Cant authenticate to LDAP domain with Redhat9

Steven shaughto at ee.ucr.edu
Fri Jul 9 03:50:12 UTC 2004 

Ok, I wanted to check with my boss before messing with the ldap server. So I
asked him; he said that there is nothing wrong with the server.  He then
proceeded to take a quick look at the "server which is pissing me off" and
said that in order for pam_ldap.so to work I need ssh 3.7 or higher.

I thought to myself, finally, maybe this is the answer, since I had openssh
3.5.  Anyways I proceed to install rpms of openssh 3.7.1p2-1 and its
dependencies.  Here is the specifics:

[root at blochee root]# rpm -qa | grep ssh
openssh-askpass-3.7.1p2-1
openssh-3.7.1p2-1
openssh-clients-3.7.1p2-1
openssh-server-3.7.1p2-1
openssh-askpass-gnome-3.7.1p2-1
[root at blochee root]#

I made sure to check my /etc/ssh/ssh_config and my /etc/ssh/sshd_config and
modified anything that was not correct.  Anyways to my dismay this did NOT
WORK.  However, my login error does give a new line of information in my
/log/messages file. Here it is:

Jul  8 20:20:57 blochee sshd(pam_unix)[21476]: check pass; user unknown
Jul  8 20:20:57 blochee sshd(pam_unix)[21476]: authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=spidey.ee.ucr.edu
Jul  8 20:20:59 blochee sshd[21474]: error: PAM: Authentication failure
Jul  8 20:21:03 blochee sshd(pam_unix)[21477]: check pass; user unknown
Jul  8 20:21:03 blochee sshd(pam_unix)[21477]: authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=spidey.ee.ucr.edu
Jul  8 20:21:05 blochee sshd[21474]: error: PAM: Authentication failure

What I now get that I did not have before is the line with "error: PAM:
Authentication failure".
If I am understanding this correctly this means that pam_ldap.so is getting
called now.... Am I correct in my assumption?
This is good because before I update ssh I did not get that error so it look
like pam-ldap.so was not working at all.
Does this shed any light onto my problem?  Maybe my ssh config files are not
set correctly?
If you still think I need to look at the ldap server log files I will.

BTW, On the other redhat servers they run with openssh 3.5.1 and they
work......
Thanks for everybodies help on this problem.
--
Steven

----- Original Message ----- 
From: "Rigler, Steve" <SRigler at MarathonOil.com>
To: "General Red Hat Linux discussion list" <redhat-list at redhat.com>
Sent: Thursday, July 08, 2004 4:30 AM
Subject: RE: Cant authenticate to LDAP domain with Redhat9


> Assuming this is OpenLDAP and logging is set to a decent level
> (see the "loglevel" directive in the slapd.conf and read
> "man slapd.conf" to find out what the different loglevels do),
> you can find out where it is doing logging by looking for
> "local4.*" in the /etc/syslog.conf.
>
> Logging might not be turned on.  I usually only turn it on when
> I'm trying to debug a problem (which requires a restart of slapd).
>
> -Steve
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Steven
> Sent: Wednesday, July 07, 2004 7:05 PM
> To: General Red Hat Linux discussion list
> Subject: Re: Cant authenticate to LDAP domain with Redhat9
>
> I can log in as root to my ldap server....
> My boss set up the ldap domain so I really have not spent much time in
> that server.
> I looked for the log files, but cannot find them...  The usually
> var/log/messages file is empty.
> Where should I look for some log files pertaining to the ldap info I
> seek?
>
> --
> Steven
>
> Rigler, Steve wrote:
>
> >Do you have access to look at the logs on your directory
> >server?
> >
> >-Steve
> >
> >-----Original Message-----
> >From: redhat-list-bounces at redhat.com on behalf of Steven
> >Sent: Wed 7/7/2004 5:02 PM
> >To: General Red Hat Linux discussion list
> >Subject: Re: Cant authenticate to LDAP domain with Redhat9
> >
> >Hi,
> >
> >No I have not tried rpm -V pam, but here is the output:
> >
> >[root at blochee root]# rpm -V pam
> >S.5....T c /etc/pam.d/system-auth
> >[root at blochee root]#
> >
> >Any thoughts on my problem... It is driving me up the wall.
> >
> >--
> >Steven
> >
> >
> >
> >
> >
>
>
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
>
>
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>

More information about the redhat-list mailing list