[Fedora-directory-users] PAM pass through & ENTRY problem

Richard Megginson rmeggins at redhat.com
Thu Jan 4 16:28:14 UTC 2007 

Stipl, Stepan wrote:
> Hi,
> 	I'm currently playing with Fedora DS - and I really like it :).
>
> problem: I'm trying to use PAM pass through plugin -> pam_krb5 -> Active Directory/Kerberos
>
> I'm able t get this working fine, with pamIDMapMethod set to RDN, but not set to ENTRY with apropriate pamIDAttr set.
>
> With disabled PAM PT plugin, I'm able to do simple bind to given object.
>
> With enabled PAM PT plugin, set to RDN I'm able to do bind with password stored in Kerberos, and with allowed pamFallback also with password stored in Fedora DS.
>
> And finally with PAM PT plugin enabled and set to ENTRY and attribute specified in pamIDAttr - I'm unable to do bind with Kerberos password, only with simple bind pass. stored in Fedora DS if pamFallback is enabled.
>
> errors log with debuglevel set for plugins debugging:
>
> [04/Jan/2007:11:13:40 +0100] pam_passthru-plugin - => pam_passthru_bindpreop
> [04/Jan/2007:11:13:40 +0100] - allow_operation: component identity is NULL
> [04/Jan/2007:11:13:40 +0100] pam_passthru-plugin - Could not find BIND dn cn=xxx,ou=users,dc=xxx,dc=com (error 32 - No such object)
> [04/Jan/2007:11:13:40 +0100] pam_passthru-plugin - Bind DN [cn=xxx,ou=users,dc=xxx,dc=com] is invalid or not found
> [04/Jan/2007:11:13:40 +0100] pam_passthru-plugin - <= handled (error 32 - No such object)
>
> The message looks strange to me, because bind DN cn=xxx,ou=users,dc=xxx,dc=com exists and I'm able to do bind to it with password stored in Fedora DS.
> So please if you see where I'm wrong or have any ideas, suggestion please help, if I won't be able to solve this, it'll unfortunatey prevent me from deploying Fedora DS :(.
>   
What version of Fedora DS are you using?  1.0.4 should work - earlier 
versions had problems with the ENTRY method.  Can you post your pam 
passthru plugin configuration entry, and an example of your user entry, 
being careful to obscure sensitive information?
> thanks,
>
> .stepan
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070104/1eec4617/attachment.bin>

More information about the Fedora-directory-users mailing list