users,dc=my,dc=example,dc=com |
366 |
nslcd: [edbdab] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
367 |
total) |
368 |
nslcd: [838cb2] DEBUG: connection from pid=27164 uid=0 gid=1000 |
369 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
370 |
nslcd: [838cb2] <passwd="james"> DEBUG: |
371 |
myldap_search(base="dc=my,dc=example,dc=com", |
372 |
filter="(&(objectClass=posixAccount)(uid=james))") |
373 |
nslcd: [838cb2] <passwd="james"> DEBUG: ldap_result(): |
374 |
uid=james,ou=users,dc=my,dc=example,dc=com |
375 |
nslcd: [838cb2] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
376 |
total) |
377 |
nslcd: [53d0cd] DEBUG: connection from pid=27164 uid=0 gid=1000 |
378 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
379 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
380 |
nslcd: [53d0cd] <config=1> DEBUG: nslcd_config_get(1) |
381 |
nslcd: [03e0c6] DEBUG: connection from pid=27164 uid=0 gid=1000 |
382 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
383 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
384 |
nslcd: [03e0c6] <passwd="james"> DEBUG: |
385 |
myldap_search(base="dc=my,dc=example,dc=com", |
386 |
filter="(&(objectClass=posixAccount)(uid=james))") |
387 |
nslcd: [03e0c6] <passwd="james"> DEBUG: ldap_result(): |
388 |
uid=james,ou=users,dc=my,dc=example,dc=com |
389 |
nslcd: [03e0c6] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
390 |
total) |
391 |
nslcd: [9a769b] DEBUG: connection from pid=27164 uid=0 gid=1000 |
392 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
393 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
394 |
nslcd: [9a769b] <passwd="james"> DEBUG: |
395 |
myldap_search(base="dc=my,dc=example,dc=com", |
396 |
filter="(&(objectClass=posixAccount)(uid=james))") |
397 |
nslcd: [9a769b] <passwd="james"> DEBUG: ldap_result(): |
398 |
uid=james,ou=users,dc=my,dc=example,dc=com |
399 |
nslcd: [9a769b] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
400 |
total) |
401 |
nslcd: [e49eb4] DEBUG: connection from pid=27164 uid=0 gid=1000 |
402 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
403 |
nslcd: [e49eb4] <authc="james"> DEBUG: |
404 |
nslcd_pam_authc("james","passwd","***") |
405 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
406 |
nslcd: [e49eb4] <authc="james"> DEBUG: |
407 |
myldap_search(base="dc=my,dc=example,dc=com", |
408 |
filter="(&(objectClass=posixAccount)(uid=james))") |
409 |
nslcd: [e49eb4] <authc="james"> DEBUG: ldap_result(): |
410 |
uid=james,ou=users,dc=my,dc=example,dc=com |
411 |
nslcd: [e49eb4] <authc="james"> DEBUG: |
412 |
myldap_search(base="uid=james,ou=users,dc=my,dc=example,dc=com", |
413 |
filter="(objectClass=*)") |
414 |
nslcd: [e49eb4] <authc="james"> DEBUG: ldap_initialize(ldap://10.0.0.11/) |
415 |
nslcd: [e49eb4] <authc="james"> DEBUG: ldap_set_rebind_proc() |
416 |
nslcd: [e49eb4] <authc="james"> DEBUG: |
417 |
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) |
418 |
nslcd: [e49eb4] <authc="james"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0) |
419 |
nslcd: [e49eb4] <authc="james"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0) |
420 |
nslcd: [e49eb4] <authc="james"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0) |
421 |
nslcd: [e49eb4] <authc="james"> DEBUG: |
422 |
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0) |
423 |
nslcd: [e49eb4] <authc="james"> DEBUG: |
424 |
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) |
425 |
nslcd: [e49eb4] <authc="james"> DEBUG: |
426 |
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) |
427 |
nslcd: [e49eb4] <authc="james"> DEBUG: |
428 |
ldap_sasl_bind("uid=james,ou=users,dc=my,dc=example,dc=com","***") |
429 |
(uri="ldap://10.0.0.11/") |
430 |
nslcd: [e49eb4] <authc="james"> DEBUG: ldap_result(): |
431 |
uid=james,ou=users,dc=my,dc=example,dc=com |
432 |
nslcd: [e49eb4] <authc="james"> DEBUG: ldap_unbind() |
433 |
nslcd: [e49eb4] <authc="james"> DEBUG: bind successful |
434 |
nslcd: [e49eb4] <authc="james"> DEBUG: |
435 |
myldap_search(base="dc=my,dc=example,dc=com", |
436 |
filter="(&(objectClass=shadowAccount)(uid=james))") |
437 |
nslcd: [e49eb4] <authc="james"> DEBUG: ldap_result(): |
438 |
uid=james,ou=users,dc=my,dc=example,dc=com |
439 |
nslcd: [e49eb4] <authc="james"> uid=james,ou=users,dc=my,dc=example,dc=com: |
440 |
"${shadowLastChange:--1}": need a new password |
441 |
nslcd: [f32454] DEBUG: connection from pid=27158 uid=0 gid=0 |
442 |
nslcd: [f32454] <passwd="james"> DEBUG: |
443 |
myldap_search(base="dc=my,dc=example,dc=com", |
444 |
filter="(&(objectClass=posixAccount)(uid=james))") |
445 |
nslcd: [f32454] <passwd="james"> DEBUG: ldap_result(): |
446 |
uid=james,ou=users,dc=my,dc=example,dc=com |
447 |
nslcd: [f32454] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
448 |
total) |
449 |
nslcd: [a88611] DEBUG: connection from pid=27158 uid=0 gid=0 |
450 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
451 |
nslcd: [a88611] <passwd="james"> DEBUG: |
452 |
myldap_search(base="dc=my,dc=example,dc=com", |
453 |
filter="(&(objectClass=posixAccount)(uid=james))") |
454 |
nslcd: [a88611] <passwd="james"> DEBUG: ldap_result(): |
455 |
uid=james,ou=users,dc=my,dc=example,dc=com |
456 |
nslcd: [a88611] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
457 |
total) |
458 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
459 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
460 |
nslcd: [36c40e] DEBUG: connection from pid=27158 uid=0 gid=0 |
461 |
nslcd: [36c40e] <sess_c="james"> DEBUG: |
462 |
nslcd_pam_sess_c("james","sshd",kQlRjhzsaaNBTFAtM7eBH6QP) |
463 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
464 |
nslcd: [901d82] DEBUG: connection from pid=27158 uid=0 gid=0 |
465 |
nslcd: [901d82] <passwd="james"> DEBUG: |
466 |
myldap_search(base="dc=my,dc=example,dc=com", |
467 |
filter="(&(objectClass=posixAccount)(uid=james))") |
468 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
469 |
nslcd: [901d82] <passwd="james"> DEBUG: ldap_result(): |
470 |
uid=james,ou=users,dc=my,dc=example,dc=com |
471 |
nslcd: [901d82] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
472 |
total) |
473 |
nslcd: [95f874] DEBUG: connection from pid=27158 uid=0 gid=0 |
474 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
475 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
476 |
nslcd: [95f874] <passwd="james"> DEBUG: |
477 |
myldap_search(base="dc=my,dc=example,dc=com", |
478 |
filter="(&(objectClass=posixAccount)(uid=james))") |
479 |
nslcd: [95f874] <passwd="james"> DEBUG: ldap_result(): |
480 |
uid=james,ou=users,dc=my,dc=example,dc=com |
481 |
nslcd: [95f874] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
482 |
total) |
483 |
nslcd: [138641] DEBUG: connection from pid=27158 uid=0 gid=0 |
484 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
485 |
nslcd: [138641] <passwd="james"> DEBUG: |
486 |
myldap_search(base="dc=my,dc=example,dc=com", |
487 |
filter="(&(objectClass=posixAccount)(uid=james))") |
488 |
nslcd: [138641] <passwd="james"> DEBUG: ldap_result(): |
489 |
uid=james,ou=users,dc=my,dc=example,dc=com |
490 |
nslcd: [138641] <passwd="james"> DEBUG: ldap_result(): end of results (1 |
491 |
total) |
492 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
493 |
nslcd: [7ff521] DEBUG: connection from pid=27173 uid=0 gid=0 |
494 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
495 |
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable |
496 |
nslcd: [7ff521] <group/member="root"> DEBUG: |
497 |
myldap_search(base="dc=my,dc=example,dc=com", |
498 |
filter="(&(objectClass=posixAccount)(uid=root))") |
499 |
nslcd: [7ff521] <group/member="root"> DEBUG: ldap_initialize(ldap:// |
500 |
10.0.0.11/) |
501 |
nslcd: [7ff521] <group/member="root"> DEBUG: ldap_set_rebind_proc() |
502 |
nslcd: [7ff521] <group/member="root"> DEBUG: |
503 |
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) |
504 |
nslcd: [7ff521] <group/member="root"> DEBUG: |
505 |
ldap_set_option(LDAP_OPT_DEREF,0) |
506 |
nslcd: [7ff521] <group/member="root"> DEBUG: |
507 |
ldap_set_option(LDAP_OPT_TIMELIMIT,0) |
508 |
nslcd: [7ff521] <group/member="root"> DEBUG: |
509 |
ldap_set_option(LDAP_OPT_TIMEOUT,0) |
510 |
nslcd: [7ff521] <group/member="root"> DEBUG: |
511 |
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0) |
512 |
nslcd: [7ff521] <group/member="root"> DEBUG: |
513 |
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) |
514 |
nslcd: [7ff521] <group/member="root"> DEBUG: |
515 |
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) |
516 |
nslcd: [7ff521] <group/member="root"> DEBUG: ldap_simple_bind_s(NULL,NULL) |
517 |
(uri="ldap://10.0.0.11/") |
518 |
nslcd: [7ff521] <group/member="root"> DEBUG: ldap_result(): end of results |
519 |
(0 total) |
520 |
nslcd: [7ff521] <group/member="root"> DEBUG: |
521 |
myldap_search(base="dc=my,dc=example,dc=com", |
522 |
filter="(&(objectClass=posixGroup)(memberUid=root))") |
523 |
nslcd: [7ff521] <group/member="root"> DEBUG: ldap_result(): end of results |
524 |
(0 total) |
525 |
|
526 |
These are my LDAP clients pam.d files. |
527 |
|
528 |
/etc/pam.d/passwd |
529 |
auth sufficient pam_rootok.so |
530 |
auth include system-auth |
531 |
account include system-auth |
532 |
password include system-auth |
533 |
|
534 |
/etc/pam.d/sshd |
535 |
auth include system-remote-login |
536 |
account include system-remote-login |
537 |
password include system-remote-login |
538 |
session include system-remote-login |
539 |
|
540 |
/etc/pam.d/system-auth |
541 |
auth required pam_env.so |
542 |
auth required pam_unix.so try_first_pass likeauth nullok |
543 |
auth optional pam_permit.so |
544 |
auth sufficient pam_ldap.so use_first_pass |
545 |
account required pam_unix.so |
546 |
account optional pam_permit.so |
547 |
account sufficient pam_ldap.so |
548 |
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 |
549 |
ocredit=2 retry=3 |
550 |
password required pam_unix.so try_first_pass use_authtok |
551 |
nullok sha512 shadow |
552 |
password optional pam_permit.so |
553 |
password sufficient pam_ldap.so use_authtok use_first_pass |
554 |
session required pam_limits.so |
555 |
session required pam_env.so |
556 |
session required pam_unix.so |
557 |
session optional pam_permit.so |
558 |
session optional pam_ldap.so |
559 |
|
560 |
/etc/pam.d/system-remote-login |
561 |
auth include system-login |
562 |
account include system-login |
563 |
password include system-login |
564 |
session include system-login |
565 |
|
566 |
/etc/pamd/system-login |
567 |
auth required pam_tally2.so onerr=succeed |
568 |
auth required pam_shells.so |
569 |
auth required pam_nologin.so |
570 |
auth include system-auth |
571 |
account required pam_access.so |
572 |
account required pam_nologin.so |
573 |
account include system-auth |
574 |
account required pam_tally2.so onerr=succeed |
575 |
password include system-auth |
576 |
session optional pam_loginuid.so |
577 |
session required pam_env.so |
578 |
session optional pam_lastlog.so silent |
579 |
session include system-auth |
580 |
session optional pam_motd.so motd=/etc/motd |
581 |
session optional pam_mail.so |
582 |
|
583 |
/etc/nslcd.conf |
584 |
uid nslcd |
585 |
gid nslcd |
586 |
uri ldap://10.0.0.11 |
587 |
base dc=my,dc=example,dc=com |
588 |
|
589 |
/etc/nsswitch.conf |
590 |
passwd: files ldap |
591 |
group: files ldap |
592 |
shadow: files ldap |