oops: FC2 authentication with Active Directory

fedora list fedoralist at parkerhouse.homeunix.org
Sun Oct 31 14:06:01 UTC 2004 

I realized that I sent this email as html.  I'll try it again for those who use text email viewers.

Is this a text only mail list?

________________________________________
From: fedora-list-bounces at redhat.com [mailto:fedora-list-bounces at redhat.com] On Behalf Of fedora list
Sent: Saturday, October 30, 2004 11:44 PM
To: fedora-list at redhat.com
Subject: FC2 authentication with Active Directory

Setup:
FC2 on a workstation will all updates.
2 servers running Winblows server 2003 will all updates.

Problem:
I can't for the life of me figure out why I can't authenticate.  I see Kerberos authenticates successfully, but nss_ldap cannot connect to the LDAP server.  I guess it can't query LDAP to see what my UID is and fails on the uid < 100 for pam_unix.

I modified the PAM files, ldap.conf, and krb5.conf files.
Here are some excerpts from some log files.
Secure:
Oct 28 15:26:42 jparker-dfc2 login[3783]: pam_succeed_if: requirement "uid < 100" not met by user "jparker"
Oct 28 15:27:06 jparker-dfc2 login[30256]: pam_succeed_if: requirement "uid < 100" not met by user "jparker"

Messages:
Oct 28 15:26:41 jparker-dfc2 login(pam_unix)[3783]: authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=  user=jparker
Oct 28 15:26:42 jparker-dfc2 login[3783]: pam_krb5[3783]: authentication succeeds for 'jparker' (jparker at KBM1.LOC)
Oct 28 15:26:42 jparker-dfc2 login[3783]: nss_ldap: could not search LDAP server - Operations error
Oct 28 15:26:42 jparker-dfc2 login[3783]: nss_ldap: could not search LDAP server - Operations error
Oct 28 15:26:42 jparker-dfc2 login[3783]: pam_ldap: ldap_search_s Operations error
Oct 28 15:26:42 jparker-dfc2 pam_winbind[3783]: user 'jparker' granted acces
Oct 28 15:26:42 jparker-dfc2 login[3783]: nss_ldap: could not search LDAP server - Operations error
Oct 28 15:26:42 jparker-dfc2 login(pam_unix)[3783]: session opened for user jparker by LOGIN(uid=0)
Oct 28 15:26:42 jparker-dfc2 login[3783]: Permission denied

I'm looking for any and all suggestions.  Short of passwords and such, I'll post whatever you need.

More information about the fedora-list mailing list