On Tue, 2009-08-25 at 13:02 -0500, Jeffrey Watts wrote: > Did you put "debug 1" in /etc/ldap.conf? That file is sourced by both > nss_ldap and pam_ldap. > > Jeffrey. > > On Tue, Aug 25, 2009 at 11:56 AM, Andy Speagle > <andy.spea...@wichita.edu> wrote: > > Thanks... any thoughts on where to go from here? I can't seem > to get > any verbose logging from PAM... despite appending "debug" to > the > pam_ldap.so lines.
Ok, so, now I'm getting debug. I'm not sure what all you want... but here's a wealth of debug... santized to protect the innocent: ----- ldap_create ldap_extended_operation_s ldap_extended_operation ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP <hostname>:389 ldap_new_socket: 79 ldap_prepare_socket: 79 ldap_connect_to_host: Trying <ip>:389 ldap_connect_timeout: fd: 79 tm: 10 async: 0 ldap_ndelay_on: 79 ldap_is_sock_ready: 79 ldap_ndelay_off: 79 ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({) ber: ber_flush: 31 bytes to sd 79 ldap_result ld 0x2aaac8637370 msgid 1 ldap_chkResponseList ld 0x2aaac8637370 msgid 1 all 1 ldap_chkResponseList returns ld 0x2aaac8637370 NULL wait4msg ld 0x2aaac8637370 msgid 1 (infinite timeout) wait4msg continue ld 0x2aaac8637370 msgid 1 all 1 ** ld 0x2aaac8637370 Connections: * host: <hostname> port: 389 (default) refcnt: 2 status: Connected last used: Tue Aug 25 14:25:27 2009 ** ld 0x2aaac8637370 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ** ld 0x2aaac8637370 Response Queue: Empty ldap_chkResponseList ld 0x2aaac8637370 msgid 1 all 1 ldap_chkResponseList returns ld 0x2aaac8637370 NULL ldap_int_select read1msg: ld 0x2aaac8637370 msgid 1 all 1 ber_get_next ber_get_next: tag 0x30 len 95 contents: read1msg: ld 0x2aaac8637370 msgid 1 message type extended-result ber_scanf fmt ({eaa) ber: ber_scanf fmt ({eaa}) ber: new result: res_errno: 0, res_error: <Start TLS request accepted.Server willing to negotiate SSL.>, res_matched: <> read1msg: ld 0x2aaac8637370 0 new referrals read1msg: mark request completed, ld 0x2aaac8637370 msgid 1 request done: ld 0x2aaac8637370 msgid 1 res_errno: 0, res_error: <Start TLS request accepted.Server willing to negotiate SSL.>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_free_connection 0 1 ldap_free_connection: refcnt 1 ldap_parse_extended_result ber_scanf fmt ({eaa) ber: ber_scanf fmt (a) ber: ldap_parse_result ber_scanf fmt ({iaa) ber: ber_scanf fmt (x) ber: ber_scanf fmt (}) ber: ldap_msgfree TLS trace: SSL_connect:before/connect initialization LS trace: SSL_connect:SSLv2/v3 write client hello A TLS trace: SSL_connect:SSLv3 read server hello A TLS certificate verification: depth: 1, err: 0, subject: <LDAP Path>, issuer: <More LDAP Stuff> TLS certificate verification: depth: 0, err: 0, subject: <More LDAP>, issuer: <Yup, More LDAP> TLS trace: SSL_connect:SSLv3 read server certificate A TLS trace: SSL_connect:SSLv3 read server certificate request A TLS trace: SSL_connect:SSLv3 read server done A TLS trace: SSL_connect:SSLv3 write client certificate A TLS trace: SSL_connect:SSLv3 write client key exchange A TLS trace: SSL_connect:SSLv3 write change cipher spec A TLS trace: SSL_connect:SSLv3 write finished A TLS trace: SSL_connect:SSLv3 flush data TLS trace: SSL_connect:SSLv3 read finished A ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({i) ber: ber_flush: 14 bytes to sd 79 ldap_result ld 0x2aaac8637370 msgid 2 ldap_chkResponseList ld 0x2aaac8637370 msgid 2 all 0 ldap_chkResponseList returns ld 0x2aaac8637370 NULL wait4msg ld 0x2aaac8637370 msgid 2 (timeout 10000000 usec) wait4msg continue ld 0x2aaac8637370 msgid 2 all 0 ** ld 0x2aaac8637370 Connections: * host: <hostname> port: 389 (default) refcnt: 2 status: Connected last used: Tue Aug 25 14:25:27 2009 ** ld 0x2aaac8637370 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ** ld 0x2aaac8637370 Response Queue: Empty ldap_chkResponseList ld 0x2aaac8637370 msgid 2 all 0 ldap_chkResponseList returns ld 0x2aaac8637370 NULL ldap_int_select read1msg: ld 0x2aaac8637370 msgid 2 all 0 ber_get_next ber_get_next: tag 0x30 len 12 contents: read1msg: ld 0x2aaac8637370 msgid 2 message type bind ber_scanf fmt ({eaa) ber: ber_scanf fmt ({eaa}) ber: new result: res_errno: 0, res_error: <>, res_matched: <> read1msg: ld 0x2aaac8637370 0 new referrals read1msg: mark request completed, ld 0x2aaac8637370 msgid 2 request done: ld 0x2aaac8637370 msgid 2 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 2, msgid 2) ldap_free_connection 0 1 ldap_free_connection: refcnt 1 ldap_parse_result ber_scanf fmt ({iaa) ber: ber_scanf fmt (}) ber: ldap_msgfree ldap_search put_filter: "(uid=<myuid>)" put_filter: simple put_simple_filter: "uid=<myuid>" ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({) ber: ber_flush: 70 bytes to sd 79 ldap_result ld 0x2aaac8637370 msgid 3 ldap_chkResponseList ld 0x2aaac8637370 msgid 3 all 1 ldap_chkResponseList returns ld 0x2aaac8637370 NULL wait4msg ld 0x2aaac8637370 msgid 3 (infinite timeout) wait4msg continue ld 0x2aaac8637370 msgid 3 all 1 ** ld 0x2aaac8637370 Connections: * host: <hostname> port: 389 (default) refcnt: 2 status: Connected last used: Tue Aug 25 14:25:27 2009 ** ld 0x2aaac8637370 Outstanding Requests: * msgid 3, origid 3, status InProgress outstanding referrals 0, parent count 0 ** ld 0x2aaac8637370 Response Queue: Empty ldap_chkResponseList ld 0x2aaac8637370 msgid 3 all 1 ldap_chkResponseList returns ld 0x2aaac8637370 NULL ldap_int_select read1msg: ld 0x2aaac8637370 msgid 3 all 1 ber_get_next ber_get_next: tag 0x30 len 12 contents: read1msg: ld 0x2aaac8637370 msgid 3 message type search-result ber_scanf fmt ({eaa) ber: ber_scanf fmt ({eaa}) ber: new result: res_errno: 0, res_error: <>, res_matched: <> read1msg: ld 0x2aaac8637370 0 new referrals read1msg: mark request completed, ld 0x2aaac8637370 msgid 3 request done: ld 0x2aaac8637370 msgid 3 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 3, msgid 3) ldap_free_connection 0 1 ldap_free_connection: refcnt 1 ldap_parse_result ber_scanf fmt ({iaa) ber: ber_scanf fmt (}) ber: ldap_msgfree ldap_unbind ldap_free_connection 1 1 ldap_send_unbind ber_flush: 7 bytes to sd 79 TLS trace: SSL3 alert write:warning:close notify ldap_free_connection: actually freed 2009-08-25 14:25:27,507 [TP-Processor3] WARN com.redhat.rhn.domain.user.legacy.LegacyRhnUserImpl - PAM login for user User f229m776 (id 21, org_id 1) f ailed with error Authentication failure. ----- I can't seem to tell at what point this is failing... but I'm not terrible LDAP literate... at least not at this level. Thoughts? -- Andy Speagle "THE Student" - UCATS Wichita State University
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list