anmeldung an ADS

To: debian-user-german@lists.debian.org
Subject: anmeldung an ADS
From: dschneider@schaefer-werke.de
Date: Thu, 13 Mar 2003 15:55:34 +0100
Message-id: <[🔎] OFC5E17324.95F7FBA7-ON41256CE8.0050F4C3@schaefer>

Moin,

ich habe ein Problem mit der Anmeldung an der ADS.
wenn ich den test mit ldapsearch -x -D
"cn=Administrator,cn=Users,dc=linux,dc=test" -W "sAMAccountName=del" mache,
funktionert die anmeldung tadelos, falls ich allerdings versuche mich mit
dem gleichem benutzer an der console anzumelden schlägt dies immer
fehl.....ich habe absolu keine ahnung mehr warum....ich habe die AD4Unix
tools auf der ADS installiert und mit dem rfc 2307 style versehen. nss_ldap
habe ich neukompiliert mit --enable-rfc2307bis und --enable-schema-mapping.
ich bekomme immer folgende fehlermeldung:

Mar 13 15:32:38 linux login: pam_ldap: ldap_search_s No such object
Mar 13 15:32:38 linux login(pam_unix)[1672]: check pass; user unknown
Mar 13 15:32:38 linux login(pam_unix)[1672]: authentication failure;
logname=LOGIN uid=0 euid=0 tty=/dev/tty5 ruser= rhost=
Mar 13 15:32:41 linux login[1672]: FAILED LOGIN 1 FROM /dev/tty5 FOR
UNKNOWN, Authentication service cannot retrieve authentication info.

meine ldap.conf:
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01
kurt Exp $
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE  dc=example, dc=com
#URI   ldap://linux.test
#SIZELIMIT  12
#TIMELIMIT  15
#DEREF      never

host 192.168.0.1
base dc=linux,dc=test
ldap_version 3
#binddn gast@linux.test
binddn cn=Gast,cn=Users,dc=linux,dc=test
bindpw gast
port 389
scope sub
ssl no

pam_filter objectclass=user
pam_login_attribute bloedesding
pam_password ad

nss_base_passwd ou=users,dc=linux,dc=test
nss_base_shadow ou=users,dc=linux,dc=test
nss_base_group ou=group,dc=linux,dc=test

nss_map_objectclass posixAccount User
nss_map_attribute uid sAMAccountName
nss_map_attribute uniqueMember member
nss_map_attribute userPassword msSFUPassword
nss_map_attribute homeDirectory msSFUHomeDirectory
nss_map_objectclass posixGroup Group
nss_map_attribute cn sAMAccountName
#nss_map_objectclass shadowAccount User

meine nsswitch.conf:
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
#       compat                  Use Libc5 compatibility setup
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service) for IPv4 only
#    dns6           Use DNS for IPv4 and IPv6
#       files                   Use the local files
#       db                      Use the /var/db databases
#       [NOTFOUND=return]       Stop searching if not found so far
#
# For more information, please read the nsswitch.conf.5 manual page.
#

passwd: compat files ldap
shadow: compat files ldap
group:  compat files ldap

#passwd: ldap
#group:  ldap
#shadow: ldap

hosts:    files dns ldap
networks:    files dns ldap

services:         files
protocols:        files
rpc:           files
ethers:        files
netmasks:         files
netgroup:       files
publickey:     files

bootparams:     files
automount:      files nis
aliases:        files

meine login aus pam.d
auth       required   /lib/security/pam_securetty.so
auth       required     /lib/security/pam_nologin.so
auth       sufficient /lib/security/pam_ldap.so
auth       required   /lib/security/pam_unix_auth.so try_first_pass
account    sufficient /lib/security/pam_ldap.so
account    required   /lib/security/pam_unix_acct.so
password   required   /lib/security/pam_cracklib.so
password   required   /lib/security/pam_ldap.so
#password   required     /lib/security/pam_pwdb.so use_first_pass
session    required   /lib/security/pam_unix_session.so
#session    optional     /lib/security/pam_console.so

meine passwd aus pam.d
#%PAM-1.0
auth       sufficient     /lib/security/pam_ldap.so
auth       required     /lib/security/pam_unix_auth.so use_first_pass
account    sufficient     /lib/security/pam_ldap.so
account    required     /lib/security/pam_unix_acct.so
password   required /lib/security/pam_cracklib.so retry=3
password   sufficient     /lib/security/pam_ldap.so
password   required     /lib/security/pam_pwdb.so try_first_pass

ich hoffe mal jemand von euch kann mir weiterhelfen........besten dank

Daniel



(See attached file: ldap.conf)(See attached file: login)(See attached file:
messages)(See attached file: nsswitch.conf)(See attached file:
nsswitch.ldap)(See attached file: passwd)(See attached file: warn)

Attachment: ldap.conf
Description: Binary data

Attachment: login
Description: Binary data

Attachment: messages
Description: Binary data

Attachment: nsswitch.conf
Description: Binary data

Attachment: nsswitch.ldap
Description: Binary data

Attachment: passwd
Description: Binary data

Attachment: warn
Description: Binary data

Reply to:

Follow-Ups:
- Re: anmeldung an ADS
  - From: Andreas Boeckler <abo@netlands.de>
- Re: anmeldung an ADS
  - From: Torsten Hilbrich <debian-user-german@myrkr.in-berlin.de>

Prev by Date: Re: TV-Karte Feinabstimmungen
Next by Date: Re: knoppix und sim
Previous by thread: Re: knoppix und aldi tvcard
Next by thread: Re: anmeldung an ADS
Index(es):
- Date
- Thread