Cant authenticate to LDAP domain with Redhat9

shaughto shaughto at ee.ucr.edu
Sat Jul 3 01:48:15 UTC 2004 

Hi,

The only significant difference I see between your system_auth and mine is
the /$ISA/.  Also you have an extra line for pam_ldap.so
Well here is my system_auth.  Also this is the same system_auth that works
on other computers... but I may need to modify it to work for redhat 9?


#%PAM-1.0

auth       required     /lib/security/pam_env.so
auth       sufficient   /lib/security/pam_unix.so likeauth nullok
auth       sufficient    /lib/security/pam_ldap.so use_first_pass
auth       required     /lib/security/pam_deny.so

account    required     /lib/security/pam_unix.so
account    sufficient    /lib/security/pam_ldap.so

password   required     /lib/security/pam_cracklib.so retry=3
password   sufficient   /lib/security/pam_unix.so nullok md5 shadow
use_authtok
password   required     /lib/security/pam_deny.so

session    required     /lib/security/pam_limits.so
session    required     /lib/security/pam_unix.so
session    optional      /lib/security/pam_ldap.so

Is the $ISA necessary? And how about extra line for pam_ldap.so?
I'll give it a shot and see if it makes a difference.  Thanks.

--
Steven

----- Original Message ----- 
From: "Rigler, Steve" <SRigler at MarathonOil.com>
To: "General Red Hat Linux discussion list" <redhat-list at redhat.com>
Sent: Friday, July 02, 2004 1:14 PM
Subject: RE: Cant authenticate to LDAP domain with Redhat9


> Your ldapsearch and getent look fine.  Do you have anything for
> shadow in your nsswitch.conf?
>
> For the pam stuff, start by looking at your system-auth file.
> This is how it looks on a RH9 box as configured by authconfig:
>
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth        required      /lib/security/$ISA/pam_env.so
> auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
> auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
> auth        required      /lib/security/$ISA/pam_deny.so
>
> account     required      /lib/security/$ISA/pam_unix.so
> account     [default=bad success=ok user_unknown=ignore
> service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so
>
> password    required      /lib/security/$ISA/pam_cracklib.so retry=3
> type=
> password    sufficient    /lib/security/$ISA/pam_unix.so nullok
> use_authtok md5
> shadow
> password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
> password    required      /lib/security/$ISA/pam_deny.so
>
> session     required      /lib/security/$ISA/pam_limits.so
> session     required      /lib/security/$ISA/pam_unix.so
> session     optional      /lib/security/$ISA/pam_ldap.so
>
> -Steve
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Steven D. Haughton
> Sent: Friday, July 02, 2004 11:01 AM
> To: General Red Hat Linux discussion list
> Subject: Re: Cant authenticate to LDAP domain with Redhat9
>
> Hi,
> Thanks for the clarification.  Those authconfig files were bothering me.
> Ok, I did an ldapsearch and getent and they work fine (from what I can
> tell).
>
> Output:
>
> [root at blochee /]# ldapsearch -x -b "dc=ee,dc=ucr,dc=edu" uid=grad-adm
> version: 2
>
> #
> # filter: uid=grad-adm
> # requesting: ALL
> #
>
> # grad-adm, People, ee, ucr, edu
> dn: uid=grad-adm,ou=People,dc=ee,dc=ucr,dc=edu
> uid: grad-adm
> cn: Graduate Affairs
> sn: Affairs
> mail: grad-adm at ee.ucr.edu
> labeledURI: http://www.ee.ucr.edu/~grad-adm
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> loginShell: /bin/bash
> uidNumber: 30501
> gidNumber: 402
> homeDirectory: /home/eemisc/grad-adm
> gecos: Graduate Affairs
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
> [root at blochee /]# getent passwd grad-adm
> grad-adm:x:30501:402:Graduate Affairs:/home/eemisc/grad-adm:/bin/bash
>
> Should I test ldapsearch with  some different commands?
> Also I tried logging in on virtual consoles with no luck (only root
> works). = (
> You said that if ldapsearch and getent work then I should focus on
> pam....
> how would I go about testing pam?
>
> Thanks again for all your help.
>
> --
> Steven
>
>
>
>
>
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>

More information about the redhat-list mailing list