pam_ldap receives Invalid credentials

Hi,

I am not sure why this happens but out terminal servers, routers, and ancillary devices are able to authenticate with our LDAP server. For some reason pam_ldap claims "Invalid credentials" with the same exact user and password.

What could be wrong? I cant seem to figure out what is wrong with the current log messages. Is there a way to receive verbose messages from pam and/or pam_ldap to figure out if it is sending the proper authentication information to the LDAP server.

We are on a FreeBSD-6.2 stable machine.

Clues please,

Noah




Aug 1 11:24:11 access1 sshd[6277]: pam_ldap: error trying to bind as user "cn=Test User,cn=people,dc=bogus,dc=domain,dc=net" (Invalid credentials)
Aug 1 11:24:11 access1 sshd[6277]: Failed password for invalid user tuser from 172.24.241.234 port 49317 ssh2
Aug 1 11:24:14 access1 sshd[6277]: pam_ldap: error trying to bind as user "cn=Test User,cn=people,dc=bogus,dc=domain,dc=net" (Invalid credentials)
Aug 1 11:24:14 access1 sshd[6277]: Failed password for invalid user tuser from 172.24.241.234 port 49317 ssh2
Aug 1 11:24:14 access1 sshd[6277]: Connection closed by 172.24.241.234


access1# pkg_info | grep pam
checkpassword-pam-0.99 Implementation of checkpassword authentication program
nagios-spamd-plugin-1.4 Nagios plugin for checking SpamAssassins spamd
p5-Mail-SpamAssassin-3.1.8_1 A highly efficient mail filter for identifying spam
pam_ldap-1.8.2 A pam module for authenticating with LDAP
pam_mkhomedir-0.1 Create HOME with a PAM module on demand
pamtester-0.1.2 A command line pam authentication tester
razor-agents-2.84 A distributed, collaborative, spam detection and filtering
access1# pkg_info | grep ldap
ldapsh-2.00_2,1 Interactive shell used to administer ldap directories
nss_ldap-1.255 RFC 2307 NSS module
openldap-client-2.3.37 Open source LDAP client implementation
openldap-server-2.3.37 Open source LDAP server implementation
p5-perl-ldap-0.34 A Client interface to LDAP servers
pam_ldap-1.8.2 A pam module for authenticating with LDAP
php5-ldap-5.2.3_1 The ldap shared extension for php
access1#
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Gnome - autofs nfs home directories
    ... Thanks to the help I got in this list my LDAP authentication now works ... get authenticated by the LDAP server and autofs ... Everything works fine providing a user doesn't log on to two machines at ...
    (Fedora)
  • Re: Sun Java System Directory Server Authentication
    ... Note that I'm not picking on you, I largely following your reasoning and that I don't agree ... The same goes for LDAP, at the core each LDAP server handles the LDAP protocol, but that ... Solaris LDAP to handle NTLM authentication. ... network "authentication" as used when binding against an LDAP server is meant to 1) validate ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: USE of ADFS
    ... For pure LDAP authentication, ... controller in the forest to authenticate a user in ANY domain in the forest. ... unless you specify that domains ldap server. ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD Auth for standalone ISA in DMZ
    ... you can't use LDAP for access rules. ... until you change the authentication method of select a different user ... Under Specify RADIUS and LDAP Servers, ...
    (microsoft.public.isa.configuration)
  • Re: Directory Services, LDAP or similar
    ... In other projects, we managed the user authentication by creating tables that define all users and its allowed capacities, then the application queryies that data to verify if a user has access to some feature or not. ... The above ID and password are sent to the service at login time. ... They are using Novell eDirectory at the enterprise level; yes it's LDAP. ... We already do that for three different DB servers; ...
    (borland.public.delphi.non-technical)