[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nufw-users] nuauth fetches right acl but takes wrong decision
|
From: |
Tilman Baumann |
|
Subject: |
Re: [Nufw-users] nuauth fetches right acl but takes wrong decision |
|
Date: |
Fri, 2 Jun 2006 11:36:03 +0200 |
|
User-agent: |
KMail/1.9.1 |
Am Freitag, 2. Juni 2006 11:04 schrieb Eric Leblond:
> Hi,
>
> First of all sorry for the delay. I hope you had found a solution till
> you've ask.
>
> > Hello,
> >
> > i can not get nuauth running correctly.
> > I use PAM system) for authentification and LDAP for acl.
> >
> > I test with a user (tilli) who is in a gruop with gid 500. This user can
>
> login
>
> > but his packets get droped. I'm not sure because the concerned section
>
> has less debug. But it looks like it fetches the right acl but don't get
> a handle
>
> > on it. Maybe it makes something wrong with the comparision of the gid.
>
> Acls found message seems to show that your analysis is right. You can
> check this by setting in nuauth.conf :
> nuauth_reject_authenticated_drop=1
> This will send a ICMP reject message it there's no match on group. ssh
> will detect message and give hand back.
>
> In fact it looks like a nss problem. What give you "id tilli" ?
OMG! You are right.
Tilli was indeed not in a group with gid 500. I never checkted that. I got the
500 from looking in the ldap. But probably not at the right group...
Thank you for the idea. I will go and test it and give myself a beating...
--
Tilman Baumann
Software Developer
Collax GmbH . Boetzinger Strasse 60 . 79111 Freiburg . Germany
p: +49 (0) 89-990157-0
f: +49 (0) 89-990157-11