Cant authenticate to LDAP domain with Redhat9

Steven shaughto at ee.ucr.edu
Wed Jul 7 21:48:19 UTC 2004 

Hi,

I do have /lib/security/pam_ldap.so.  Also here is the following info:

[root at blochee root]# cd /lib/security/
[root at blochee security]# ls
pam_access.so    pam_krb5.so       pam_rhosts_auth.so  pam_unix_auth.so
pam_chroot.so    pam_lastlog.so    pam_rootok.so       pam_unix_passwd.so
pam_console.so   pam_ldap.so       pam_securetty.so    pam_unix_session.so
pam_cracklib.so  pam_limits.so     pam_shells.so       pam_unix.so
pam_deny.so      pam_listfile.so   pam_smb_auth.so     pam_userdb.so
pam_env.so       pam_localuser.so  pam_smbpass.so      pam_warn.so
pam_filter       pam_mail.so       pam_stack.so        pam_wheel.so
pam_filter.so    pam_mkhomedir.so  pam_stress.so       pam_winbind.so
pam_ftp.so       pam_motd.so       pam_tally.so        pam_xauth.so
pam_group.so     pam_nologin.so    pam_time.so
pam_issue.so     pam_permit.so     pam_timestamp.so
pam_krb5afs.so   pam_pwdb.so       pam_unix_acct.so

[root at blochee security]# rpm -V nss_ldap
S.5....T c /etc/ldap.conf
[root at blochee security]#


Maybe there is a problem with pam_ldap.so?
Thanks again for your help.

--
Steven

Rigler, Steve wrote:

>You're looking at the right log file.
>
>I've been trying to duplicate your problem on a spare machine
>here and the only way I've been able to do it is if I rename
>/lib/security/pam_ldap.so.  In this case, these are the
>messages I get:
>
>Jul  7 14:53:03 houuc9 sshd(pam_unix)[17393]: check pass; user unknown
>Jul  7 14:53:03 houuc9 sshd(pam_unix)[17393]: authentication failure;
>logname= u
>id=0 euid=0 tty=NODEVssh ruser= rhost=houuc8
>Jul  7 14:53:15 houuc9 sshd(pam_unix)[17393]: check pass; user unknown
>Jul  7 14:53:19 houuc9 sshd(pam_unix)[17393]: check pass; user unknown
>Jul  7 14:53:22 houuc9 sshd(pam_unix)[17393]: 2 more authentication
>failures; lo
>gname= uid=0 euid=0 tty=NODEVssh ruser= rhost=houuc8
>
>I can still do "getent passwd" because I still have /lib/libnss_ldap*,
>but obviosuly logins are broken.
>
>So I'm wondering if this might be the case for you.  Do you have
>/lib/security/pam_ldap.so?  And what does "rpm -V nss_ldap" 
>give you?
>
>-Steve
>
>-----Original Message-----
>From: redhat-list-bounces at redhat.com
>[mailto:redhat-list-bounces at redhat.com] On Behalf Of Steven D. Haughton
>Sent: Wednesday, July 07, 2004 11:45 AM
>To: General Red Hat Linux discussion list
>Subject: Re: Cant authenticate to LDAP domain with Redhat9
>
>I added the debug line to my system-auth.  It now looks like this:
>
>#%PAM-1.0
># This file is auto-generated.
># User changes will be destroyed the next time authconfig is run.
>auth        required      /lib/security/$ISA/pam_env.so
>auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
>auth        sufficient    /lib/security/$ISA/pam_ldap.so debug 
>use_first_pass
>auth        required      /lib/security/$ISA/pam_deny.so
>
>account     required      /lib/security/$ISA/pam_unix.so
>account     [default=bad success=ok user_unknown=ignore 
>service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so
>debug
>
>password    required      /lib/security/$ISA/pam_cracklib.so retry=3
>type=
>password    sufficient    /lib/security/$ISA/pam_unix.so nullok 
>use_authtok md5 shadow
>password    sufficient    /lib/security/$ISA/pam_ldap.so debug
>use_authtok
>password    required      /lib/security/$ISA/pam_deny.so
>
>session     required      /lib/security/$ISA/pam_limits.so
>session     required      /lib/security/$ISA/pam_unix.so
>session     optional      /lib/security/$ISA/pam_ldap.so debug
>
>
>This is the messages I get in /var/log/messages when I try logging in:
>
>Jul  7 09:37:36 blochee sshd(pam_unix)[19078]: check pass; user unknown
>Jul  7 09:37:36 blochee sshd(pam_unix)[19078]: authentication failure; 
>logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=blochee.ee.ucr.edu
>Jul  7 09:37:52 blochee sshd(pam_unix)[19078]: check pass; user unknown
>Jul  7 09:38:15 blochee sshd(pam_unix)[19078]: check pass; user unknown
>Jul  7 09:38:27 blochee sshd(pam_unix)[19078]: 2 more authentication 
>failures; logname= uid=0 euid=0 tty=NODEVssh ruser= 
>rhost=blochee.ee.ucr.edu
>
>It seems to me that no new information was outputed using the debug 
>command...
>Am I looking at the right log file?
>
>On the machines that work I get this for "getent passwd" and "getent 
>shadow":
>I picked one user at random cause if I put "getent passwd" the list 
>would be to long.
>
>Computers that work in ldap:
>[root at kona root]# getent shadow pfu
>pfu:x:::::::0
>[root at kona root]# getent passwd pfu
>pfu:x:15002:403:Peilin Fu:/home/eeres/pfu:/bin/bash
>
>Computer that does not work in ldap:
>[root at blochee root]# getent passwd pfu
>pfu:x:15002:403:Peilin Fu:/home/eeres/pfu:/bin/bash
>[root at blochee root]# getent shadow pfu
>pfu:x:::::::0
>
>They are the same so it looks like it can read the ldap info ok.
>
>--
>Steven
>
>
>
>  
>

More information about the redhat-list mailing list