Server: Centos 7.2, Client: Debian 8.6
Problem is that i cannot log on client when password is encrypted by SHA/SSHA on server side.
Ldapsearch from client station work. I can recived attrs from server when i ask server as user raj3.It work with SSHA i CRPYPT encoded user password.
On server side password was generaded by
ldappasswd -s password123 -W -D "cn=admin,dc=pydio,dc=sum,dc=edu,dc=pl" -x "uid=raj3,ou=People,dc=pydio,dc=xxx,dc=edu,dc=pl"
Command:
getent passwd raj3
resonding well from client.
What more when i have password encoded by SHA/SSHA i can login on user raj3 via JXpolorer(from windows in the same network) to ldap server and i can see attrs of this user.
New details 02.09.2019:
On client side there are : ibpam-ldap and instalation was prepared by :
aptitude -y install libnss-ldap libpam-ldap ldap-utils /etc/pam.d/common-password
password [success=2 default=ignore] pam_unix.so obscure password [success=1 user_unknown=ignore default=die] pam_ldap.so try_first_pass password requisite pam_deny.so password required pam_permit.so I was testing above with sha512 in line:
password [success=2 default=ignore] pam_unix.so obscure sha512 and the same problem too.
/etc/nsswitch.conf
passwd: compat ldap group: compat ldap shadow: compat ldap gshadow: files hosts: files myhostname mdns4_minimal [NOTFOUND=return] dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: ldap /etc/pam_ldap.conf
pam_password crypt getent passwd raj3 -work on client only on root local account on other local acount no.
For me is misunderstood why CRYPT work but SSHA no when command getent no work on non root acount.
ACL olcAccess: {0}to * by dn="cn=admin,dc=pydio,dc=sum,dc=edu,dc=pl" write by self write by users read by * auth
Does ACL is wrong to forbid anonymouse user so see tree of ldap ? But why i can log with CRYPT enrypted password with such ACL? IT is to hard solve it by me.
