Re: authentication failure

To: niklas.gunnas@infos.se
Cc: debian-edu@lists.debian.org
Subject: Re: authentication failure
From: Finn-Arne Johansen <faj@bzz.no>
Date: Mon, 10 Dec 2007 14:46:10 +0100
Message-id: <[🔎] 475D4322.9000700@bzz.no>
In-reply-to: <2925.80.216.238.186.1197288826.squirrel@webmail.infos.se>
References: <[🔎] 475D0282.3060908@infos.se> <[🔎] 475D0917.1010607@bzz.no> <[🔎] 2617.80.216.238.186.1197284429.squirrel@webmail.infos.se> <[🔎] 475D2388.9040805@bzz.no> <2925.80.216.238.186.1197288826.squirrel@webmail.infos.se>

niklas.gunnas@infos.se skrev:
>> niklas.gunnas@infos.se skrev:
>>>> Niklas Gunnäs skrev:
>>>>
>>>>> Have added the ltsp machine in lwat and changed in
>>>>> /etc/dchp3/dchp.conf
>>>>> but still no luck.
>>>>>
>>>>> Logfile says
>>>>> ltspserver00 sshd[4535]: (pam_unix) authentication failure; logname=
>>>>> uid=0 euid=0 tty=ssh ruser= rhost=ltsp253.intern  user=testa
>>>>> ltspserver00 sshd[4535]: pam_ldap: error trying to bind as user
>>>>> "uid=testare,ou=People,dc=skole,dc=skolelinux,dc=no" (Invalid
>>>>> credentials)
>>>> Are you able to bind using ldap directly, something like
>>>>  ldapsearch -xLLLWD uid=testare,ou=People,dc=skole,dc=skolelinux,dc=no
>>>> \
>>>>              uid=testare uid userPassword
>>> Tried it on the thin-client and main server and get (after entring root
>>> password)
>> /me bad :(
>>
>> it should have been
>>  ldapsearch -xLLLWZD uid=testare,ou=People,dc=skole,dc=skolelinux,dc=no \
>>             uid=testare uid userPassword
>>
>>> ldap_bind: Confidentiality required (13)
>>>         additional info: confidentiality required
>> The Z in there will give the nrequired confidentiality
>>
> 
> Get ldap_bind: invalid credentials (49)

Again, hmm, maybe it's caused by a wrongfull copy of the certificate in
/etc/ldap/ssl.

Does it work when you try the above ldapsearch (with -Z) on the
main-server ?

Did you try logging onto the main-server directly ?


> Tried to loggin at the thin client server with testare, I get errormessage
> thats says problem with starting kstartupconfig. When testing command su -
> testare it says no catalog, loggin in with HOME=/

That's because it fails to mount $HOME. It could be caused by a
wrongfull or missing certificate, or that the ltspserver is missing from
the host netgroups that are allowed to connect to /skole/tjener/home0

Which IP-address does the ltsp-server have ?
what does this command give you when issued on the main-server:
 getent netgroup ltsp-server-hosts


>>>>> What have I missed? done wrong?
>>>> Hard to say without local access and more error-logs.
>>> What more error logs should I look at?

i guess running debian-edu-test-suite and making the logs availible
could help, but I'm not sure I have the time to look at them the next
couple of days.


>> Try stopping nscd with the command
>>  invoke-rc.d nscd stop
>>
>> nscd can give you headache until things have stabilized.
>> Try stopping nscd on both the  main-server and on the thin-client-server.

Did you try stopping nscd ?

-- 
Finn-Arne Johansen
faj@bzz.no http://bzz.no/
EE2A71C6403A3D191FCDC043006F1215062E6642 062E6642

Reply to:

References:
- authentication failure
  - From: Niklas Gunnäs <niklas.gunnas@infos.se>
- Re: authentication failure
  - From: Finn-Arne Johansen <faj@bzz.no>
- Re: authentication failure
  - From: niklas.gunnas@infos.se
- Re: authentication failure
  - From: Finn-Arne Johansen <faj@bzz.no>

Prev by Date: Re: authentication failure
Next by Date: Re: authentication failure
Previous by thread: Re: authentication failure
Next by thread: Re: authentication failure
Index(es):
- Date
- Thread