Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Re: ssh connection to an ldap server

from [fatima riadi] Network Security [Permanent Link]
Subject: RE: Re: ssh connection to an ldap server
Date: Mon, 21 Mar 2005 19:45:59 +0100 (CET) 

I tested setting the bindpw password encrypted using
the SSHA hash code and that works fine.

Thanks again

 --- fatima riadi <ftmriadi@yahoo.fr> a écrit : 

That's it!!

Thank you very much Gary for your help.

Now, I am able to connect to my LDAP server.

Just another question please: is it necessary to
write
the bindpw password in clear text in /etc/ldap.conf?

Tank you again.


 --- "Tay, Gary" <Gary_Tay@platts.com> a écrit : 

I noticed that:
 
1) You did not provide binddn and bindpw in
/etc/ldap.conf
 
# The distinguished name to bind to the server

with.

# Optional: default is to bind anonymously.
#binddn cn=exampleuser,dc=example,dc=com
binddn cn=nssldap,ou=DSA,dc=example,dc=com

# The credentials to bind with.
# Optional: default is no credential.
bindpw pw_in_clear_text
 
2) Your rootbinddn in /etc/ldap.conf should be
"cn=Manager,dc=example,dc=com", i.e. tally with
slapd.conf

# The distinguished name to bind to the server

with

# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
rootbinddn cn=Manager,dc=example,dc=com

Gary

    -----Original Message----- 
    From: fatima riadi [mailto:ftmriadi@yahoo.fr] 
    Sent: Mon 3/21/2005 11:57 PM 
    To: Tay, Gary 
    Cc: secureshell@securityfocus.com 
    Subject: RE: Re: ssh connection to an ldap server
    
    

     --- "Tay, Gary" <Gary_Tay@platts.com> a écrit :
    > If you suspect pam_ldap, show us the
    > /etc/nsswitch.conf and /etc/pam.d/system-auth
and/or
    > /etc/pam.d/sshd.
    >





======================================================

    Here is my slapd.conf file content:
    
    include         /etc/openldap/schema/core.schema
    include        

/etc/openldap/schema/cosine.schema

    include        
/etc/openldap/schema/inetorgperson.schema
    include         /etc/openldap/schema/nis.schema
    include         /etc/openldap/schema/samba.schema
    include



/etc/openldap/schema/redhat/rfc822-MailMember.schema

    include        
/etc/openldap/schema/redhat/autofs.schema
    
    
    # Allow LDAPv2 client connections.  This is NOT

the

    default.
    allow bind_v2
    
    # Do not enable referrals until AFTER you have a
    working directory
    # service AND an understanding of referrals.
    #referral       ldap://root.openldap.org
    
    pidfile /var/run/slapd.pid
    #argsfile       //var/run/slapd.args
    
    access to attr=userPassword
            by self write
            by * auth
    access to dn="ou=users,dc=example,dc=com"
            by self write
            by

dn="cn=nssldap,ou=DSA,dc=example,dc=com"

read
            by users auth
            by anonymous read
    access to * by self write
            by * read
    





#######################################################################

    # ldbm and/or bdb database definitions





#######################################################################

    
    database        ldbm
    suffix          "dc=example,dc=com"
    rootdn          "cn=Manager,dc=example,dc=com"
    rootpw         
{SSHA}Cu0mazfs7JKjmJaCrZQszD1G7ijRpIKO
    
    # The database directory MUST exist prior to
running
    slapd AND
    # should only be accessible by the slapd and slap
    tools.
    # Mode 700 recommended.
    directory       /var/lib/ldap
    
    # Indices to maintain for this database
    index objectClass                       eq,pres
    index ou,cn,mail,surname,givenname     

eq,pres,sub

    index uidNumber,gidNumber,loginShell    eq,pres
    index uid,memberUid                    

eq,pres,sub

    index nisMapName,nisMapEntry           

eq,pres,sub

    index

sambaSID,sambaDomainName,sambaPrimaryGroupSID

    eq





======================================================

    /etc/pam.d/sshd
    
    #%PAM-1.0
    auth       required     pam_stack.so
    service=system-auth
    auth       required     pam_nologin.so
    account    required     pam_stack.so
    service=system-auth
    password   required     pam_stack.so
    service=system-auth
    session    required     pam_stack.so
    service=system-auth
    session    required     pam_limits.so
    session    optional     pam_console.so





======================================================

     
    > pam_ldap works with nss_ldap, also show
    > /etc/ldap.conf.
    
    And this is my /etc/ldap.conf file:
    
    # Your LDAP server. Must be resolvable without
using
    LDAP.
    host 127.0.0.1
    
    # The distinguished name of the search base.
    base dc=example,dc=com
    
    # Another way to specify your LDAP server is to
    provide an
    # uri with the server name. This allows to use
    # Unix Domain Sockets to connect to a local LDAP
    Server.
    #uri ldap://127.0.0.1/
    #uri ldaps://127.0.0.1/  
    #uri ldapi://%2fvar%2frun%2fldapi_sock/
    # Note: %2f encodes the '/' used as directory
    separator
    
    # The LDAP version to use (defaults to 3
    # if supported by client library)
    #ldap_version 3
    
    # The distinguished name to bind to the server
with.
    # Optional: default is to bind anonymously.
    #binddn cn=exampleuser,dc=example,dc=com
    
    # The credentials to bind with.
    # Optional: default is no credential.
    #bindpw secret
    
    # The distinguished name to bind to the server

with

    # if the effective user ID is root. Password is
    # stored in /etc/ldap.secret (mode 600)
    rootbinddn cn=nssldap,ou=DSA,dc=example,dc=com
    
    # The port.



=== message truncated === 


        

        
                
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! 
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Re: ssh connection to an ldap server, fatima riadi
Next by Date:  How to use scp without encryption ?, Manoj
Previous by Thread:  RE: Re: ssh connection to an ldap server, fatima riadi
Next by Thread:  netstat from ssh_prng_cmds taking too much CPU on AIX, Ronald B. Miller
Indexes:  [Date] [Thread] [Top] [All Lists]