- 论坛徽章:
- 0
|
由于公司要做一个openldap统一认证数据库.qmail+ssh+samba+system+ftp(未通过)。只查ftp没有通过,先把配置文件和相关测试参数发给大家:
system: centos
ftp version: vsftp
ldap version: openldap
vsftpd.conf的配置内容:
----------------------------------
[root@rd etc]# grep -v "#" /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
pasv_min_port=5000
pasv_max_port=5100
chroot_local_user=YES
pam_service_name=vsftpd
userlist_enable=YES
listen=YES
tcp_wrappers=YES
---------------------------------------------------
vsftpd的pam模块内容:
[root@rd etc]# more /etc/pam.d/vsftpd
#%PAM-1.0
auth sufficient /lib/security/pam_ldap.so use_first_pass
account sufficient /lib/security/pam_ldap.so
password sufficient /lib/security/pam_ldap.so
session sufficient /lib/security/pam_ldap.so
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd.ftpusers onerr=succeed
auth required pam_stack.so service=system-auth
auth required pam_shells.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_loginuid.so
----------------------------------------------------------
/etc/ldap.conf文件的配置内容:
[root@rd etc]# grep -v "#" ldap.conf|uniq|sort -r
tls_cacertdir /etc/openldap/cacerts
ssl no
port 389
pam_password md5
pam_password exop
pam_password crypt
host 192.168.2.229
bindpw ftp123
binddn cn=ftpadmin,o=sinotest
base o=sinotest
-----------------------------------------------------------
192.168.2.229的openldap sever的配置内容:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
include /etc/openldap/schema/qmailUser.schema
allow bind_v2
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * none
access to *
by self write
by users read
by anonymous auth
database bdb
suffix "o=sinotest"
rootdn "cn=admin,o=sinotest"
rootpw sinotest
directory /var/lib/ldap
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,sub,eq
index memberUid,mail,givenname eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
----------------------------------------------------------------------
做如下实验:
1.在本机器上测试,能否ldapsearch到192。168。2。229的数据
答案:一切正常。
2。[root@rd etc]# ftp localhost
Connected to localhost.localdomain.
220 (vsFTPd 2.0.1)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): test2
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.\
看log
Jul 17 11:24:26 rd vsftpd(pam_unix)[25268]: check pass; user unknown
Jul 17 11:24:26 rd vsftpd(pam_unix)[25268]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=192.168.1.20
Jul 17 13:08:11 rd vsftpd(pam_unix)[25301]: check pass; user unknown
Jul 17 13:08:11 rd vsftpd(pam_unix)[25301]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=127.0.0.1
看似提示,找不到LDAP里的用户,郁闷啊
请各位老师帮忙解答一下,是什么问题。已经郁闷很久了。 |
|