[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: FW: LDAP and Unix authentification
Please direct PAM LDAP questions to the PAM LDAP mailing list.
<pamldap@padl.com>
Kurt
At 11:33 AM 9/27/00 -0700, Steve Mertz wrote:
> I am currently trying to setup LDAP for Unix authentification on
> a RedHat 6.2 system. I have the LDAP server populated. And I
> have the nss/pam stuff setup:
>
> /etc/pam.d/login:
> #%PAM-1.0
> auth required /lib/security/pam_nologin.so
> auth sufficient /lib/security/pam_ldap.so
> auth required /lib/security/pam_unix.so try_first_pass shadow
> account sufficient /lib/security/pam_ldap.so
> account required /lib/security/pam_unix.so try_first_pass shadow
> password sufficient /lib/security/pam_ldap.so
> session required /lib/security/pam_pwdb.so
> session optional /lib/security/pam_ldap.so
> session optional /lib/security/pam_console.so
>
> This is setup based on one of the emails in the mail archive.
>
> When I try to telnet to the machine it gives this in
> /var/log/messages:
> Sep 27 11:04:09 clunk PAM_unix[3613]: check pass; user unknown
> Sep 27 11:04:09 clunk PAM_unix[3613]: authentication failure;
> (uid=0) -> sam-test for login service
> Sep 27 11:04:10 clunk login[3613]: FAILED LOGIN 1 FROM sigh FOR
> sam-test, Authentication service cannot retrieve authentication info.
>
> Does anyone have any ideas on what I'm doing wrong? (Relevant
> parts of /etc/ldap.conf follow) Thanks!
>
> -- Steve
>
>
>
> /etc/ldap.conf:
> <snip standard settings above here>
> # The search scope. <What does this stuff do
> #scope sub < Anyways?
> #scope one
> #scope base
> # The following options are specific to nss_ldap.
> # The hashing algorith your libc uses.
> # Optional: default is des
> crypt md5
> #crypt sha
> #crypt des
>
> # The following options are specific to pam_ldap.
>
> # Filter to AND with uid=%s
> pam_filter ou=People
>
> # The user ID attribute (defaults to uid)
> pam_login_attribute uid
>
> # Search the root DSE for the password policy (works
> # with Netscape Directory Server)
> #pam_lookup_policy yes
>
> # Group to enforce membership of
> #pam_groupdn cn=PAM,ou=People,dc=digital-integrity,dc=com
>
> # Group member attribute
> pam_member_attribute gidNumber
>
> # Hash password locally; required for University of
> # Michigan LDAP server, and works with Netscape
> # Directory Server if you're using the UNIX-Crypt
> # hash mechanism and not using the NT Synchronization
> # service.
> pam_crypt local
>
> # EOF