Some more logs:

>From lookout (also known as ldap and kerberos)

/var/log/auth.log
Oct 30 10:29:02 lookout krb5kdc[21046]: AS_REQ (7 etypes {18 17 16 23 1
3 2}) 192.168.212.93: ISSUE: authtime 1225358942, etypes {rep=16 tkt=16
ses=16}, ronni@ONE.COM for krbtgt/ONE.COM@ONE.COM

/var/log/syslog
Oct 30 10:29:02 lookout slapd[28071]: conn=93 fd=15 ACCEPT from
IP=192.168.212.93:40131 (IP=0.0.0.0:389)
Oct 30 10:29:02 lookout slapd[28071]: conn=93 op=0 BIND dn=""
method=128
Oct 30 10:29:02 lookout slapd[28071]: conn=93 op=0 RESULT tag=97 err=0
text=
Oct 30 10:29:02 lookout slapd[28071]: conn=93 op=1 SRCH
base="dc=one,dc=com" scope=2 deref=0 filter="(uid=ronni)"
Oct 30 10:29:02 lookout slapd[28071]: conn=93 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Oct 30 10:29:02 lookout slapd[28071]: conn=93 fd=15 closed (connection
lost)

- Ronni



On Thu, 2008-10-30 at 10:36 +0100, Ronni Feldt wrote:
> Hi,
>
> Im still trying to get this to work.
>
> Server: Debian Etch (3 hostnames=lookout, ldap and kerberos,
> ip=192.168.212.15)
> Workstation: Ubuntu 8.04 (hostname=rofe.one.com, ip=192.168.212.93)
>
> I have followed the following guides:
> http://techpubs.spinlocksolutions.co.../kerberos.html
> http://techpubs.spinlocksolutions.com/dklar/ldap.html
>
> Created my own user "ronni" the same way as the user "mirko" is.
>
> >From my workstation I can do:

> kinit ronni
> ldapsearch -x
> which both work.
>
> ldapsearch -x gives this output:
> # extended LDIF
> #
> # LDAPv3
> # base (default) with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # one.com
> dn: dc=one,dc=com
> objectClass: top
> objectClass: dcObject
> objectClass: organization
> o: one.com
> dc: one
>
> # admin, one.com
> dn: cn=admin,dc=one,dc=com
> objectClass: simpleSecurityObject
> objectClass: organizationalRole
> cn: admin
> description: LDAP administrator
>
> # People, one.com
> dn: ou=People,dc=one,dc=com
> ou: People
> objectClass: organizationalUnit
>
> # Group, one.com
> dn: ou=Group,dc=one,dc=com
> ou: Group
> objectClass: organizationalUnit
>
> # ronni, group, one.com
> dn: cn=ronni,ou=group,dc=one,dc=com
> cn: ronni
> gidNumber: 20000
> objectClass: top
> objectClass: posixGroup
>
> # ronni, people, one.com
> dn: uid=ronni,ou=people,dc=one,dc=com
> uid: ronni
> uidNumber: 20000
> gidNumber: 20000
> cn: Ronni
> sn: Ronni
> objectClass: top
> objectClass: person
> objectClass: posixAccount
> objectClass: shadowAccount
> loginShell: /bin/bash
> homeDirectory: /home/ronni
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 7
> # numEntries: 6
>
>
>
> When I try to login it does'nt work, it just returns to the login screen
> with no message.
> Login screen:
> 8.04.1 rofe tty2
> rofe login:
>
> If I do this on lookout:
> tcpdump -i eth0.212 'tcp port 389'
> tcpdump -i eth0.212 'udp 88'
>
> I get the following:
>
> tcpdump 'tcp port 389'
> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> listening on eth0.212, link-type EN10MB (Ethernet), capture size 96
> bytes
> 10:29:02.699116 IP rofe.one.com.40131 > 192.168.212.15.ldap: S
> 2718092773:2718092773(0) win 5840 > 0,nop,wscale 7>
> 10:29:02.699148 IP 192.168.212.15.ldap > rofe.one.com.40131: S
> 1225469498:1225469498(0) ack 2718092774 win 5792 > 1460,sackOK,timestamp 1404889037 14666346,nop,wscale 7>
> 10:29:02.699293 IP rofe.one.com.40131 > 192.168.212.15.ldap: . ack 1 win
> 46
> 10:29:02.699328 IP rofe.one.com.40131 > 192.168.212.15.ldap: P 1:15(14)
> ack 1 win 46
> 10:29:02.699341 IP 192.168.212.15.ldap > rofe.one.com.40131: . ack 15
> win 46
> 10:29:02.699994 IP 192.168.212.15.ldap > rofe.one.com.40131: P 1:15(14)
> ack 15 win 46
> 10:29:02.700130 IP rofe.one.com.40131 > 192.168.212.15.ldap: . ack 15
> win 46
> 10:29:02.700207 IP rofe.one.com.40131 > 192.168.212.15.ldap: P 15:68(53)
> ack 15 win 46
> 10:29:02.700515 IP 192.168.212.15.ldap > rofe.one.com.40131: P
> 15:270(255) ack 68 win 46
> 10:29:02.700549 IP 192.168.212.15.ldap > rofe.one.com.40131: P
> 270:284(14) ack 68 win 46
> 10:29:02.700737 IP rofe.one.com.40131 > 192.168.212.15.ldap: . ack 284
> win 54
> 10:29:02.701674 IP rofe.one.com.40131 > 192.168.212.15.ldap: F 68:68(0)
> ack 284 win 54
> 10:29:02.701790 IP 192.168.212.15.ldap > rofe.one.com.40131: F
> 284:284(0) ack 69 win 46
> 10:29:02.702319 IP rofe.one.com.40131 > 192.168.212.15.ldap: . ack 285
> win 54
>
>
>
> tcpdump 'udp 88'
> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> listening on eth0.212, link-type EN10MB (Ethernet), capture size 96
> bytes
> 10:29:02.693809 IP rofe.one.com.50355 > 192.168.212.15.kerberos: v5
> 10:29:02.695165 IP 192.168.212.15.kerberos > rofe.one.com.50355: v5
>
>
> tail /var/log/auth.log on workstation says this:
> Oct 30 10:29:02 rofe login[11133]: pam_unix(login:auth): check pass;
> user unknown
> Oct 30 10:29:02 rofe login[11133]: pam_unix(login:auth): authentication
> failure; logname=rofe uid=0 euid=0 tty=tty2 ruser= rhost=
> Oct 30 10:29:02 rofe login[11133]: pam_unix(login:account): could not
> identify user (from getpwnam(ronni))
>
>
>
> What have I missed ?
>
> - Ronni
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos