Re: authentication failure
niklas.gunnas@infos.se skrev:
>> niklas.gunnas@infos.se skrev:
>>>> Niklas Gunnäs skrev:
>>>>
>>>>> Have added the ltsp machine in lwat and changed in
>>>>> /etc/dchp3/dchp.conf
>>>>> but still no luck.
>>>>>
>>>>> Logfile says
>>>>> ltspserver00 sshd[4535]: (pam_unix) authentication failure; logname=
>>>>> uid=0 euid=0 tty=ssh ruser= rhost=ltsp253.intern user=testa
>>>>> ltspserver00 sshd[4535]: pam_ldap: error trying to bind as user
>>>>> "uid=testare,ou=People,dc=skole,dc=skolelinux,dc=no" (Invalid
>>>>> credentials)
>>>> Are you able to bind using ldap directly, something like
>>>> ldapsearch -xLLLWD uid=testare,ou=People,dc=skole,dc=skolelinux,dc=no
>>>> \
>>>> uid=testare uid userPassword
>>> Tried it on the thin-client and main server and get (after entring root
>>> password)
>> /me bad :(
>>
>> it should have been
>> ldapsearch -xLLLWZD uid=testare,ou=People,dc=skole,dc=skolelinux,dc=no \
>> uid=testare uid userPassword
>>
>>> ldap_bind: Confidentiality required (13)
>>> additional info: confidentiality required
>> The Z in there will give the nrequired confidentiality
>>
>
> Get ldap_bind: invalid credentials (49)
Again, hmm, maybe it's caused by a wrongfull copy of the certificate in
/etc/ldap/ssl.
Does it work when you try the above ldapsearch (with -Z) on the
main-server ?
Did you try logging onto the main-server directly ?
> Tried to loggin at the thin client server with testare, I get errormessage
> thats says problem with starting kstartupconfig. When testing command su -
> testare it says no catalog, loggin in with HOME=/
That's because it fails to mount $HOME. It could be caused by a
wrongfull or missing certificate, or that the ltspserver is missing from
the host netgroups that are allowed to connect to /skole/tjener/home0
Which IP-address does the ltsp-server have ?
what does this command give you when issued on the main-server:
getent netgroup ltsp-server-hosts
>>>>> What have I missed? done wrong?
>>>> Hard to say without local access and more error-logs.
>>> What more error logs should I look at?
i guess running debian-edu-test-suite and making the logs availible
could help, but I'm not sure I have the time to look at them the next
couple of days.
>> Try stopping nscd with the command
>> invoke-rc.d nscd stop
>>
>> nscd can give you headache until things have stabilized.
>> Try stopping nscd on both the main-server and on the thin-client-server.
Did you try stopping nscd ?
--
Finn-Arne Johansen
faj@bzz.no http://bzz.no/
EE2A71C6403A3D191FCDC043006F1215062E6642 062E6642
Reply to: