Re: Openldap and Solaris 8

["Jan Z." <j.zeller@gpstechnik.ch>]

Title: RE: Openldap and Solaris 8

 

----- Original Message -----

From: Chapman, Kyle

To: 'Jan Z.'

Sent: Thursday, August 02, 2001 2:47 PM

Subject: RE: Openldap and Solaris 8

i dont see where pam_openldap is called...  try this:

touch /etc/pam_debug

 

turn on as much logging as possible in /etc/syslog.conf

 

try logging in again and see what messages appear in /var/adm/messages... 

 

also, when i have edited the pam.conf, i have left the path as /usr/lib/security/$ISA/pam_openldap.so.1 use_first_pass

 

the use_first_pass will tell pam to send the already entered password to another module so you wont be asked twice.

thanks Kyle,

 

I added use_first_pass at the end of each pam_openldap.so.1 line and now I am only prompted for one login each time I am trying to log-in.

 

But the problem stays the same. I can't log in. Login is apparently incorrect.

Beside this I have installed proftpd with mod_ldap. This works pretty good. I can login with "helene" without any problem. But this has obviously nothing to do with this pam problem. Just to say that user helene and all the ldap stuff is set up correctely.

 

/var/log/pamlog tells :

Aug  2 15:32:57 x1.wynanet.ch PAM: [ID 702575 auth.debug] pam_start(telnet ) - debug = 1
Aug  2 15:32:57 x1.wynanet.ch PAM: [ID 859314 auth.debug] pam_set_item(1)
Aug  2 15:32:57 x1.wynanet.ch PAM: [ID 859314 auth.debug] pam_set_item(2)
Aug  2 15:32:57 x1.wynanet.ch PAM: [ID 859314 auth.debug] pam_set_item(5)
Aug  2 15:32:57 x1.wynanet.ch PAM: [ID 859314 auth.debug] pam_set_item(3)
Aug  2 15:32:57 x1.wynanet.ch PAM: [ID 859314 auth.debug] pam_set_item(4)
Aug  2 15:32:57 x1.wynanet.ch login: [ID 859314 auth.debug] pam_set_item(9)
Aug  2 15:32:57 x1.wynanet.ch login: [ID 207130 auth.debug] pam_authenticate()
Aug  2 15:32:57 x1.wynanet.ch login: [ID 305314 auth.debug] load_modules: /usr/lib/security/pam_openldap.so.1
Aug  2 15:32:57 x1.wynanet.ch login: [ID 265225 auth.debug] load_function: successful load of pam_sm_authenticate
Aug  2 15:32:57 x1.wynanet.ch login: [ID 305314 auth.debug] load_modules: /usr/lib/security/pam_unix.so
Aug  2 15:32:57 x1.wynanet.ch login: [ID 265225 auth.debug] load_function: successful load of pam_sm_authenticate
Aug  2 15:33:00 x1.wynanet.ch login: [ID 859314 auth.debug] pam_set_item(2)
Aug  2 15:33:01 x1.wynanet.ch login: [ID 427203 auth.debug] pam_authenticate: error No account present for user
Aug  2 15:33:01 x1.wynanet.ch login: [ID 553197 auth.debug] nss_ldap: __session.ls_conn=0, __pid=-1, pid=10467, __euid=-1, euid=0
Aug  2 15:33:01 x1.wynanet.ch login: [ID 553197 auth.debug] nss_ldap: __session.ls_conn=31e80, __pid=10467, pid=10467, __euid=0, euid=0
Aug  2 15:33:03 x1.wynanet.ch login: [ID 859314 auth.debug] pam_set_item(6)
Aug  2 15:33:03 x1.wynanet.ch login: [ID 427203 auth.debug] pam_authenticate: error Authentication failed
Aug  2 15:33:03 x1.wynanet.ch login: [ID 859314 auth.debug] pam_set_item(6)
Aug  2 15:33:03 x1.wynanet.ch login: [ID 553197 auth.debug] nss_ldap: __session.ls_conn=31e80, __pid=10467, pid=10467, __euid=0, euid=0
Aug  2 15:33:03 x1.wynanet.ch last message repeated 1 time
Aug  2 15:33:07 x1.wynanet.ch login: [ID 859314 auth.debug] pam_set_item(2)
Aug  2 15:33:07 x1.wynanet.ch login: [ID 859314 auth.debug] pam_set_item(8)
Aug  2 15:33:07 x1.wynanet.ch login: [ID 859314 auth.debug] pam_set_item(9)
Aug  2 15:33:07 x1.wynanet.ch login: [ID 207130 auth.debug] pam_authenticate()
Aug  2 15:33:07 x1.wynanet.ch login: [ID 305314 auth.debug] load_modules: /usr/lib/security/pam_openldap.so.1

 

 

Any ideas ? Perhaps it is the password encryption mechanism which I have not really understood...

With openldap-1.2.11 you have the possibility to use the -H option to choose wether you want crypt,sha,md5 etc. I am missing this feature in openldap-2.0.x !? (default is SHA I think...)

I am using the pam_passwd exop thing. I tried clear, crypt but none of these options have changed my life.

 

 

regards,

 

 

Jan