forum.opennet.ru

Составление сообщения

Исходное сообщение

"FreeBSD+PAM+LDAP Помогите подружить."
Отправлено DJ_Kill, 02-Окт-06 19:34

Тут по этой теме уже тонна написана. Перечитал всё. Всё равно не могу победить.
FreeBSD 6.1-RELEASE
Стоит OpenLDAP и всё что с этим связано.
cyrus-sasl-ldapdb-2.1.21 SASL LDAPDB auxprop plugin
nss_ldap-1.244      RFC 2307 NSS module
openldap-client-2.2.30 Open source LDAP client implementation
openldap-server-2.2.30 Open source LDAP server implementation
p5-perl-ldap-0.33   A Client interface to LDAP servers
pam_ldap-1.8.0      A pam module for authenticating with LDAP
php4-ldap-4.4.2_1   The ldap shared extension for php
sendmail+sasl2+ldap-8.13.6 Reliable, highly configurable mail transfer agent with util
cat /etc/nsswitch.conf:
group: files ldap
group_compat: nis ldap
hosts: files dns ldap
networks: files ldap
passwd: files ldap
passwd_compat: nis ldap
shells: files ldap
shadow: files ldap
cat /etc/pam.d/pop3
auth            sufficient      /usr/local/lib/pam_ldap.so
auth            required        pam_unix.so             no_warn try_first_pass
cat /etc/ldap.conf
base dc=gtss,dc=ru
host 127.0.0.1
uri ldap://192.168.100.8:389/
uri ldapi:///var/run/openldap/ldapi/
binddn cn=root,dc=gtss,dc=ru
bindpw overkill12
rootbinddn cn=root,dc=gtss,dc=ru
port 389
scope one
#pam_filter objectclass=user
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_min_uid 10000
pam_max_uid 30000
nss_base_shadow         ou=users,dc=gtss,dc=ru?one
nss_base_passwd         ou=users,dc=gtss,dc=ru?one
nss_base_group          ou=groups,dc=gtss,dc=ru?one
ssl no
pam_password SSHA
Пытаюсь сгрузить почту.
В лог LDAPа летит примерно следующее:
Oct  2 19:25:18 geo-samba slapd[426]:
Oct  2 19:25:18 geo-samba slapd[426]: daemon: read activity on 30
Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: search access to "uid=zh,ou=users,dc=gtss,dc=ru" "objectClass" requested
Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: search access to "uid=zh,ou=users,dc=gtss,dc=ru" "uid" requested
Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "entry" requested
Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct  2 19:25:18 geo-samba slapd[426]: daemon: select: listen=6 active_threads=0 tvp=NULL
Oct  2 19:25:18 geo-samba slapd[426]: daemon: select: listen=7 active_threads=0 tvp=NULL
Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "uid" requested
Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "cn" requested
Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "objectClass" requested
Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "uidNumber" requested
Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "homeDirectory" requested
Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "loginShell" requested
Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "shadowMax" requested
Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "userPassword" requested
Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "shadowLastChange" requested
Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "gidNumber" requested
Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct  2 19:25:18 geo-samba slapd[426]: daemon: activity on 1 descriptors
Oct  2 19:25:18 geo-samba slapd[426]: daemon: activity on:
Oct  2 19:25:18 geo-samba slapd[426]:  34r

То есть как-то это работает.
В логи почтовика сыплется:
Oct  2 19:19:49 geo-samba qpopper[23321]: [AUTH] Failed attempted login to pirate from host (192.168.100.230) 192.168.100.230
Oct  2 19:20:34 geo-samba qpopper[23326]: zh at 192.168.100.230 (192.168.100.230): -ERR [AUTH] PAM authentication failed for user "zh": authentication error (9)
Oct  2 19:20:34 geo-samba qpopper[23326]: [AUTH] Failed attempted login to zh from host (192.168.100.230) 192.168.100.230
Oct  2 19:25:04 geo-samba qpopper[23352]: zh at 192.168.100.230 (192.168.100.230): -ERR [AUTH] PAM authentication failed for user "zh": new authentication token required (10)
Oct  2 19:25:04 geo-samba qpopper[23352]: [AUTH] Failed attempted login to zh from host (192.168.100.230) 192.168.100.230
Oct  2 19:25:28 geo-samba qpopper[23357]: zh at 192.168.100.230 (192.168.100.230): -ERR [AUTH] PAM authentication failed for user "zh": new authentication token required (10)
Oct  2 19:25:28 geo-samba qpopper[23357]: [AUTH] Failed attempted login to zh from host (192.168.100.230) 192.168.100.230
Почта не отдаётся.
При этом самба с тем же LDAP работает на ура...
Что делать и куда бежать? Уже весь мозг сломал...

Исходное сообщение
"FreeBSD+PAM+LDAP Помогите подружить." Отправлено DJ_Kill, 02-Окт-06 19:34
Тут по этой теме уже тонна написана. Перечитал всё. Всё равно не могу победить. FreeBSD 6.1-RELEASE Стоит OpenLDAP и всё что с этим связано. cyrus-sasl-ldapdb-2.1.21 SASL LDAPDB auxprop plugin nss_ldap-1.244 RFC 2307 NSS module openldap-client-2.2.30 Open source LDAP client implementation openldap-server-2.2.30 Open source LDAP server implementation p5-perl-ldap-0.33 A Client interface to LDAP servers pam_ldap-1.8.0 A pam module for authenticating with LDAP php4-ldap-4.4.2_1 The ldap shared extension for php sendmail+sasl2+ldap-8.13.6 Reliable, highly configurable mail transfer agent with util cat /etc/nsswitch.conf: group: files ldap group_compat: nis ldap hosts: files dns ldap networks: files ldap passwd: files ldap passwd_compat: nis ldap shells: files ldap shadow: files ldap cat /etc/pam.d/pop3 auth sufficient /usr/local/lib/pam_ldap.so auth required pam_unix.so no_warn try_first_pass cat /etc/ldap.conf base dc=gtss,dc=ru host 127.0.0.1 uri ldap://192.168.100.8:389/ uri ldapi:///var/run/openldap/ldapi/ binddn cn=root,dc=gtss,dc=ru bindpw overkill12 rootbinddn cn=root,dc=gtss,dc=ru port 389 scope one #pam_filter objectclass=user pam_filter objectclass=posixAccount pam_login_attribute uid pam_min_uid 10000 pam_max_uid 30000 nss_base_shadow ou=users,dc=gtss,dc=ru?one nss_base_passwd ou=users,dc=gtss,dc=ru?one nss_base_group ou=groups,dc=gtss,dc=ru?one ssl no pam_password SSHA Пытаюсь сгрузить почту. В лог LDAPа летит примерно следующее: Oct 2 19:25:18 geo-samba slapd[426]: Oct 2 19:25:18 geo-samba slapd[426]: daemon: read activity on 30 Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: search access to "uid=zh,ou=users,dc=gtss,dc=ru" "objectClass" requested Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: search access to "uid=zh,ou=users,dc=gtss,dc=ru" "uid" requested Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "entry" requested Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted Oct 2 19:25:18 geo-samba slapd[426]: daemon: select: listen=6 active_threads=0 tvp=NULL Oct 2 19:25:18 geo-samba slapd[426]: daemon: select: listen=7 active_threads=0 tvp=NULL Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "uid" requested Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "cn" requested Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "objectClass" requested Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "uidNumber" requested Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "homeDirectory" requested Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "loginShell" requested Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "shadowMax" requested Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "userPassword" requested Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "shadowLastChange" requested Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "gidNumber" requested Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted Oct 2 19:25:18 geo-samba slapd[426]: daemon: activity on 1 descriptors Oct 2 19:25:18 geo-samba slapd[426]: daemon: activity on: Oct 2 19:25:18 geo-samba slapd[426]: 34r То есть как-то это работает. В логи почтовика сыплется: Oct 2 19:19:49 geo-samba qpopper[23321]: [AUTH] Failed attempted login to pirate from host (192.168.100.230) 192.168.100.230 Oct 2 19:20:34 geo-samba qpopper[23326]: zh at 192.168.100.230 (192.168.100.230): -ERR [AUTH] PAM authentication failed for user "zh": authentication error (9) Oct 2 19:20:34 geo-samba qpopper[23326]: [AUTH] Failed attempted login to zh from host (192.168.100.230) 192.168.100.230 Oct 2 19:25:04 geo-samba qpopper[23352]: zh at 192.168.100.230 (192.168.100.230): -ERR [AUTH] PAM authentication failed for user "zh": new authentication token required (10) Oct 2 19:25:04 geo-samba qpopper[23352]: [AUTH] Failed attempted login to zh from host (192.168.100.230) 192.168.100.230 Oct 2 19:25:28 geo-samba qpopper[23357]: zh at 192.168.100.230 (192.168.100.230): -ERR [AUTH] PAM authentication failed for user "zh": new authentication token required (10) Oct 2 19:25:28 geo-samba qpopper[23357]: [AUTH] Failed attempted login to zh from host (192.168.100.230) 192.168.100.230 Почта не отдаётся. При этом самба с тем же LDAP работает на ура... Что делать и куда бежать? Уже весь мозг сломал...

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

> Тут по этой теме уже тонна написана. Перечитал всё. Всё равно не 
> могу победить.

> FreeBSD 6.1-RELEASE 
> Стоит OpenLDAP и всё что с этим связано.

> cyrus-sasl-ldapdb-2.1.21 SASL LDAPDB auxprop plugin 
> nss_ldap-1.244      RFC 2307 NSS module 
> openldap-client-2.2.30 Open source LDAP client implementation 
> openldap-server-2.2.30 Open source LDAP server implementation 
> p5-perl-ldap-0.33   A Client interface to LDAP servers 
> pam_ldap-1.8.0      A pam module for authenticating with 
> LDAP 
> php4-ldap-4.4.2_1   The ldap shared extension for php 
> sendmail+sasl2+ldap-8.13.6 Reliable, highly configurable mail transfer agent with util

> cat /etc/nsswitch.conf: 
> group: files ldap 
> group_compat: nis ldap 
> hosts: files dns ldap 
> networks: files ldap 
> passwd: files ldap 
> passwd_compat: nis ldap 
> shells: files ldap 
> shadow: files ldap

> cat /etc/pam.d/pop3 
> auth            
> sufficient      /usr/local/lib/pam_ldap.so 
> auth            
> required        pam_unix.so   
>           no_warn 
> try_first_pass

> cat /etc/ldap.conf 
> base dc=gtss,dc=ru 
> host 127.0.0.1 
> uri ldap://192.168.100.8:389/ 
> uri ldapi:///var/run/openldap/ldapi/ 
> binddn cn=root,dc=gtss,dc=ru 
> bindpw overkill12 
> rootbinddn cn=root,dc=gtss,dc=ru 
> port 389 
> scope one 
> #pam_filter objectclass=user 
> pam_filter objectclass=posixAccount 
> pam_login_attribute uid 
> pam_min_uid 10000 
> pam_max_uid 30000 
> nss_base_shadow         ou=users,dc=gtss,dc=ru?one 
> nss_base_passwd         ou=users,dc=gtss,dc=ru?one 
> nss_base_group          ou=groups,dc=gtss,dc=ru?one 
> ssl no 
> pam_password SSHA

> Пытаюсь сгрузить почту.
> В лог LDAPа летит примерно следующее:

> Oct  2 19:25:18 geo-samba slapd[426]: 
> Oct  2 19:25:18 geo-samba slapd[426]: daemon: read activity on 30 
> Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: search access to "uid=zh,ou=users,dc=gtss,dc=ru" 
> "objectClass" requested 
> Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted 
> Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: search access to "uid=zh,ou=users,dc=gtss,dc=ru" 
> "uid" requested 
> Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted 
> Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" 
> "entry" requested 
> Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted 
> Oct  2 19:25:18 geo-samba slapd[426]: daemon: select: listen=6 active_threads=0 tvp=NULL 
 
> Oct  2 19:25:18 geo-samba slapd[426]: daemon: select: listen=7 active_threads=0 tvp=NULL 
 
> Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" 
> "uid" requested 
> Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted 
> Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" 
> "cn" requested 
> Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted 
> Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" 
> "objectClass" requested 
> Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted 
> Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" 
> "uidNumber" requested 
> Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted 
> Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" 
> "homeDirectory" requested 
> Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted 
> Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" 
> "loginShell" requested 
> Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted 
> Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" 
> "shadowMax" requested 
> Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted 
> Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" 
> "userPassword" requested 
> Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted 
> Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" 
> "shadowLastChange" requested 
> Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted 
> Oct  2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" 
> "gidNumber" requested 
> Oct  2 19:25:18 geo-samba slapd[426]: <= root access granted 
> Oct  2 19:25:18 geo-samba slapd[426]: daemon: activity on 1 descriptors 
> Oct  2 19:25:18 geo-samba slapd[426]: daemon: activity on: 
> Oct  2 19:25:18 geo-samba slapd[426]:  34r

> То есть как-то это работает.

> В логи почтовика сыплется:

> Oct  2 19:19:49 geo-samba qpopper[23321]: [AUTH] Failed attempted login to pirate 
> from host (192.168.100.230) 192.168.100.230 
> Oct  2 19:20:34 geo-samba qpopper[23326]: zh at 192.168.100.230 (192.168.100.230): -ERR 
> [AUTH] PAM authentication failed for user "zh": authentication error (9) 
> Oct  2 19:20:34 geo-samba qpopper[23326]: [AUTH] Failed attempted login to zh 
> from host (192.168.100.230) 192.168.100.230 
> Oct  2 19:25:04 geo-samba qpopper[23352]: zh at 192.168.100.230 (192.168.100.230): -ERR 
> [AUTH] PAM authentication failed for user "zh": new authentication token required 
> (10) 
> Oct  2 19:25:04 geo-samba qpopper[23352]: [AUTH] Failed attempted login to zh 
> from host (192.168.100.230) 192.168.100.230 
> Oct  2 19:25:28 geo-samba qpopper[23357]: zh at 192.168.100.230 (192.168.100.230): -ERR 
> [AUTH] PAM authentication failed for user "zh": new authentication token required 
> (10) 
> Oct  2 19:25:28 geo-samba qpopper[23357]: [AUTH] Failed attempted login to zh 
> from host (192.168.100.230) 192.168.100.230

> Почта не отдаётся.

> При этом самба с тем же LDAP работает на ура...

> Что делать и куда бежать? Уже весь мозг сломал...

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру