Cant authenticate to LDAP domain with Redhat9

Steven shaughto at ee.ucr.edu
Mon Jul 19 08:24:50 UTC 2004


Well I have been working on my ldap client authentication problem with 
Isaac, my boss.  Finally got him to help me out tonight....

Isaac wrote:

The problem lies on the new pam_ldap library.  Version pam_ldap-156.tar.gz
works fine.  Go ahead and install it on the machines you need auth for
while I find what the real problem is.  It should be on storm on
/usr/portage/distfiles/pam_ldap-156.tar.gz.

So now we all know the problem lies in the pam_ldap module.  Well if 
any1 ever comes across this problem this info would be good to know.  
Thank you everybody wo helped me out.

Btw, has any1 come across this problem before?

--
Steven Haughton
Systems Admin.
Dept. of Electrical Engineering
UCR

Rigler, Steve wrote:

>I wouldn't blame the directory server, but it would be nice to see
>logs of what is getting through (ie, what the client is requesting).
>
>The ssh version doesn't really answer why you couldn't log in from
>a virtual terminal.  As a matter of fact, the machine I'm testing
>this against is a RH9 machine with the 3.5p1 version of openssh.
>
>The log messages aren't particularly informative one way or another.
>If it really were using pam_ldap and it were a authentication issue 
>you'd see messages like this:
>
>Jul  9 06:24:19 myhost sshd[16305]: pam_ldap: error trying to bind as
>user "uid=
>joeuser,ou=People,dc=example,dc=com" (Invalid credentials)
>
>-Steve
> 
>
>-----Original Message-----
>From: redhat-list-bounces at redhat.com
>[mailto:redhat-list-bounces at redhat.com] On Behalf Of Steven
>Sent: Thursday, July 08, 2004 10:50 PM
>To: General Red Hat Linux discussion list
>Subject: Re: Cant authenticate to LDAP domain with Redhat9
>
>Ok, I wanted to check with my boss before messing with the ldap server.
>So I
>asked him; he said that there is nothing wrong with the server.  He then
>proceeded to take a quick look at the "server which is pissing me off"
>and
>said that in order for pam_ldap.so to work I need ssh 3.7 or higher.
>
>I thought to myself, finally, maybe this is the answer, since I had
>openssh
>3.5.  Anyways I proceed to install rpms of openssh 3.7.1p2-1 and its
>dependencies.  Here is the specifics:
>
>[root at blochee root]# rpm -qa | grep ssh
>openssh-askpass-3.7.1p2-1
>openssh-3.7.1p2-1
>openssh-clients-3.7.1p2-1
>openssh-server-3.7.1p2-1
>openssh-askpass-gnome-3.7.1p2-1
>[root at blochee root]#
>
>I made sure to check my /etc/ssh/ssh_config and my /etc/ssh/sshd_config
>and
>modified anything that was not correct.  Anyways to my dismay this did
>NOT
>WORK.  However, my login error does give a new line of information in my
>/log/messages file. Here it is:
>
>Jul  8 20:20:57 blochee sshd(pam_unix)[21476]: check pass; user unknown
>Jul  8 20:20:57 blochee sshd(pam_unix)[21476]: authentication failure;
>logname= uid=0 euid=0 tty=ssh ruser= rhost=spidey.ee.ucr.edu
>Jul  8 20:20:59 blochee sshd[21474]: error: PAM: Authentication failure
>Jul  8 20:21:03 blochee sshd(pam_unix)[21477]: check pass; user unknown
>Jul  8 20:21:03 blochee sshd(pam_unix)[21477]: authentication failure;
>logname= uid=0 euid=0 tty=ssh ruser= rhost=spidey.ee.ucr.edu
>Jul  8 20:21:05 blochee sshd[21474]: error: PAM: Authentication failure
>
>What I now get that I did not have before is the line with "error: PAM:
>Authentication failure".
>If I am understanding this correctly this means that pam_ldap.so is
>getting
>called now.... Am I correct in my assumption?
>This is good because before I update ssh I did not get that error so it
>look
>like pam-ldap.so was not working at all.
>Does this shed any light onto my problem?  Maybe my ssh config files are
>not
>set correctly?
>If you still think I need to look at the ldap server log files I will.
>
>BTW, On the other redhat servers they run with openssh 3.5.1 and they
>work......
>Thanks for everybodies help on this problem.
>--
>Steven
>
>----- Original Message ----- 
>From: "Rigler, Steve" <SRigler at MarathonOil.com>
>To: "General Red Hat Linux discussion list" <redhat-list at redhat.com>
>Sent: Thursday, July 08, 2004 4:30 AM
>Subject: RE: Cant authenticate to LDAP domain with Redhat9
>
>
>  
>
>>Assuming this is OpenLDAP and logging is set to a decent level
>>(see the "loglevel" directive in the slapd.conf and read
>>"man slapd.conf" to find out what the different loglevels do),
>>you can find out where it is doing logging by looking for
>>"local4.*" in the /etc/syslog.conf.
>>
>>Logging might not be turned on.  I usually only turn it on when
>>I'm trying to debug a problem (which requires a restart of slapd).
>>
>>-Steve
>>
>>-----Original Message-----
>>From: redhat-list-bounces at redhat.com
>>[mailto:redhat-list-bounces at redhat.com] On Behalf Of Steven
>>Sent: Wednesday, July 07, 2004 7:05 PM
>>To: General Red Hat Linux discussion list
>>Subject: Re: Cant authenticate to LDAP domain with Redhat9
>>
>>I can log in as root to my ldap server....
>>My boss set up the ldap domain so I really have not spent much time in
>>that server.
>>I looked for the log files, but cannot find them...  The usually
>>var/log/messages file is empty.
>>Where should I look for some log files pertaining to the ldap info I
>>seek?
>>
>>--
>>Steven
>>
>>Rigler, Steve wrote:
>>
>>    
>>
>>>Do you have access to look at the logs on your directory
>>>server?
>>>
>>>-Steve
>>>
>>>-----Original Message-----
>>>From: redhat-list-bounces at redhat.com on behalf of Steven
>>>Sent: Wed 7/7/2004 5:02 PM
>>>To: General Red Hat Linux discussion list
>>>Subject: Re: Cant authenticate to LDAP domain with Redhat9
>>>
>>>Hi,
>>>
>>>No I have not tried rpm -V pam, but here is the output:
>>>
>>>[root at blochee root]# rpm -V pam
>>>S.5....T c /etc/pam.d/system-auth
>>>[root at blochee root]#
>>>
>>>Any thoughts on my problem... It is driving me up the wall.
>>>
>>>--
>>>Steven
>>>
>>>
>>>
>>>
>>>
>>>      
>>>
>>-- 
>>redhat-list mailing list
>>unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>https://www.redhat.com/mailman/listinfo/redhat-list
>>
>>
>>
>>
>>-- 
>>redhat-list mailing list
>>unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>https://www.redhat.com/mailman/listinfo/redhat-list
>>
>>
>>    
>>
>
>
>  
>





More information about the redhat-list mailing list