[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
FW: LDAP and Unix authentification
I am currently trying to setup LDAP for Unix authentification on
a RedHat 6.2 system. I have the LDAP server populated. And I
have the nss/pam stuff setup:
/etc/pam.d/login:
#%PAM-1.0
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_unix.so try_first_pass shadow
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix.so try_first_pass shadow
password sufficient /lib/security/pam_ldap.so
session required /lib/security/pam_pwdb.so
session optional /lib/security/pam_ldap.so
session optional /lib/security/pam_console.so
This is setup based on one of the emails in the mail archive.
When I try to telnet to the machine it gives this in
/var/log/messages:
Sep 27 11:04:09 clunk PAM_unix[3613]: check pass; user unknown
Sep 27 11:04:09 clunk PAM_unix[3613]: authentication failure;
(uid=0) -> sam-test for login service
Sep 27 11:04:10 clunk login[3613]: FAILED LOGIN 1 FROM sigh FOR
sam-test, Authentication service cannot retrieve authentication info.
Does anyone have any ideas on what I'm doing wrong? (Relevant
parts of /etc/ldap.conf follow) Thanks!
-- Steve
/etc/ldap.conf:
<snip standard settings above here>
# The search scope. <What does this stuff do
#scope sub < Anyways?
#scope one
#scope base
# The following options are specific to nss_ldap.
# The hashing algorith your libc uses.
# Optional: default is des
crypt md5
#crypt sha
#crypt des
# The following options are specific to pam_ldap.
# Filter to AND with uid=%s
pam_filter ou=People
# The user ID attribute (defaults to uid)
pam_login_attribute uid
# Search the root DSE for the password policy (works
# with Netscape Directory Server)
#pam_lookup_policy yes
# Group to enforce membership of
#pam_groupdn cn=PAM,ou=People,dc=digital-integrity,dc=com
# Group member attribute
pam_member_attribute gidNumber
# Hash password locally; required for University of
# Michigan LDAP server, and works with Netscape
# Directory Server if you're using the UNIX-Crypt
# hash mechanism and not using the NT Synchronization
# service.
pam_crypt local
# EOF