[Date Prev][Date Next] [Chronological] [Thread] [Top]

FW: LDAP and Unix authentification





 I am currently trying to setup LDAP for Unix authentification on 
 a RedHat 6.2 system.  I have the LDAP server populated.  And I 
 have the nss/pam stuff setup:
 
 /etc/pam.d/login:
 #%PAM-1.0
 auth       required    /lib/security/pam_nologin.so
 auth       sufficient  /lib/security/pam_ldap.so
 auth       required    /lib/security/pam_unix.so try_first_pass shadow
 account    sufficient  /lib/security/pam_ldap.so
 account    required    /lib/security/pam_unix.so try_first_pass shadow
 password   sufficient  /lib/security/pam_ldap.so
 session    required    /lib/security/pam_pwdb.so
 session    optional    /lib/security/pam_ldap.so
 session    optional    /lib/security/pam_console.so
 
 This is setup based on one of the emails in the mail archive.
 
 When I try to telnet to the machine it gives this in 
 /var/log/messages:
 Sep 27 11:04:09 clunk PAM_unix[3613]: check pass; user unknown
 Sep 27 11:04:09 clunk PAM_unix[3613]: authentication failure; 
 (uid=0) -> sam-test for login service
 Sep 27 11:04:10 clunk login[3613]: FAILED LOGIN 1 FROM sigh FOR 
 sam-test, Authentication service cannot retrieve authentication info.
 
 Does anyone have any ideas on what I'm doing wrong? (Relevant 
 parts of /etc/ldap.conf follow) Thanks!
 
 -- Steve
 
 
 
 /etc/ldap.conf:
 <snip standard settings above here>
 # The search scope.         			<What does this stuff do 
 #scope sub						< Anyways? 
 #scope one
 #scope base
 # The following options are specific to nss_ldap.
 # The hashing algorith your libc uses.
 # Optional: default is des
 crypt md5
 #crypt sha
 #crypt des
 
 # The following options are specific to pam_ldap.
 
 # Filter to AND with uid=%s
 pam_filter ou=People
 
 # The user ID attribute (defaults to uid)
 pam_login_attribute uid
 
 # Search the root DSE for the password policy (works
 # with Netscape Directory Server)
 #pam_lookup_policy yes
 
 # Group to enforce membership of
 #pam_groupdn cn=PAM,ou=People,dc=digital-integrity,dc=com
 
 # Group member attribute
 pam_member_attribute gidNumber
 
 # Hash password locally; required for University of
 # Michigan LDAP server, and works with Netscape
 # Directory Server if you're using the UNIX-Crypt
 # hash mechanism and not using the NT Synchronization
 # service.
 pam_crypt local
 
 # EOF