[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Weird NSS/PAM Problem
>I have some trouble here to get OpenLDAP running correctly together with
>NSS/PAM Authentification. I tried everything I could imagine, looked
>through many mailinglist archives and read all docu I was able to find, but
>the problem still remains. ARGH ;)
Really is more of a PAM/NSS question than an OpenLDAP one, you might
get more/better help on one of PADL's lists.
>I migrated the Login Authentification on my system to OpenLDAP
>(2.0.23), /etc/shadow,passwd,groups were removed, all data ist now stored
>in LDAP.
>The login is done with NSS_LDAP and PAM_LDAP and it works, the system
>reads the data correctly out of the LDAP database and every user is able
>to login on his account.
>But still, the openldap server writes some strange error messages to
No, PAM is writing this message to syslogd, not slapd.
>SYSLOG. For example, when user root logs in, the following message appears
>in the log:
>----------------------------------------------------------------------
>Mar 30 16:28:58 [login] pam_ldap: error trying to bind as user "cn=root,
>ou=sysusers, ou=sysaccounts, dc=hailstorm, dc=linuxgamer, c=de" (Invalid
>credentials)
>Mar 30 16:28:58 [login] ROOT LOGIN on `tty2'
>----------------------------------------------------------------------
>As you can see, the login was succesful, although pam_ldap reports an
>error...
>What could be the error ?
>Are my ACLŽs wrong ?
>############ /etc/ldap.conf ################
>host localhost>
>base dc=hailstorm,dc=linuxgamer,c=de
>ldap_version 3
>binddn cn=root,dc=hailstorm,dc=linuxgamer,c=de
>bindpw wonttellya ;) # it is the correct root password
You need to bind as cn=root to authenticate a user? It may work, but it
seem rather extreme and not particularly secure. Your ACLs says that
you can authenticate anonymously (which is OK), so try removing the
binddn directive from /etc/ldap.conf