[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: FW: LDAP and Unix authentification



Please direct PAM LDAP questions to the PAM LDAP mailing list.
        <pamldap@padl.com>

Kurt

At 11:33 AM 9/27/00 -0700, Steve Mertz wrote:



> I am currently trying to setup LDAP for Unix authentification on 
> a RedHat 6.2 system.  I have the LDAP server populated.  And I 
> have the nss/pam stuff setup:
> 
> /etc/pam.d/login:
> #%PAM-1.0
> auth       required    /lib/security/pam_nologin.so
> auth       sufficient  /lib/security/pam_ldap.so
> auth       required    /lib/security/pam_unix.so try_first_pass shadow
> account    sufficient  /lib/security/pam_ldap.so
> account    required    /lib/security/pam_unix.so try_first_pass shadow
> password   sufficient  /lib/security/pam_ldap.so
> session    required    /lib/security/pam_pwdb.so
> session    optional    /lib/security/pam_ldap.so
> session    optional    /lib/security/pam_console.so
> 
> This is setup based on one of the emails in the mail archive.
> 
> When I try to telnet to the machine it gives this in 
> /var/log/messages:
> Sep 27 11:04:09 clunk PAM_unix[3613]: check pass; user unknown
> Sep 27 11:04:09 clunk PAM_unix[3613]: authentication failure; 
> (uid=0) -> sam-test for login service
> Sep 27 11:04:10 clunk login[3613]: FAILED LOGIN 1 FROM sigh FOR 
> sam-test, Authentication service cannot retrieve authentication info.
> 
> Does anyone have any ideas on what I'm doing wrong? (Relevant 
> parts of /etc/ldap.conf follow) Thanks!
> 
> -- Steve
> 
> 
> 
> /etc/ldap.conf:
> <snip standard settings above here>
> # The search scope.                            <What does this stuff do 
> #scope sub                                             < Anyways? 
> #scope one
> #scope base
> # The following options are specific to nss_ldap.
> # The hashing algorith your libc uses.
> # Optional: default is des
> crypt md5
> #crypt sha
> #crypt des
> 
> # The following options are specific to pam_ldap.
> 
> # Filter to AND with uid=%s
> pam_filter ou=People
> 
> # The user ID attribute (defaults to uid)
> pam_login_attribute uid
> 
> # Search the root DSE for the password policy (works
> # with Netscape Directory Server)
> #pam_lookup_policy yes
> 
> # Group to enforce membership of
> #pam_groupdn cn=PAM,ou=People,dc=digital-integrity,dc=com
> 
> # Group member attribute
> pam_member_attribute gidNumber
> 
> # Hash password locally; required for University of
> # Michigan LDAP server, and works with Netscape
> # Directory Server if you're using the UNIX-Crypt
> # hash mechanism and not using the NT Synchronization
> # service.
> pam_crypt local
> 
> # EOF