我已经安装了 LDAP 客户端身份验证这手动,但在我的 /var/log/auth.log 文件中我收到此错误:
Sep 5 14:08:59 workstation01 nscd: nss_ldap: failed to bind to LDAP server ldap://c-hack00:389: Invalid credentials
Sep 5 14:08:59 workstation01 nscd: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)...
Sep 5 14:09:00 workstation01 nscd: nss_ldap: failed to bind to LDAP server ldap://c-hack00:389: Invalid credentials
Sep 5 14:09:00 workstation01 nscd: nss_ldap: could not search LDAP server - Server is unavailable
我的/etc/ldap.conf:
# Your LDAP server. Must be resolvable without using LDAP.
# Multiple hosts may be specified, each separated by a
# space. How long nss_ldap takes to failover depends on
# whether your LDAP client library supports configurable
# network or connect timeouts (see bind_timelimit).
#host c-hack00
# The distinguished name of the search base.
base dc=c-hack,dc=de
# Another way to specify your LDAP server is to provide an
uri ldap://c-hack00:389
# Unix Domain Sockets to connect to a local LDAP Server.
#uri ldap://127.0.0.1/
#uri ldaps://127.0.0.1/
#uri ldapi://%2fvar%2frun%2fldapi_sock/
# Note: %2f encodes the '/' used as directory separator
# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn cn=proxyuser,dc=c-hack,dc=de
#"proxuser" is an existing LDAP user I've created
# The credentials to bind with.
# Optional: default is no credential.
bindpw mypasswort
# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
rootbinddn cn=manager,dc=SPG
# The port.
# Optional: default is 389.
#port 389
# The search scope.
#scope sub
我认为客户端能够连接到服务器,但凭证有问题...我该如何解决这个问题?
答案1
需要明确的是 - bindpw 与 proxyuser 帐户的密码匹配?如果您运行以下命令(在提示时输入 bindpw),是否会出现错误?
ldapsearch -x -W -D “cn=proxyuser,dc=c-hack,dc=de” -b “dc=c-hack, dc=de” objectclass=*
答案2
好的,连接到服务器正常,/var/log/auth.log 文件中没有错误,当执行“sudo”命令时,我收到两个密码问题(一个本地,一个用于 LDAP),但 LDAP 用户仍然不在“getent passwd”列表中...