Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: ldap SASL(-13): user not found: no secret in database

  1. #1

    ldap SASL(-13): user not found: no secret in database

    hi,

    Been already 2 days busy with this.
    I am configuring ldap on yast and now I have an issue regarding the authentication.
    My password is not being accepted even though I fill the correct password.
    I have setup ldap using yast and here are some errors:

    # ldapwhoami
    SASL/DIGEST-MD5 authentication started
    Please enter your password:
    ldap_sasl_interactive_bind_s: Invalid credentials (49)
    additional info: SASL(-13): user not found: no secret in database

    /var/log/messages:

    :[rw] authid: "uid=root,cn=digest-md5,cn=auth" -> "uid=root,cn=digest-md5,cn=auth"
    : slap_parseURI: parsing uid=root,cn=digest-md5,cn=auth
    : >>> dnNormalize: <uid=root,cn=digest-md5,cn=auth>
    : <<< dnNormalize: <uid=root,cn=digest-md5,cn=auth>
    : <==slap_sasl2dn: Converted SASL name to uid=root,cn=digest-md5,cn=auth
    : slap_sasl_getdn: dn:id converted to uid=root,cn=digest-md5,cn=auth
    : SASL Canonicalize [conn=1006]: slapAuthcDN="uid=root,cn=digest-md5,cn=auth"
    : SASL Canonicalize [conn=1006]: authzid="root"
    : SASL [conn=1006] Failure: no secret in database
    : send_ldap_result: conn=1006 op=2 p=3
    : send_ldap_result: err=49 matched="" text="SASL(-13): user not found: no secret in database"
    : send_ldap_response: msgid=3 tag=97 err=49
    : conn=1006 op=2 RESULT tag=97 err=49 text=SASL(-13): user not found: no secret in database

    LEt me know if you need more info, because of this issue I can't create users or any other tasks in openldap

    # cat /etc/openldap/slapd.conf
    #
    # Note: The OpenLDAP configuration has been created by YaST. YaST does not
    # use /etc/openldap/slapd.conf to store the OpenLDAP configuration anymore.
    # YaST uses OpenLDAP's dynamic configuration database (back-config) to
    # store the LDAP server's configuration.
    # For details about the dynamic configuration backend please see the
    # slapd-config(5) manpage or the OpenLDAP Software 2.4 Administrator's Guide
    # located at /usr/share/doc/packages/openldap2/guide/admin/guide.html
    # on this system.

  2. #2

    Re: ldap SASL(-13): user not found: no secret in database

    Try adding the '-x' option to use Simple (password) authentication. See
    the manpage for details if interested.

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

  3. #3

    Re: ldap SASL(-13): user not found: no secret in database

    i tried:

    # ldapwhoami
    SASL/DIGEST-MD5 authentication started
    Please enter your password:
    ldap_sasl_interactive_bind_s: Invalid credentials (49)
    additional info: SASL(-13): user not found: no secret in database

    # ldapwhoami -x
    anonymous


    this is interesting, but still I have the problem in the yast userinterface
    is there an option within the yast - ldap server to change the authentication mode ?

  4. #4

    Re: ldap SASL(-13): user not found: no secret in database

    I think this is the problem:

    The error usually occurs when the credentials (password) provided does not match the userPassword held in entry you are binding to.

    The error can also occur when the bind DN specified is not known to the server.


    but how can I change this or even troubleshoot this, because yast is running ldap and there is no log files

  5. #5

    Re: ldap SASL(-13): user not found: no secret in database

    I am going to guess you are new-ish to LDAP on the command line. Please
    confirm one way or another, so we can help with appropriate levels of
    verbosity.

    What does the following show:

    Code:
    ldapsearch -x
    Which users have you defined in yast? Perhaps post the output from this:

    Code:
    getent passwd
    Have you ever setup the LDAP client on a Linux box? On SLED specifically?
    Do you see the slapd (as I recall) process running, which would be the
    LDAP service itself?

    Code:
    ps aux | grep -i slapd
    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

  6. #6

    Re: ldap SASL(-13): user not found: no secret in database

    here are the commands

    # ldapsearch -x
    # extended LDIF
    #
    # LDAPv3
    # base <dc=server-world,dc=com> (default) with scope subtree
    # filter: (objectclass=*)
    # requesting: ALL
    #

    # server-world.com
    dn: dc=server-world,dc=com
    dc: server-world
    o: server-world
    objectClass: organization
    objectClass: dcObject

    # search result
    search: 2
    result: 0 Success

    # numResponses: 2
    # numEntries: 1

    #getent passwd
    at:x:25:25:Batch jobs daemon:/var/spool/atjobs:/bin/bash
    bin:x:1:1:bin:/bin:/bin/bash
    daemon:x:2:2aemon:/sbin:/bin/bash
    ftp:x:40:49:FTP account:/srv/ftp:/bin/bash
    games:x:12:100:Games account:/var/games:/bin/bash
    haldaemon:x:102:104:User for haldaemon:/var/run/hald:/bin/false
    ldap:x:76:70:User for OpenLDAP:/var/lib/ldap:/bin/bash
    lp:x:4:7:Printing daemon:/var/spool/lpd:/bin/bash
    mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false
    man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash
    messagebus:x:100:102:User for D-Bus:/var/run/dbus:/bin/false
    mysql:x:60:106:MySQL database admin:/var/lib/mysql:/bin/false
    news:x:9:13:News system:/etc/news:/bin/bash
    nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash
    ntp:x:74:108:NTP daemon:/var/lib/ntp:/bin/false
    polkituser:x:101:103:PolicyKit:/var/run/PolicyKit:/bin/false
    postfix:x:51:51:Postfix Daemon:/var/spool/postfix:/bin/false
    puppet:x:104:107:Puppet daemon:/var/lib/puppet:/bin/false
    root:x:0:0:root:/root:/bin/bash
    sshd:x:71:65:SSH daemon:/var/lib/sshd:/bin/false
    suse-ncc:x:105:109:Novell Customer Center User:/var/lib/YaST2/suse-ncc-fakehome:/bin/bash
    uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash
    uuidd:x:103:105:User for uuidd:/var/run/uuidd:/bin/false
    wwwrun:x:30:8:WWW daemon apache:/var/lib/wwwrun:/bin/false


    #ps aux | grep -i slapd
    ldap 13066 0.0 0.8 203368 14864 ? Ssl Oct27 0:00 /usr/lib/openldap/slapd -h ldap:/// ldapi:/// -F /etc/openldap/slapd.d -u ldap -g ldap -o slp=off


    I haven't setup any LDAP clients on Linux and this is the first time.
    Instead of manually configuration/installation , I used the Yast ldap interface.
    And I can't create any users, because of authentication errors
    let me know if you need more info

  7. Re: ldap SASL(-13): user not found: no secret in database

    Hi ecanmaster,
    Quote Originally Posted by ecanmaster View Post
    I haven't setup any LDAP clients on Linux and this is the first time.
    Instead of manually configuration/installation , I used the Yast ldap interface.
    And I can't create any users, because of authentication errors
    let me know if you need more info
    haven't done this on SLED yet (just SLES), but that shouldn't make much of a difference: During LDAP client setup, you're asked for admin credentials to be used to bind to the LDAP backend. Have you entered anything there (i.e. "uid=root,cn=digest-md5,cn=auth"), or did you select "anonymous mode" instead?

    When you set up the openLDAP server, you create some way to get write access to the server. Let's call that the "LDAP root account", and you'll have set up a password to go with that.

    When you use YaST, configured as an LDAP client, you'll have to have write access to the LDAP tree, which is why you'd need to specify the "dn" to use to bind to the LDAP server. You'll probably use the above "LDAP root account" for that (since I doubt you have created some different account in LDAP with the required permissions). Had you only wanted to use that SLED client to *validate* accounts, not to add them, you'd might configure to bind to the LDAP server anonymously in general (and for account password verification, the client would bind to the LDAP server using the current user's credentials).

    So what you probably are asked for, with your "ldapwhoami" invocation, is the password of the "*LDAP* root user", with hopefully a different password than your *Linux* root user.

    On the other hand, having had separately managed LDAP servers for ages, and only adding SLES client systems with anonymous bind since then, my above statements may be all nonsense.

    Regards,
    Jens
    From the times when today's "old school" was "new school"

    If you find this post helpful and are logged into the web interface, show your appreciation and click on the star below...

  8. #8

    Re: ldap SASL(-13): user not found: no secret in database

    Hello Jens,

    I don't think your statement could be nonsense, you probably/definitely know more then me.
    First I installed OpenLDAP manually and I could configure all the settings in slapd.conf, but that system got corrupted, so I have a new machine.
    I didn't want to make any mistakes so I used the yast installation (Ldap - server).
    Followed all the settings correctly and yes even put the password in.
    I didn't select anonymous mode.
    Just to be sure I even changed the ldap password with slappasswd.
    I only want to install ldap server and once it's setup , I need it to use for authentication with openvpn.
    here is a printscreen of my configuration.
    Thx openldap.png

  9. Re: ldap SASL(-13): user not found: no secret in database

    Hi ecanmaster,

    that's the *server* side of the game (the OpenLDAP server), how about the LDAP client configuration? (And it's that LDAP client setup where you may configure to contact the server anonymously, or will have to provide the "Administrator DN" from your screen shot and the password you set.)

    On SLES and OpenSUSE, YaST offers me "Network Services" - "LDAP Client" (right next to "LDAP Server"). I hope it's the same on SLED, or at least sufficiently similar.

    Regards,
    Jens
    From the times when today's "old school" was "new school"

    If you find this post helpful and are logged into the web interface, show your appreciation and click on the star below...

  10. #10

    Re: ldap SASL(-13): user not found: no secret in database

    Hi Jens,

    Excuse me for my ignorance, but do I need ldap client also?
    I checked the manuall for suse, but that wasn't mentioned...

    Cheers
    Last edited by ecanmaster; 28-Oct-2014 at 18:47.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •