Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 01 Aug 2007 13:14:41 -0700
From:      Noah <admin2@enabled.com>
To:        User Questions <freebsd-questions@freebsd.org>
Subject:   pam_ldap receives Invalid credentials
Message-ID:  <46B0E9B1.2030101@enabled.com>
next in thread | raw e-mail | index | archive | help 
Hi,

I am not sure why this happens but out terminal servers, routers, and 
ancillary devices are able to authenticate with our LDAP server.  For 
some reason pam_ldap claims "Invalid credentials" with the same exact 
user and password.

What could be wrong?  I cant seem to figure out what is wrong with the 
current log messages.  Is there a way to receive verbose messages from 
pam and/or pam_ldap to figure out if it is sending the proper 
authentication information to the LDAP server.

We are on a FreeBSD-6.2 stable machine.

Clues please,

Noah




Aug  1 11:24:11 access1 sshd[6277]: pam_ldap: error trying to bind as 
user "cn=Test User,cn=people,dc=bogus,dc=domain,dc=net" (Invalid 
credentials)
Aug  1 11:24:11 access1 sshd[6277]: Failed password for invalid user 
tuser from 172.24.241.234 port 49317 ssh2
Aug  1 11:24:14 access1 sshd[6277]: pam_ldap: error trying to bind as 
user "cn=Test User,cn=people,dc=bogus,dc=domain,dc=net" (Invalid 
credentials)
Aug  1 11:24:14 access1 sshd[6277]: Failed password for invalid user 
tuser from 172.24.241.234 port 49317 ssh2
Aug  1 11:24:14 access1 sshd[6277]: Connection closed by 172.24.241.234


access1# pkg_info | grep pam
checkpassword-pam-0.99 Implementation of checkpassword authentication 
program
nagios-spamd-plugin-1.4 Nagios plugin for checking SpamAssassins spamd
p5-Mail-SpamAssassin-3.1.8_1 A highly efficient mail filter for 
identifying spam
pam_ldap-1.8.2      A pam module for authenticating with LDAP
pam_mkhomedir-0.1   Create HOME with a PAM module on demand
pamtester-0.1.2     A command line pam authentication tester
razor-agents-2.84   A distributed, collaborative, spam detection and 
filtering
access1# pkg_info | grep ldap
ldapsh-2.00_2,1     Interactive shell used to administer ldap directories
nss_ldap-1.255      RFC 2307 NSS module
openldap-client-2.3.37 Open source LDAP client implementation
openldap-server-2.3.37 Open source LDAP server implementation
p5-perl-ldap-0.34   A Client interface to LDAP servers
pam_ldap-1.8.2      A pam module for authenticating with LDAP
php5-ldap-5.2.3_1   The ldap shared extension for php
access1#

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46B0E9B1.2030101>