Hallo Holger,
die Anmeldung an horde3, mrbs, portfolio (auf dem server) und cloud (nicht auf dem server) scheitert nach wie vor.
Anmeldung an den Clients ebenfalls (Stand gestern Nachmittag)
syslog beim Anmeldeversuch an horde:
Apr 5 09:06:10 server cyrus/pop3s[7736]: counts: retr=<0> top=<0> dele=<0>
Apr 5 09:06:13 server master[7740]: about to exec /usr/lib/cyrus/bin/imapd
Apr 5 09:06:13 server cyrus/imap[7740]: executed
Apr 5 09:06:13 server cyrus/imap[7740]: accepted connection
Apr 5 09:06:16 server cyrus/imap[7740]: badlogin: server.paedml-linux.lokal [10 .16.1.1] PLAIN [SASL(-13): authentication failure: Password verification failed]
hier die slapd.conf
>> #####
> > #####
> > #####
> > # $Id: slapd.conf 1334 2012-07-20 12:03:39Z tschmitt $
> > #######################################################################
> > #
> > # Global Directives:
> >
> > # Features to permit
> > #allow bind_v2
> >
> > # Schema and objectClass definitions
> > include /etc/ldap/schema/core.schema
> > include /etc/ldap/schema/cosine.schema
> > include /etc/ldap/schema/misc.schema
> > include /etc/ldap/schema/nis.schema
> > include /etc/ldap/schema/inetorgperson.schema
> > include /etc/ldap/schema/samba.schema
> > include /etc/ldap/schema/sophomorix.schema
> >
> > # Schema check allows for forcing entries to
> > # match schemas for their objectClasses's
> > #schemacheck on
> >
> > # Where the pid file is put. The init.d script
> > # will not stop the server if you change this.
> > pidfile /var/run/slapd/slapd.pid
> >
> > # List of arguments that were passed to the server
> > argsfile /var/run/slapd/slapd.args
> >
> > # Read slapd.conf(5) for possible values
> > loglevel 0
> >
> > # Where the dynamically loaded modules are stored
> > modulepath /usr/lib/ldap
> > moduleload back_hdb
> >
> > # The maximum number of entries that is returned for a search operation
> > sizelimit unlimited
> >
> > # use passwords encrypted with ssha
> > password-hash {SSHA}
> >
> > #######################################################################
> > # Specific Backend Directives for bdb:
> > # Backend specific directives apply to this backend until another
> > # 'backend' directive occurs
> > backend hdb
> >
> > #######################################################################
> > # Specific Directives for database #1, of type sql:
> > # Database specific directives apply to this databasse until another
> > # 'database' directive occurs
> > database hdb
> >
> > #LDAP Suffix
> > suffix "dc=paedml-linux,dc=lokal"
> >
> > #LDAP Admin
> > rootdn "cn=admin,dc=paedml-linux,dc=lokal"
> > rootpw xxxxxxxxxxx
> >
> > # Where the database file are physically stored for database #1
> > directory "/var/lib/ldap"
> >
> > # The dbconfig settings are used to generate a DB_CONFIG file the first
> > # time slapd starts. They do NOT override existing an existing DB_CONFIG
> > # file. You should therefore change these settings in DB_CONFIG directly
> > # or remove DB_CONFIG and restart slapd for changes to take effect.
> >
> > # For the Debian package we use 2MB as default but be sure to update this
> > # value if you have plenty of RAM
> > dbconfig set_cachesize 0 2097152 0
> >
> > # Sven Hartge reported that he had to set this value incredibly high
> > # to get slapd running at all. See http://bugs.debian.org/303057 for more
> > # information.
> >
> > # Number of objects that can be locked at the same time.
> > dbconfig set_lk_max_objects 1500
> > # Number of locks (both requested and granted)
> > dbconfig set_lk_max_locks 1500
> > # Number of lockers
> > dbconfig set_lk_max_lockers 1500
> >
> > # Indexing options for database #1
> > index objectClass,uid,uidNumber,gidNumber,memberUid eq
> > index cn,mail,surname,givenname eq,subinitial
> > index sambaSID eq
> > index sambaPrimaryGroupSID eq
> > index sambaDomainName eq
> >
> > # Save the time that the entry gets modified, for database #1
> > lastmod on
> >
> > # Checkpoint the BerkeleyDB database periodically in case of system
> > # failure and to speed slapd shutdown.
> > checkpoint 512 30
> >
> > #######################################################################
> > #Limits Access:
> > access to attrs=sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaPwdMustChange,sambaAcctFlags,userPassword
> > by anonymous peername.ip=10.16.1.254 auth
> > by anonymous peername.ip=10.16.1.1 auth
> > by anonymous peername.ip=XXX.XXX.XXX.XXX auth -> das ist die Cloud. IP stimmte
> > by anonymous peername.ip=127.0.0.1 auth
> > by anonymous peername.ip=129.143.228.4 auth
> > by anonymous peername.ip=10.16.1.20 auth
> > by anonymous peername.ip=10.16.1.11 auth
> > by anonymous peername.ip=10.16.1.23 auth
> > by anonymous ssf=56 auth
> > by self peername.ip=127.0.0.1 write
> > by self ssf=56 write
> > by * none
> >
> > access to *
> > by * read
> >
> > #######################################################################
> > # TLS:
> > #TLSCipherSuite HIGH:MEDIUM:+SSLv2
> > TLSCACertificateFile /etc/ssl/private/server.pem
> > TLSCertificateFile /etc/ssl/private/server.pem
> > TLSCertificateKeyFile /etc/ssl/private/server.pem
> >
> > # Use the following if client authentication is required
> > #TLSVerifyClient demand
> > # ... or not desired at all
> > #TLSVerifyClient never
> >
> > #The cachesize directive defines the number of entries that the LDAP backend will maintain in memory
> > #cachesize 10000
Genug Platz ist jetzt wieder:
df -h:
Dateisystem Größe Benutzt Verf. Verw% Eingehängt auf
/dev/vda2 16G 3,4G 12G 23% /
udev 12G 12K 12G 1% /dev
tmpfs 2,3G 1,7M 2,3G 1% /run
none 5,0M 0 5,0M 0% /run/lock
none 12G 0 12G 0% /run/shm
/dev/vdb1 673G 349G 291G 55% /media/backup/migration-backup
/dev/vda1 453M 59M 368M 14% /boot
/dev/sdb 395G 196G 179G 53% /var
/dev/sda 404G 151G 233G 40% /home
/dev/sdc 9,1G 21M 8,6G 1% /var/spool/cups
10.16.1.5:/rsnapshot-server 3,6T 389G 3,3T 11% /media/backup/rsnapshot-migration
Ändere ich das Passwort für einen User, geht die Anmeldung an Horde, mrbs etc. und an der Cloud.
(Anmeldung am Client kann ich im Moment nicht testen)
Kann man hier einen Anhang mitschicken. Wenn ja, hänge ich noch die Ausgabe des syslog zum ldap an.
ldap-log.odt (26,0 KB)
Viele Grüße
Christian