View previous topic :: View next topic |
Author |
Message |
hika Apprentice
Joined: 13 Mar 2009 Posts: 234 Location: Utrecht
|
Posted: Mon Apr 25, 2016 8:25 pm Post subject: OpenLDAP login in Raspberry Pi [bug filed] |
|
|
For years now I have an OpenLDAP DB running to manage all my logins. Linux, Samba, Mail, etc.
I have been experimenting with Raspberry Pi and I can not get it working.
I have nsswitch.conf. ldap.conf and pam.d set up as usual.
It seems it is not able to connect to the database as I see in the log "error trying to bind (invalid credentials)
At present my guess is that I need to load one or more kernel modules, possibly cryptographic as I do have the bind password encrypted with SSHA in /etc/ldap.conf, but I do not know which modules to load. Probably it are modules that are in a AMD64/X86 kernel by default.
Hika
Last edited by hika on Fri Apr 29, 2016 1:54 am; edited 1 time in total |
|
Back to top |
|
|
hika Apprentice
Joined: 13 Mar 2009 Posts: 234 Location: Utrecht
|
Posted: Tue Apr 26, 2016 7:41 pm Post subject: |
|
|
I got a bit wizer. I found this: https://www.darkalchemist.co.uk/2014/05/30/ldap-raspberry-pi/ claiming a missing link in /lib to be the cause. While this did not solve anything I found weird inconsistencies between a AMD64 install of nss_ldap and the ARM install.
On AMD64 I have a 64 bit library /lib64/libnss_ldap-2.20.so with links to: /lib64/libnss_ldap.so.2 and /usr/lib64/libnss_ldap.so.2 and a 32 bit library /usr/lib32/libnss_ldap-2.20.so linking to /usr/lib32/libnss_ldap.so.2.
On the Raspberry Pi I got /lib/nss_ldap.so.1 linking to /lib/nss_ldap.so
Why the name and version differences? They are both nns_ldap-265-r5 and adding the sugested link to /lib/libnss_ldap.so.2 defenitly gives a reaction (a freeze), so that one is expected by nss.
Is this a bug?
Hika |
|
Back to top |
|
|
hika Apprentice
Joined: 13 Mar 2009 Posts: 234 Location: Utrecht
|
Posted: Tue Apr 26, 2016 10:21 pm Post subject: |
|
|
Ok, so it is a combination of two things.
1 A wrong library name or at leas a missing simlink. /lib/nss_ldap.so.1 should be /lib/libnss_ldap.so.2. I probably will file a bug.
2 Unable to read the SSHA encrypted password in /etc/ldap.conf
So I can get it to work with a plain password, but that I do not want.
So am I missing a library or kernel module and if so which?
Any suggestions on where to look? It is probably either nss or pam related.
Hika |
|
Back to top |
|
|
hika Apprentice
Joined: 13 Mar 2009 Posts: 234 Location: Utrecht
|
Posted: Fri Apr 29, 2016 1:52 am Post subject: |
|
|
Number 2 was my fault. Somehow while trying things /etc/openldap/ldap.conf and /etc/ldap.conf got mixed up. Only the first accepts an encrypted password.
I filed a bug report about the library names: https://bugs.gentoo.org/show_bug.cgi?id=581306 |
|
Back to top |
|
|
NightDragon Veteran
Joined: 21 Aug 2004 Posts: 1156 Location: Vienna (Austria)
|
Posted: Sat May 28, 2016 8:10 pm Post subject: symlink bug confirmed |
|
|
Hey guys!
I got the same Bug on my Raspberry Pi2.
Thanks to this thread i was able to fix it by creating the symlink _________________ You are the problem too all my solutions |
|
Back to top |
|
|
|