Repair of ldap pam xdm login after disk crash

Peter Fodrek peter.fodrek at gmail.com
Thu Feb 2 14:45:01 UTC 2017 

Dear PAM experts,

I am not to find out cause of problem during repair system with originaly
placed

/boot
/home
/opt
/srv
/tmp
/usr/src
and
/var

directories on crashed RAID controller bus.

I was able to recover system to boot and other things to work exceot one

PAM based xdm, ssh login using remote  LDAPS server and It worked before
RAID crash

My state if art is

that

ldapsearch works well in both cases binded to rxisting user or annonymous
user as well

but

pamtester  ldap  fodrek authenticate  open_session


pamtester  nss  fodrek authenticate  open_session

as well as

pamtester  sss fodrek authenticate  open_session

results in same output

dap_msgfree
pamtester: successfully authenticated
(rdconf1.c:154): You do not exist? fodrek? Success.
(pam_mount.c:598): error expanding configuration
ldap_unbind
ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 4
  0000:  30 05 02 01 05 42 00                               0....B.

tls_write: want=36, written=36
  0000:  ....          PS.v
ldap_write: want=7, written=7
  0000: ....B.
tls_write: want=31, written=31
  0000:  .....
      ...i.9....F..;A
ldap_free_connection: actually freed
tls_write: want=31 error=Bad file descriptor

pamtester: Insufficient credentials to access authentication data

If I do not place open_session in the command last line of output is missing

same ctedential missing output is for acct_mgmt
and  chauthtook and authenticate are only operations that works.


Is there anybody who us able to send me any recommendation, what am I to
check
to get  PAM to work here,please?

LDAP server is external server

usage of

pam-auth-update --force

only allow me to get system into logging with unix authentofication method
but automatic logout  after several seconds
when  I disable  AFS session mamagement on Ubuntu 16.10 system

But I am not able to log in using LDAP account in thos case,too.


Originally there were system configured to use both PAM for log and SASL
for Subversion repository access control.


Thank you for any answer

I look forward hearing from you

Yours faithfully


Peter Fodrek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20170202/c36b31e6/attachment.htm>

More information about the Pam-list mailing list