[LUGA] Mit freundlicher Unterstützung von:
WSR

Mail Thread Index


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[luga] SAMBA, LDAP + PAM troublem



Hallo Liste,
nach fleißigem googlen bzw. /var/log/messages lesen habe ich folgende Frage:

soweit ich folgenden Authentifizierungsvorgang verstehe, versucht pam_ldap den user "sambakeeper" im LDAP zu finden, scheitert aber.
--------------------------------------------------------------------------------------------------------------------
slapd[5475]: conn=1349 fd=21 ACCEPT from IP=127.0.0.1:40868 (IP=0.0.0.0:389)
slapd[5475]: conn=1349 op=0 BIND dn="cn=Manager,dc=borgxx,dc=local" method=128
slapd[5475]: conn=1349 op=0 BIND dn="cn=Manager,dc=borgxx,dc=local" mech=SIMPLE ssf=0
slapd[5475]: conn=1349 op=0 RESULT tag=97 err=0 text=
slapd[5475]: conn=1349 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
slapd[5475]: conn=1349 op=1 SRCH attr=supportedControl
slapd[5475]: conn=1349 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[5475]: conn=1349 op=2 SRCH base="dc=borgxx,dc=local" scope=2 deref=0 filter="(&(uid=sambakeeper)(objectClass=sambaSamAccount))"
slapd[5475]: conn=1349 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos
slapd[5475]: <= bdb_equality_candidates: (uid) not indexed
slapd[5475]: conn=1349 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[5475]: conn=1349 op=3 SRCH base="dc=borgxx,dc=local" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))"
slapd[5475]: conn=1349 op=3 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
slapd[5475]: <= bdb_equality_candidates: (gidNumber) not indexed
slapd[5475]: conn=1349 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[5475]: conn=1349 op=4 SRCH base="dc=borgxx,dc=local" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))"
slapd[5475]: conn=1349 op=4 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
slapd[5475]: <= bdb_equality_candidates: (gidNumber) not indexed
slapd[5475]: conn=1349 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[5475]: conn=1349 op=5 SRCH base="dc=borgxx,dc=local" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))"
slapd[5475]: conn=1349 op=5 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
slapd[5475]: <= bdb_equality_candidates: (gidNumber) not indexed
slapd[5475]: conn=1349 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[5475]: conn=1350 fd=22 ACCEPT from IP=127.0.0.1:40869 (IP=0.0.0.0:389)
slapd[5475]: conn=1350 op=0 BIND dn="" method=128
slapd[5475]: conn=1350 op=0 RESULT tag=97 err=0 text=
slapd[5475]: conn=1350 op=1 SRCH base="dc=borgxx,dc=local" scope=2 deref=0 filter="(uid=sambakeeper)"
slapd[5475]: conn=1350 op=1 SRCH attr=host authorizedService shadowExpire shadowFlag shadowInactive shadowLastChange shadowMax shadowMin shadowWarning uidNumber
slapd[5475]: <= bdb_equality_candidates: (uid) not indexed
slapd[5475]: conn=1350 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
smbd[6984]: PAM audit_log_acct_message() failed: Operation not permitted
smbd[6984]: [2016/10/18 09:42:42.370527,  0] ../source3/auth/pampass.c:589(smb_pam_account)
smbd[6984]: smb_pam_account: PAM: UNKNOWN PAM ERROR (4) during Account Management for User: sambakeeper
smbd[6984]: [2016/10/18 09:42:42.370624,  0] ../source3/auth/pampass.c:797(smb_pam_accountcheck)
smbd[6984]: smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User sambakeeper!
slapd[5475]: conn=1350 op=2 UNBIND
slapd[5475]: conn=1350 fd=22 closed
slapd[5475]: conn=1349 fd=21 closed (connection lost)
----------------------------------------------------------------------------------------------------


manuelles suchen findet aber:

ldapsearch -b dc=borgxx,dc=local -LLL -x  uid=sambakeeper objectClass=sambaSamAccount uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos

dn: uid=sambakeeper,ou=Users,dc=borgxx,dc=local
cn: sambakeeper
sn: sambakeeper
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
uid: sambakeeper
uidNumber: 1001
gidNumber: 1000
homeDirectory: /home/sambakeeper
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaAcctFlags: [U          ]
loginShell: /bin/false
gecos: Netbios Domain Administrator
sambaNTPassword: 7A9CC646724FBFD64079CADE13A9D41B
sambaPrimaryGroupSID: S-1-5-21-1606980848-688789844-1957994488-512
sambaSID: S-1-5-21-1606980848-688789844-1957994488-3002
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
 00000000
sambaPwdLastSet: 1476630541
sambaDomainName: BORGXX.LOCAL
modifyTimestamp: 20161018050036Z


meine /etc/ldap.conf:

majestix:~ # grep -vE '^#|^#;|^$' /etc/ldap.conf
host 127.0.0.1
base dc=borgxx,dc=local
scope sub
bind_policy soft
pam_lookup_policy yes
pam_password exop
ssl off


Kann jemand damit etwas anfangen ?

Edgar





powered by LINUX the choice of a gnu generation
linux user group austria;
Suche
Suche
Letzte Änderung:
webmaster@luga.at
Oktober 2016