Cant authenticate to LDAP domain with Redhat9
Steven D. Haughton
shaughto at ee.ucr.edu
Wed Jul 7 16:25:38 UTC 2004
I changed my system-auth file to look like the one Steve Rigler showed me.
So it has the line "password sufficient /lib/security/pam_ldap.so
use_authtok".
This is my system-auth file now:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
account [default=bad success=ok user_unknown=ignore
service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so
password required /lib/security/$ISA/pam_cracklib.so retry=3 type=
password sufficient /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
session optional /lib/security/$ISA/pam_ldap.so
Yet, I still can not log on as any users, only as root.
I am going to add the debug command to end of each line and see if that
sheds any light on the problem.
--
Steven
Faehl, Chris wrote:
>You don't reference ldap in your system-auth file. From the archives:
>#%PAM-1.0
>
>auth required /lib/security/pam_env.so
>auth sufficient /lib/security/pam_unix.so likeauth nullok
>auth sufficient /lib/security/pam_ldap.so use_first_pass
>auth required /lib/security/pam_deny.so
>
>account required /lib/security/pam_unix.so
>account sufficient /lib/security/pam_ldap.so
>
>password required /lib/security/pam_cracklib.so retry=3
>password sufficient /lib/security/pam_unix.so nullok md5 shadow
>use_authtok
>password required /lib/security/pam_deny.so
>
>session required /lib/security/pam_limits.so
>session required /lib/security/pam_unix.so
>session optional /lib/security/pam_ldap.so
>
>
>Add a line under "password sufficient /lib/security/pam_unix.so ..."
>that says:
>password sufficient /lib/security/pam_ldap.so use_authtok
>
>
>
>--
>Chris Faehl
>Hosting Manager, RightNow Technologies
>
>-----Original Message-----
>From: redhat-list-bounces at redhat.com
>[mailto:redhat-list-bounces at redhat.com] On Behalf Of Faehl, Chris
>Sent: Wednesday, July 07, 2004 8:45 AM
>To: General Red Hat Linux discussion list
>Subject: RE: Cant authenticate to LDAP domain with Redhat9
>
>
>Steven,
>
>Your file looks good (works on my test box). Thinking...
>
>--
>Chris Faehl
>Hosting Manager, RightNow Technologies
>
>-----Original Message-----
>From: redhat-list-bounces at redhat.com
>[mailto:redhat-list-bounces at redhat.com] On Behalf Of shaughto at ee.ucr.edu
>Sent: Tuesday, July 06, 2004 9:52 PM
>To: General Red Hat Linux discussion list
>Subject: Re: Cant authenticate to LDAP domain with Redhat9
>
>
>Hi, thanks for the reply.
>
>Here is my /etc/pam.d/sshd:
>
>#%PAM-1.0
>auth required pam_stack.so service=system-auth
>auth required pam_nologin.so
>account required pam_stack.so service=system-auth
>password required pam_stack.so service=system-auth
>session required pam_stack.so service=system-auth
>session required pam_limits.so
>session optional pam_console.so
>
>See it points to system-auth so it should work fine, correct?
>Please let me know if that looks right.
>Also I do not have a sshd.040706 file.
>Thanks for your help.
>
>--
>Steven
>
>
>
>
>>The problem's /etc/pam.d/sshd.
>>
>>cp /etc/pam.d/sshd /etc/pam.d/sshd.040706 && cp /etc/pam.d/system-auth
>>/etc/pam.d/sshd
>>
>>Problem should then be fixed (I burned several days on this - RedHat's
>>docs could use
>>some revision).
>>
>>--
>>Chris Faehl
>>Hosting Manager, RightNow Technologies
>>
>>
>>--
>>redhat-list mailing list
>>unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>https://www.redhat.com/mailman/listinfo/redhat-list
>>
>>
>>
>>
>
>
>
>
More information about the redhat-list
mailing list