Cant authenticate to LDAP domain with Redhat9

shaughto shaughto at ee.ucr.edu
Fri Jul 2 01:23:35 UTC 2004 

Thanks for the response...

I have tried authconfig and authconfig-gtk, however they did not work.  In
fact when I tried to log on after using those programs I could not log in as
root, nor any users.  I noticed that authconfig modified some of the LDAP
config files, I believe it was /etc/pam.d/system-auth.  I simply copied back
my original config files, which is /etc/ldap.conf, /etc/nsswitch.conf,
/etc/autofs/auto.master, /etc/ssl/certs/eeca.pem, and
/etc/pam.d/system-auth.
With those files back to my setting I can once log on as root.

Hmm, what files does authconfig modify?  Maybe I can modify them by hand
(through vi).

Thanks again for the response.

----- Original Message ----- 
From: "Rigler, Steve" <SRigler at MarathonOil.com>
To: "General Red Hat Linux discussion list" <redhat-list at redhat.com>
Sent: Thursday, July 01, 2004 5:36 PM
Subject: RE: Cant authenticate to LDAP domain with Redhat9


Try running "authconfig" and set up your LDAP configuration
that way.

-Steve


-----Original Message-----
From: redhat-list-bounces at redhat.com on behalf of Steven D. Haughton
Sent: Thu 7/1/2004 5:56 PM
To: redhat-list at redhat.com
Subject: Cant authenticate to LDAP domain with Redhat9

Hi,


I'm new to ldap and fairly new to linux as well so bare with me.....


I've recently installed Red Hat 9 over Gentoo due to some commerical
software support. My problem is that I can not get Red Hat to
authenticate to the ldap domain.
Here is the current ldap software I have installed:

[root at hostname root]# rpm -qa | grep ldap
openldap-2.0.27-8
openldap-clients-2.0.27-8
nss_ldap-202-5
openldap-devel-2.0.27-8
openldap-servers-2.0.27-8
php-ldap-4.2.2-17.2

Here is current openssl:
[root at hostname root]# rpm -qa | grep openssl
openssl-0.9.7a-20.2
openssl-perl-0.9.7a-20.2
openssl096b-0.9.6b-15
openssl-devel-0.9.7a-20.2
openssl096-0.9.6-25.9

I also have autofs installed and running.
I have copied the exact files for /etc/ldap.conf, /etc/nsswitch.conf,
/etc/pam.d/system_auth, and /etc/ssl/certs/eeca.pem, and
/etc/autofs/auto.master
which work on other linux computers (Mainly Gentoo.... and 2 redhat9
computers).
I also copied ldap.conf into /etc/openldap/ldap.conf and copied
/etc/autofs/auto.master to /etc/auto.master.

So my config files must be correct if they work on other computers...
Leaving me to believe that there must be extra config files on Redhat
that I must setup.
I took out the hostname and domain names in the following test.

Test:
[root@"hostname" root]# ssh -ltestuser "hostname"
testuser@"hostname's" password:
Permission denied, please try again.

Log file:
sshd(pam_unix)[14275]: check pass; user unknown
sshd(pam_unix)[14275]: authentication failure; logname= uid=0 euid=0
tty=NODEVssh ruser= rhost="hostname"."**"."***".edu
sshd(pam_unix)[14275]: check pass; user unknown
sshd(pam_unix)[14275]: 1 more authentication failure; logname= uid=0
euid=0 tty=NODEVssh ruser= rhost="hostname"."**"."***".edu

Any Ideas on how to resolve this issue? Thanks.

Also here is some more info on the problem.
When I run ldapsearch i get this...

[root at blochEE root]# ldapsearch -x -b "dc=ee,dc=ucr,dc=edu" uid=grad-adm
version: 2

#
# filter: uid=grad-adm
# requesting: ALL
#

# grad-adm, People, ee, ucr, edu
dn: uid=grad-adm,ou=People,dc=ee,dc=ucr,dc=edu
uid: grad-adm
cn: Graduate Affairs
sn: Affairs
mail: grad-adm at ee.ucr.edu <mailto:grad-adm at ee.ucr.edu>
labeledURI: http://www.ee.ucr.edu/~grad-adm
<http://www.ee.ucr.edu/%7Egrad-adm>
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
loginShell: /bin/bash
uidNumber: 30501
gidNumber: 402
homeDirectory: /home/eemisc/grad-adm
gecos: Graduate Affairs

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
[root at blochEE root]#


And when I get this running getent:
[root at blochEE root]# getent passwd grad-adm
grad-adm:x:30501:402:Graduate Affairs:/home/eemisc/grad-adm:/bin/bash
[root at blochEE root]#

 From my understandings it looks like the client can communicate ok with
the server, so I am at a loss as to why I can not login using users on
the ldap server?


If you need any more info. please let me know and I'll be happy to
provide it.
Any responses will be most appreciated.
Thank you.


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list




-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=subscribe
https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list