| View previous topic :: View next topic |
| Author |
Message |
ImAmMe
n00b
Joined: 10 Feb 2006
Posts: 61
|
 Posted: Tue Mar 18, 2008 8:45 am Post subject: ldap_bind: Invalid credentials |
 |
|
Setting up a secure Samba PDC server using ldap as backend. I realy like the loads of usefull documentation, i would think that there would more considering what it is.
My problem is with ldap. It took several days of tinkering to get slapd running finally
links i use are
http://gentoo-wiki.com/HOWTO_LDAPv3
http://www.gentoo.org/doc/en/ldap-howto.xml
http://www.openldap.org/doc/admin21/
but the problems is when i run this ( partal way thru the setup toturials)
ldapsearch -x -b "cn=admin,dc=mcgraw,dc=net" "(objectclass=*)" -W -d 255
I get
ldap_bind: Invalid credentials (49)
i have tried uninstalling my all my ldap packages, then going back a deleting the remaining files. Then reinstalling.
i have ran this
chown ldap:ldap -R /var/lib/openldap-{ldbm,data,slurp}
I have another question also, i have webmin installed and both of my ldap modules are not configured correctly, so webmin says. but i do have openldap nss_ldap pam_ldap installed and slapd is running. Arent those supposed to come up if those packages are installed?
I am interrested in using hdb instead of ldbm. but having troubles finding info on how work those kinds of databases.
| Code: |
equery list ldap
[I--] [ ] dev-perl/perl-ldap-0.34 (0)
[I--] [ ] net-nds/openldap-2.3.41 (0)
[I--] [ ~] net-nds/phpldapadmin-1.1.0.5 (1.1.0.5)
[I--] [ ] net-nds/smbldap-tools-0.9.1-r1 (0)
[I--] [ ] sys-auth/nss_ldap-258 (0)
[I--] [ ] sys-auth/pam_ldap-183 (0) |
| Code: |
# ldapsearch -x -b "cn=admin,dc=mcgraw,dc=net" "(objectclass=*)" -W -d 255
ldap_create
Enter LDAP Password:
ldap_bind
ldap_simple_bind
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP marge.mcgraw.net:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.1.8:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_dump: buf=0x805ff78 ptr=0x805ff78 end=0x805ff8c len=20
0000: 30 12 02 01 01 60 0d 02 01 03 04 00 80 06 31 32 0....`........12
0010: 33 34 35 36 3456
ber_scanf fmt ({i) ber:
ber_dump: buf=0x805ff78 ptr=0x805ff7d end=0x805ff8c len=15
0000: 60 0d 02 01 03 04 00 80 06 31 32 33 34 35 36 `........123456
ber_flush: 20 bytes to sd 3
0000: 30 12 02 01 01 60 0d 02 01 03 04 00 80 06 31 32 0....`........12
0010: 33 34 35 36 3456
ldap_write: want=20, written=20
0000: 30 12 02 01 01 60 0d 02 01 03 04 00 80 06 31 32 0....`........12
0010: 33 34 35 36 3456
ldap_result ld 0x8057d98 msgid 1
ldap_chkResponseList ld 0x8057d98 msgid 1 all 1
ldap_chkResponseList returns ld 0x8057d98 NULL
wait4msg ld 0x8057d98 msgid 1 (infinite timeout)
wait4msg continue ld 0x8057d98 msgid 1 all 1
** ld 0x8057d98 Connections:
* host: marge.mcgraw.net port: 389 (default)
refcnt: 2 status: Connected
last used: Tue Mar 18 01:09:26 2008
** ld 0x8057d98 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
** ld 0x8057d98 Response Queue:
Empty
ldap_chkResponseList ld 0x8057d98 msgid 1 all 1
ldap_chkResponseList returns ld 0x8057d98 NULL
ldap_int_select
read1msg: ld 0x8057d98 msgid 1 all 1
ber_get_next
ldap_read: want=8, got=8
0000: 30 0c 02 01 01 61 07 0a 0....a..
ldap_read: want=6, got=6
0000: 01 31 04 00 04 00 .1....
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x8061118 ptr=0x8061118 end=0x8061124 len=12
0000: 02 01 01 61 07 0a 01 31 04 00 04 00 ...a...1....
read1msg: ld 0x8057d98 msgid 1 message type bind
ber_scanf fmt ({eaa) ber:
ber_dump: buf=0x8061118 ptr=0x806111b end=0x8061124 len=9
0000: 61 07 0a 01 31 04 00 04 00 a...1....
read1msg: ld 0x8057d98 0 new referrals
read1msg: mark request completed, ld 0x8057d98 msgid 1
request done: ld 0x8057d98 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 0 1
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x8061118 ptr=0x806111b end=0x8061124 len=9
0000: 61 07 0a 01 31 04 00 04 00 a...1....
ber_scanf fmt (}) ber:
ber_dump: buf=0x8061118 ptr=0x8061124 end=0x8061124 len=0
ldap_msgfree
ldap_err2string
<strong>ldap_bind: Invalid credentials (49)</strong> |
files
| Code: | /etc/hosts
127.0.0.1 localhost
::1 localhost
192.168.1.8 marge.mcgraw.net marge |
| Code: | /etc/openldap/ldap.conf
URI ldap://marge.mcgraw.net
BASE dc=marge,dc=mcgraw,dc=org |
| Code: | /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
TLSCertificateFile /etc/ssl/ldap.pem
TLSCertificateKeyFile /etc/openldap/ldap-key.pem
TLSCACertificateFile /etc/ssl/ldap.pem
loglevel 256
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
access to * by self write by * read
database ldbm
suffix "dc=mcgraw,dc=net"
checkpoint 32 30 # <kbyte> <min>
rootdn "cn=admin,dc=mcgraw,dc=net"
directory /var/lib/openldap-data
index objectClass eq
password-hash {MD5}
rootpw {MD5}4QrcOUm6Wau+VuBX8g+IPg==
|
| Code: |
/etc/conf.d/slapd
OPTS="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" |
if run
| Code: | $ ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts
#
#
dn:
namingContexts: dc=mcgraw,dc=net
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
logs from that command line
Mar 18 01:07:35 marge slapd[25152]: conn=3 fd=13 ACCEPT from IP=192.168.1.8:52922 (IP=0.0.0.0:389)
Mar 18 01:07:35 marge slapd[25152]: conn=3 op=0 BIND dn="" method=128
Mar 18 01:07:35 marge slapd[25152]: conn=3 op=0 RESULT tag=97 err=0 text=
Mar 18 01:07:35 marge slapd[25152]: conn=3 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Mar 18 01:07:35 marge slapd[25152]: conn=3 op=1 SRCH attr=namingContexts
Mar 18 01:07:35 marge slapd[25152]: conn=3 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 18 01:07:35 marge slapd[25152]: conn=3 op=2 UNBIND
Mar 18 01:07:35 marge slapd[25152]: conn=3 fd=13 closed |
| Code: | netstat -a --numeric-ports
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:389 *:* LISTEN
tcp 0 0 *:636 *:* LISTEN
tcp 0 0 *:443 *:* LISTEN
tcp 0 0 *:636 *:* LISTEN
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 263936 /var/run/openldap/slapd.sock |
| Code: | netstat -lnp | grep slapd
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 25613/slapd
tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 25613/slapd
tcp 0 0 :::389 :::* LISTEN 25613/slapd
tcp 0 0 :::636 :::* LISTEN 25613/slapd
unix 2 [ ACC ] STREAM LISTENING 263936 25613/slapd /var/run/openldap/slapd.sock |
| Code: | # ldapadd -x -D "cn=admin,dc=mcgraw,dc=net" -W -f base.ldif
ran fine and appeared to be promising |
| Code: | slaptest -d 10
WARNING: No dynamic config support for database ldbm.
config file testing succeeded |
| Code: | startup logs (cat /var/log/messages | grep slapd)
Mar 18 01:20:47 marge slapd[25612]: @(#) $OpenLDAP: slapd 2.3.41 (Mar 17 2008 21:25:37) $root@marge:/var/tmp/portage/net-nds/openldap-2.3.41/work/openldap-2.3.41/servers/slapd
Mar 18 01:20:47 marge slapd[25613]: WARNING: No dynamic config support for database ldbm.
Mar 18 01:20:47 marge slapd[25613]: slapd starting |
slapindex -d 1
dumps out a lot of text, nothing jumps out as errors
iptables -nvL
no iptable yet
i am using super simple pass word for setup, it is being type correctly. i have gone thru many of the ldap topics here, they got my slapd running. Thanks Guys
I would like to say thanks for looking thru this
and i am happy to post any more info if it would help |
|
| Back to top |
|
 |
loisl
Apprentice
Joined: 18 Apr 2004
Posts: 167
Location: Egelsbach
|
| Posted: Sun Mar 23, 2008 10:33 pm Post subject: |
|
|
Hai,
an /etc/openldap/slapd.conf file may contain more than one database blocks, each beginning with its own suffix and rootdn. So I would suggest to place the rootpw directly after the rootdn line.
Just a guess[/b] |
|
| Back to top |
|
|
atatut
n00b
Joined: 27 Jun 2007
Posts: 49
|
| Posted: Wed Jul 02, 2008 10:17 am Post subject: |
|
|
Hi did you manage to have a working OpenLDAP?
I followed the
http://gentoo-wiki.com/HOWTO_LDAPv3
too, and came to a running slapd that does nothing, as sson as I tried to add something in the db I ended up with
SASL/GGSAPI error. I even tried to manually feed the base using the ldif, and try to import it again, but I receive "Can't contact LDAP server", while its running.
Does anyone have a clearer HOW TO, I mean a real HOW TO, where you have a step by step configuration that you can understand? Sorry to ask too much, but at some point if no one takes the time to explain there's hardly any chance we understand how to set OpenLDAP.
Thanks
_________________
When I left you, I was but the learner, now I am the master. |
|
| Back to top |
|
|
ianw1974
Guru
Joined: 18 Oct 2006
Posts: 387
Location: UK and Poland
|
| Posted: Wed Jul 02, 2008 10:20 am Post subject: |
|
|
When I had problems with this, I disabled the use flag for sasl against the openldap package, so that I could only communicate on port 389 and it worked fine after this. I never worried about using the secure port for ldap.
_________________
Ian Walker
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Linux Systems Limited | Masternode Monitoring |
|
| Back to top |
|
|
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5934
|
| Posted: Wed Jul 02, 2008 12:10 pm Post subject: |
|
|
| Quote: | | BASE dc=marge,dc=mcgraw,dc=org |
iirc that should just be mcgraw.org.
cheers
ps: i would remove that root md5 from your post, you really don't want people knowing that one. 
_________________
| Neddyseagoon wrote: | | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
