[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Need help with Sun pam_ldap



Has anyone used the Sun pam_ldap in Solaris 9?

I can't get it to work with their in.ftpd (actually the wu-ftpd
behiond a Sunscreen).

Here's my pam.conf:
    ftp     auth requisite          pam_authtok_get.so.1 debug
    ftp     auth required           pam_dhkeys.so.1 debug
    ftp     auth required           pam_ldap.so.1 debug
    ftp     account requisite       pam_roles.so.1
    ftp     account required        pam_projects.so.1
    ftp     account required        pam_ldap.so.1
    ftp     session required        pam_ldap.so.1
    ftp     password required       pam_dhkeys.so.1
    ftp     password requisite      pam_authtok_get.so.1
    ftp     password requisite      pam_authtok_check.so.1
    ftp     password required       pam_authtok_store.so.1

(I copied the "other" and replaced the pam_unix*.so with pam_ldap).

Here's my ldap entry (don't worry, nothing secret -- test entry):
    dn: uid=gary,ou=People,dc=support,dc=Ulticom,dc=com
    loginShell: /bin/ksh
    sn: Algier
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    objectClass: inetOrgPerson
    objectClass: posixaccount
    cn: Gary Algier
    givenName: Gary
    uid: gary
    ou: Information Technologies
    uidNumber: 402
    gidNumber: 1102
    gecos: Gary Algier
    homeDirectory: /private/gary
    l: Mt. Laurel
    roomNumber: 1020 K-8
    userPassword:: e2NyeXB0fWUxcE9aY1l6WjkvdS4=

My syslog shows (after adding debug as a severity):
Aug  8 15:37:05 eye ftpd[1449]: [ID 745051 auth.debug] PAM[1449]: pam_authenticate(5e698, 1): error No account present for user

I even wrote a simple "pamtest" executable and got:
% ./pamtest ftp gary howell
pamtest: pam error: No account present for user

What does it mean "No account"?

The regular mechanisms for defining users seems to be working ok as
the logins program finds me:

% logins -xol gary
gary:402::1102:Gary Algier:/private/gary:/bin/ksh:LK:010170:0:0:0

I have successfully used the pam_ldap_ntlm module with Solaris 8, but
I have a Solaris 9 system that I need to use the vendor supplied tools.

Can anyone shed some light?


-- Gary Algier, WB2FWZ gaa at ulticom.com +1 856 787 2758 Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []