Can not login via LDAP authentication

SUSE Linux Enterprise Server 10 (x86_64)
VERSION = 10
PATCHLEVEL = 4

Login error:
access deny

Log error:
Apr 11 07:21:46 ucbsdb05 sshd[28669]: Invalid user xt2a from 84.7.112.232
Apr 11 07:21:46 ucbsdb05 sshd[28669]: Failed none for invalid user xt2a from 84.7.112.232 port 4885 ssh2
Apr 11 07:21:49 ucbsdb05 sshd[28669]: pam_ldap: error trying to bind as user “uid=xt2a,ou=people,dc=dccsh,dc=icbc,dc=com,dc=cn” (Invalid credentials)
Apr 11 07:21:49 ucbsdb05 sshd[28669]: pam_tally(sshd:auth): pam_get_uid; no such user
Apr 11 07:21:49 ucbsdb05 sshd[28669]: Failed password for invalid user xt2a from 84.7.112.232 port 4885 ssh2
Apr 11 07:21:55 ucbsdb05 sshd[28669]: pam_ldap: error trying to bind as user “uid=xt2a,ou=people,dc=dccsh,dc=icbc,dc=com,dc=cn” (Invalid credentials)
Apr 11 07:21:55 ucbsdb05 sshd[28669]: pam_tally(sshd:auth): pam_get_uid; no such user
Apr 11 07:21:55 ucbsdb05 sshd[28669]: Failed password for invalid user xt2a from 84.7.112.232 port 4885 ssh2

I have no problem with the configuration, but is not landing。

Can you export the xt2a user from your LDAP directory using an
administrative user so we can see all of the attributes there?

Is the case of the uid attribute exactly the same as what you put in?

Are the required posix attributes all present?


Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

Hi andyleigood,

in addition to ab’s questions:

Where is the LDAP server running? Same machine or a remote machine… and if remote, which version?

Can you bind manually using i.e. “ldapsearch -h yourldapserver.dccsh.icbc.com.cn -D ‘uid=xt2a,ou=people,dc=dccsh,dc=icbc,dc=com,dc =cn’ -Wx” using the user’s password?

Is this is a shared LDAP server? The password may simply be encrypted “wrongly” (form one system’s point of view) if different hash algos are used across the systems used to hash the pw.

Regards,
Jens