Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

OpenLDAP Problem; Client-Server Anmeldung funktioniert nicht
 View unanswered posts
View posts from last 24 hours
View posts from last 7 days

 
Reply to topic    Gentoo Forums Forum Index Deutsches Forum (German)
View previous topic :: View next topic  
Author Message
berchti
n00b
n00b


Joined: 23 Aug 2006
Posts: 11
Location: Kloten CH
PostPosted: Tue Sep 18, 2007 11:55 am    Post subject: OpenLDAP Problem; Client-Server Anmeldung funktioniert nicht Reply with quote
Hey Leute ich brauch wiedermal eure Hilfe, wahrscheindlich ist es wiedereinmal eine Kleinigkeit.

Ich versucht mal mein Problem zu schildern:

Also mein LDAP server heisst calcit.xxx.ch:
Dieser ist nach der Gentoo Wiki anleitung konfiguriert, mit Zertifikatsunterstützung, welche ich mit openssl (tinyCA-tool) erstellt habe.

Der server soll als Benutzerverwaltung in unserem Gescäft dienen, bis jetzt hatten wird YP/NIS.

Unsere home Ordner werden mithilfe von NFS und der fstab-Datei gemountet.

Im moment versuche ich mich immer no mit su und ssh auf meinem Testrechner anzumelden aber ich bekommen immer diese Fehlermeldung auf dem LDAP-Server:
Code:

Sep 18 12:21:25 calcit slapd[29013]: conn=24 fd=17 ACCEPT from IP=192.168.10.96:43849 (IP=0.0.0.0:389)
Sep 18 12:21:25 calcit slapd[29013]: conn=24 op=0 STARTTLS
Sep 18 12:21:25 calcit slapd[29013]: conn=24 op=0 RESULT oid= err=0 text=
Sep 18 12:21:25 calcit slapd[29013]: conn=24 fd=17 closed (TLS negotiation failure)
Sep 18 12:21:26 calcit slapd[29013]: conn=23 fd=16 TLS established tls_ssf=256 ssf=256
Sep 18 12:21:26 calcit slapd[29013]: conn=23 op=1 BIND dn="" method=128
Sep 18 12:21:26 calcit slapd[29013]: conn=23 op=1 RESULT tag=97 err=0 text=
Sep 18 12:21:26 calcit slapd[29013]: conn=23 op=2 SRCH base="ou=People,dc=semafor,dc=ch" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=bep))"
Sep 18 12:21:26 calcit slapd[29013]: conn=23 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Sep 18 12:21:26 calcit slapd[29013]: conn=23 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Sep 18 12:21:26 calcit slapd[29013]: conn=25 fd=17 ACCEPT from IP=192.168.10.96:43850 (IP=0.0.0.0:389)
Sep 18 12:21:26 calcit slapd[29013]: conn=25 op=0 STARTTLS
Sep 18 12:21:26 calcit slapd[29013]: conn=25 op=0 RESULT oid= err=0 text=
Sep 18 12:21:26 calcit slapd[29013]: conn=25 fd=17 closed (TLS negotiation failure)
Sep 18 12:21:28 calcit slapd[29013]: conn=26 fd=17 ACCEPT from IP=192.168.10.96:43851 (IP=0.0.0.0:389)
Sep 18 12:21:28 calcit slapd[29013]: conn=26 op=0 STARTTLS
Sep 18 12:21:28 calcit slapd[29013]: conn=26 op=0 RESULT oid= err=0 text=
Sep 18 12:21:28 calcit slapd[29013]: conn=26 fd=17 closed (TLS negotiation failure)
Sep 18 12:21:30 calcit slapd[29013]: conn=23 op=3 SRCH base="ou=People,dc=semafor,dc=ch" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=bep))"
Sep 18 12:21:30 calcit slapd[29013]: conn=23 op=3 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Sep 18 12:21:30 calcit slapd[29013]: conn=23 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
Sep 18 12:21:30 calcit slapd[29013]: conn=27 fd=17 ACCEPT from IP=192.168.10.96:43852 (IP=0.0.0.0:389)
Sep 18 12:21:30 calcit slapd[29013]: conn=27 op=0 STARTTLS
Sep 18 12:21:30 calcit slapd[29013]: conn=27 op=0 RESULT oid= err=0 text=
Sep 18 12:21:31 calcit slapd[29013]: conn=27 fd=17 TLS established tls_ssf=256 ssf=256
Sep 18 12:21:31 calcit slapd[29013]: conn=27 op=1 BIND dn="" method=128
Sep 18 12:21:31 calcit slapd[29013]: conn=27 op=1 RESULT tag=97 err=0 text=
Sep 18 12:21:31 calcit slapd[29013]: conn=27 op=2 SRCH base="ou=People,dc=semafor,dc=ch" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=bep))"
Sep 18 12:21:31 calcit slapd[29013]: conn=27 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Sep 18 12:21:32 calcit slapd[29013]: conn=28 fd=18 ACCEPT from IP=192.168.10.96:43853 (IP=0.0.0.0:389)


also meiner Meinung nach sieht der Server dass, der client zugreift, findet aber den Benutzer bep in der Datenbank nicht, die Datenbank abfrage funktionier vom Client mit:
Code:
ldapsearch -H ldaps://calcit.semafor.ch -D "cn=admin,dc=semafor,dc=ch" -W


Hier hab ich noch meine Configs:

server slapd.conf:
Code:

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/misc.schema

password-hash   {SSHA}

TLSCertificateFile      /Cert/ldap-cert.pem
TLSCertificateKeyFile   /Cert/ldap-key.pem
TLSCACertificateFile    /Cert/rootCA.pem
#TLSCipherSuite                 ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

loglevel 256


pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

access to *
        by self write
        by users read
        by anonymous auth

allow bind_v2

database        bdb
suffix          "dc=semafor,dc=ch"
checkpoint      32      30 # <kbyte> <min>
rootdn          "cn=admin,dc=semafor,dc=ch"
.
rootpw          {SSHA}uF4ToD+nwdhs/QdvlmvgwFu9qarGoKiT
d.
directory       /var/lib/openldap-data/

index   uid             eq
index   objectClass     eq
index   memberUid       eq


client /etc/ldap.conf:
Code:

base dc=semafor,dc=ch
uri ldap://calcit.semafor.ch/
scope sub
suffix "dc=semafor,dc=ch"

ldap_version 3
ssl on
ssl start_tls

rootbinddn cn=admin,dc=semafor,dc=ch

pam_password exop

pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberUid

nss_base_passwd ou=People,dc=semafor,dc=ch
nss_base_shadow ou=People,dc=semafor,dc=ch
nss_base_group  ou=Groups,dc=semafor,dc=ch


Client /etc/openldap/ldap.conf:
Code:

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=semafor, dc=ch
#URI    ldapis://calcit.semafor.ch:636/

TLS_CERT        /calcit-certs/ldap-cert.pem
TLS_KEY /calcit-certs/ldap-key.pem
TLS_CACERT      /calcit-certs/rootCA.pem
TLS_REQUEST     allow

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never
#
URI dlap://calcit.semafor.ch/
BASE dc=semafor,dc=ch


und noch meine /etc/pam.d/system-auth:
Code:

#%PAM-1.0
auth    required    pam_env.so
auth    sufficient  pam_unix.so likeauth nullok shadow
auth    sufficient  /lib/security/pam_ldap.so use_first_pass
auth    required    pam_deny.so

account requisite  pam_unix.so
account sufficient pam_localuser.so
account required   /lib/security/pam_ldap.so

password    required pam_cracklib.so retry=3
password    sufficient pam_unix.so nullok use_authtok shadow md5
password    sufficient /lib/security/pam_ldap.so use_authtok use_first_pass
password    required pam_deny.so

session required    pam_limits.so
session required    pam_unix.so
session required    pam_mkhomedir.so skel=/etc/skel/ umask=0066
session optional    /lib/security/pam_ldap.so



Ich hoffe mir kann da jemand weiterhelfen ich komm einfach nicht mehr weiter....

Ich würde mich über eine Antwort freuen.

MfG

Berchti
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Deutsches Forum (German) All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy