Operating System - HP-UX
1839275 Members
2424 Online
110138 Solutions
New Discussion

Re: Problem setting ldap-ux client

 
Diego González
Advisor

Problem setting ldap-ux client

Hello Everybody:

I'm setting up ldap-ux client under hpux 11.31, but I getting a error authenticating with ssh. Connecting to ssh ask me 2 times for the password (The password is correct).
Example using putty to the ux box:
login as: user
Using keyboard-interactive authentication.
Password:
Using keyboard-interactive authentication.
LDAP Password:

And never get logged to the system.

I'm using Fedora Directory Server 1.0 as Ldap server.

However I can do "su" with the same ldap user without problems. I got the complete listing of users from the directory with pwget.

pam_ldap is configured in /etc/pam.conf and nsswitch for use ldap.

I turned on debugging for ldapclientd and got this messages:

Nov 17 12:51:23 rx2ka sshd[12653]: pid:12653 - ldapd_client.c:195:_hp_ldap_client_cache_daemon_is_up():
Nov 17 12:51:23 rx2ka syslog: pid:27197 - ldap_common.c:2104:_hp_ldap_bind_ux(): _hp_ldap_build_cred() returned:-2.
Nov 17 12:51:23 rx2ka syslog: pid:27197.13 - pam_request.c:152:process_pam_ldap_request(): _hp_ldap_bind_ux() failed, err=-2
Nov 17 12:51:23 rx2ka syslog: pid:27197 - ldap_common.c:2650:_hp_ldap_endent():
Nov 17 12:51:23 rx2ka syslog: pid:27197 - ldap_common.c:3230:_hp_ldap_unbind(): disposition:FREE HANDLE.
Nov 17 12:51:23 rx2ka syslog: pid:27197 - ldap_common.c:2688:_hp_ldap_free_cur_msg():
Nov 17 12:51:24 rx2ka above message repeats 4 times
Nov 17 12:51:24 rx2ka syslog: pid:27197 - ldap_common.c:2650:_hp_ldap_endent():
Nov 17 12:51:24 rx2ka syslog: pid:27197 - ldap_common.c:2688:_hp_ldap_free_cur_msg():
Nov 17 12:51:24 rx2ka sshd[12653]: PAM_LDAP auth-bind got HP_LDAP_NOTFOUND

I'm using:
LdapUxClient B.04.20 LDAP-UX Client Services

Somebody has a similar problem? Any help will be apreciated.

Best regards.

Diego.
6 REPLIES 6
Steven E. Protter
Exalted Contributor

Re: Problem setting ldap-ux client

Shalom,

Secure Shell, openssh does not integrate easily with LDAP. The standard version will require login, but then respect the LDAP server on permissions and such.

You will probably have to recompile openssh from source to integrate it with LDAP and make it stop demanding passwords.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Diego González
Advisor

Re: Problem setting ldap-ux client

I tried the same test with the telnet protocol and login and I got the same results. I think that maybe is a pam problem, I don't know what exactly is the problem yet.
Bob Neal-Joslin
Trusted Contributor

Re: Problem setting ldap-ux client

Hi Diego,

The -2 indicates the specified user name was not found in LDAP. So that likely means a configuration problem.

LDAP-UX can do some basic configuraiton assesment. Run the command /opt/ldapux/bin/ldapcfinfo.

/opt/ldapux/bin/ldapcfinfo -t passwd
/opt/ldapux/bin/ldapcfinfo -t pam

Then, assuming success above try

pwget -n

If that doesn't help, review the output of /opt/ldapux/config/display_profile_cache. That tells you how LDAP-UX performs search operations. See if you can replicate a search operation using ldapsearch.

/opt/ldapux/bin/ldapsearch -h -b "(&(objectclass=posixaccount)(uid=))"

Good luck.

Bob Neal-Joslin
Trusted Contributor

Re: Problem setting ldap-ux client

BTW, I noticed you said you're using Fedora DS 1.0? Is there any reason why your not using HP-UX Directory Server 8.1? It's a supported version of 389/Fedora DS, based on a more recent version (1.2).
Diego González
Advisor

Re: Problem setting ldap-ux client

Thanks to all for the reply. Finally I found a wrong base dn configured in the Fedora Ds. I fixed that and now the auth is working!

Best regards.

Diego.
Diego González
Advisor

Re: Problem setting ldap-ux client

Wrong setup in fedora ds