Переправил везде где можно на SSHA.То есть в итоге:
base dc=servincom,dc=ru
host 127.0.0.1
uri ldap://192.168.100.15:389/
binddn cn=root,ou=users,dc=servincom,dc=ru
bindpw Тут пароль
rootbinddn cn=root,ou=users,dc=servincom,dc=ru
port 389
ldap_version 3
scope one
pam_login_attribute uid
pam_filter objectclass=posixAccount
pam_min_uid 1000
pam_max_uid 30000
nss_base_shadow ou=users,dc=servincom,dc=ru?one
nss_base_passwd ou=users,dc=servincom,dc=ru?one
nss_base_group ou=groups,dc=servincom,dc=ru?one
ssl no
pam_password SSHA
cat /usr/local/etc/openldap/slapd.conf
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/samba.schema
include /usr/local/etc/openldap/schema/sendmail.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
allow bind_v2
database ldbm
suffix "dc=servincom,dc=ru"
rootdn "cn=root,ou=users,dc=servincom,dc=ru"
rootpw {SSHA}пароль сгенерённый slappasswd
password-hash {SSHA}
#Уровень логирования
loglevel 200
directory /var/db/openldap-data
index objectClass,uid,uidNumber,gidNumber eq
index cn,mail,surname,givenname eq,subinitial
# FOR samba3
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
# Basic ACL
access to attr=userPassword by self write by anonymous read by * none
access to attrs=sambaLMPassword,sambaNTPassword by dn="cn=root,ou=users,dc=servincom,dc=ru" write by * none
access to * by * read
Теперь это выглядит так:
ssh user@127.0.0.1
Password:
Old Password:
Password:
Old Password:
Password:
Old Password:
Permission denied (publickey,keyboard-interactive).
tail -f /var/log/messages
Jan 24 12:14:24 servincom sshd[1279]: error: PAM: permission denied for user from localhost
(то, что сменилось имя домена - нормально. другая машина для опытов).
При этом:
tail -f /var/log/debug.log
Jan 24 12:45:18 servincom slapd[409]: daemon: activity on 1 descriptors
Jan 24 12:45:18 servincom slapd[409]: daemon: new connection on 8
Jan 24 12:45:18 servincom slapd[409]: daemon: added 8r
Jan 24 12:45:18 servincom slapd[409]: daemon: activity on:
Jan 24 12:45:18 servincom slapd[409]:
Jan 24 12:45:18 servincom slapd[409]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jan 24 12:45:18 servincom slapd[409]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jan 24 12:45:18 servincom slapd[409]: daemon: activity on 1 descriptors
Jan 24 12:45:18 servincom slapd[409]: daemon: activity on:
Jan 24 12:45:18 servincom slapd[409]: 8r
Jan 24 12:45:18 servincom slapd[409]:
Jan 24 12:45:18 servincom slapd[409]: daemon: read activity on 8
Jan 24 12:45:18 servincom slapd[409]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jan 24 12:45:18 servincom slapd[409]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jan 24 12:45:18 servincom slapd[409]: daemon: activity on 1 descriptors
Jan 24 12:45:18 servincom slapd[409]: daemon: activity on:
Jan 24 12:45:18 servincom slapd[409]: 8r
Jan 24 12:45:18 servincom slapd[409]:
Jan 24 12:45:18 servincom slapd[409]: daemon: read activity on 8
Jan 24 12:45:18 servincom slapd[409]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jan 24 12:45:18 servincom slapd[409]: => access_allowed: search access to "uid=user,ou=users,dc=servincom,dc=ru" "objectClass" requested
Jan 24 12:45:18 servincom slapd[409]: <= root access granted
Jan 24 12:45:18 servincom slapd[409]: => access_allowed: search access to "uid=user,ou=users,dc=servincom,dc=ru" "uid" requested
Jan 24 12:45:18 servincom slapd[409]: <= root access granted
Jan 24 12:45:18 servincom slapd[409]: => access_allowed: read access to "uid=user,ou=users,dc=servincom,dc=ru" "entry" requested
Jan 24 12:45:18 servincom slapd[409]: <= root access granted
Jan 24 12:45:18 servincom slapd[409]: => access_allowed: read access to "uid=user,ou=users,dc=servincom,dc=ru" "objectClass" requested
Jan 24 12:45:18 servincom slapd[409]: <= root access granted
Jan 24 12:45:18 servincom slapd[409]: => access_allowed: read access to "uid=user,ou=users,dc=servincom,dc=ru" "shadowMax" requested
Jan 24 12:45:18 servincom slapd[409]: <= root access granted
Jan 24 12:45:18 servincom slapd[409]: => access_allowed: read access to "uid=user,ou=users,dc=servincom,dc=ru" "homeDirectory" requested
Jan 24 12:45:18 servincom slapd[409]: <= root access granted
Jan 24 12:45:18 servincom slapd[409]: => access_allowed: read access to "uid=user,ou=users,dc=servincom,dc=ru" "uid" requested
Jan 24 12:45:18 servincom slapd[409]: <= root access granted
Jan 24 12:45:18 servincom slapd[409]: => access_allowed: read access to "uid=user,ou=users,dc=servincom,dc=ru" "cn" requested
Jan 24 12:45:18 servincom slapd[409]: <= root access granted
Jan 24 12:45:18 servincom slapd[409]: => access_allowed: read access to "uid=user,ou=users,dc=servincom,dc=ru" "uidNumber" requested
Jan 24 12:45:18 servincom slapd[409]: <= root access granted
Jan 24 12:45:18 servincom slapd[409]: => access_allowed: read access to "uid=user,ou=users,dc=servincom,dc=ru" "gidNumber" requested
Jan 24 12:45:18 servincom slapd[409]: <= root access granted
Jan 24 12:45:18 servincom slapd[409]: => access_allowed: read access to "uid=user,ou=users,dc=servincom,dc=ru" "shadowLastChange" requested
Jan 24 12:45:18 servincom slapd[409]: <= root access granted
Jan 24 12:45:18 servincom slapd[409]: => access_allowed: read access to "uid=user,ou=users,dc=servincom,dc=ru" "userPassword" requested
Jan 24 12:45:18 servincom slapd[409]: <= root access granted
Jan 24 12:45:18 servincom slapd[409]: => access_allowed: read access to "uid=user,ou=users,dc=servincom,dc=ru" "loginShell" requested
Jan 24 12:45:18 servincom slapd[409]: <= root access granted
Jan 24 12:45:18 servincom slapd[409]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jan 24 12:45:18 servincom slapd[409]: daemon: activity on 2 descriptors
Jan 24 12:45:18 servincom slapd[409]: daemon: new connection on 15
Jan 24 12:45:18 servincom slapd[409]: daemon: added 15r
Jan 24 12:45:18 servincom slapd[409]: daemon: activity on:
Jan 24 12:45:18 servincom slapd[409]: 8r
Jan 24 12:45:18 servincom slapd[409]:
то есть доступ, вроде нормальный...