Cant authenticate to LDAP domain with Redhat9

Steven D. Haughton shaughto at ee.ucr.edu
Wed Jul 7 16:25:38 UTC 2004 

I changed my system-auth file to look like the one Steve Rigler showed me.
So it has the line "password sufficient /lib/security/pam_ldap.so 
use_authtok".
This is my system-auth file now:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so
account     [default=bad success=ok user_unknown=ignore 
service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so

password    required      /lib/security/$ISA/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/$ISA/pam_unix.so nullok 
use_authtok md5 shadow
password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_ldap.so
session     optional      /lib/security/$ISA/pam_ldap.so

Yet, I still can not log on as any users, only as root.
I am going to add the debug command to end of each line and see if that 
sheds any light on the problem.

--
Steven

Faehl, Chris wrote:

>You don't reference ldap in your system-auth file. From the archives:
>#%PAM-1.0
>
>auth       required     /lib/security/pam_env.so
>auth       sufficient   /lib/security/pam_unix.so likeauth nullok
>auth       sufficient    /lib/security/pam_ldap.so use_first_pass
>auth       required     /lib/security/pam_deny.so
>
>account    required     /lib/security/pam_unix.so
>account    sufficient    /lib/security/pam_ldap.so
>
>password   required     /lib/security/pam_cracklib.so retry=3
>password   sufficient   /lib/security/pam_unix.so nullok md5 shadow
>use_authtok
>password   required     /lib/security/pam_deny.so
>
>session    required     /lib/security/pam_limits.so
>session    required     /lib/security/pam_unix.so
>session    optional      /lib/security/pam_ldap.so
>
>
>Add a line under "password sufficient /lib/security/pam_unix.so ..."
>that says:
>password    sufficient    /lib/security/pam_ldap.so use_authtok
>
>
>
>--
>Chris Faehl
>Hosting Manager, RightNow Technologies
>
>-----Original Message-----
>From: redhat-list-bounces at redhat.com
>[mailto:redhat-list-bounces at redhat.com] On Behalf Of Faehl, Chris
>Sent: Wednesday, July 07, 2004 8:45 AM
>To: General Red Hat Linux discussion list
>Subject: RE: Cant authenticate to LDAP domain with Redhat9
>
>
>Steven,
>
>Your file looks good (works on my test box). Thinking...
>
>--
>Chris Faehl
>Hosting Manager, RightNow Technologies
>
>-----Original Message-----
>From: redhat-list-bounces at redhat.com
>[mailto:redhat-list-bounces at redhat.com] On Behalf Of shaughto at ee.ucr.edu
>Sent: Tuesday, July 06, 2004 9:52 PM
>To: General Red Hat Linux discussion list
>Subject: Re: Cant authenticate to LDAP domain with Redhat9
>
>
>Hi, thanks for the reply.
>
>Here is my /etc/pam.d/sshd:
>
>#%PAM-1.0
>auth       required     pam_stack.so service=system-auth
>auth       required     pam_nologin.so
>account    required     pam_stack.so service=system-auth
>password   required     pam_stack.so service=system-auth
>session    required     pam_stack.so service=system-auth
>session    required     pam_limits.so
>session    optional     pam_console.so
>
>See it points to system-auth so it should work fine, correct?
>Please let me know if that looks right.
>Also I do not have a sshd.040706 file.
>Thanks for your help.
>
>--
>Steven
>
>
>  
>
>>The problem's /etc/pam.d/sshd.
>>
>>cp /etc/pam.d/sshd /etc/pam.d/sshd.040706 && cp /etc/pam.d/system-auth
>>/etc/pam.d/sshd
>>
>>Problem should then be fixed (I burned several days on this - RedHat's
>>docs could use
>>some revision).
>>
>>--
>>Chris Faehl
>>Hosting Manager, RightNow Technologies
>>
>>
>>--
>>redhat-list mailing list
>>unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>https://www.redhat.com/mailman/listinfo/redhat-list
>>
>>
>>    
>>
>
>
>  
>

More information about the redhat-list mailing list