[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Need some help with this authentication problem



man, 2003-01-20 kl. 15:40 skrev charld:

> I just got everything installed but I am having problems
> with authentication.
> 
> I have a  Redhat 7.3 LDAP server running
> openldap-2.0.11
> db-3.2.9
> 
> And my clients are Redhat 7.3, Solaris 8 and Solaris 9. I need to get
> the Redhat Clients working first.
> 
> When I try to log in with one of the LDAP managed accounts
> on the Redhat client I get ?incorrect password? but if I login
> as root and then su to one of the LDAP managed accounts it
> works fine. I am thinking I have a config problem with one of
> the pam files or something is incorrect with my password settings.

Root is in /etc/passwd, the ldap-based people aren't.

Assuming you have *everything* else configured directly, which is an
awfully big assumption, suspect the login file in /etc/pam.d. I (RH 7.2)
compiled and installed the PADL pam_ldap and nss_ldap modules and in
/usr/share/doc/nss_ldap-189/pam.d I have the correct files for
/etc/pam.d. Goodness knows where they are on standard RH installs, if
anywhere.

*Hint* Always make backups of any pam.d files you play around with, and
always keep a terminal open with a root login, in case anything goes
wrong.

The rest of your stuff looks o.k. at first glance, but I can't really
tell.

Best,

Tony

--


> These are my settings.
> 
> Server
> -------
> (acme.ldif)
> dn: dc=acme,dc=com
> objectclass: nisDomainObject
> nisDomain: acme.com
> 
> dn: cn=Manager,dc=acme,dc=com
> objectclass: organizationalRole
> cn: Manager
> 
> dn: ou=Ethers,dc=acme,dc=com
> objectclass: organizationalUnit
> ou: Ethers
> dn: ou=Group,dc=acme,dc=com
> objectclass: organizationalUnit
> ou: Group
> dn: ou=Aliases,dc=acme,dc=com
> objectclass: organizationalUnit
> ou: Aliases
> dn: ou=Netgroup,dc=acme,dc=com
> objectclass: organizationalUnit
> ou: Netgroup
> dn: ou=Networks,dc=acme,dc=com
> objectclass: organizationalUnit
> ou: Networks
> dn: ou=People,dc=acme,dc=com
> objectclass: organizationalUnit
> ou: People
> dn: ou=protocols,dc=acme,dc=com
> objectclass: organizationalUnit
> ou: protocols
> dn: ou=rpc,dc=acme,dc=com
> objectclass: organizationalUnit
> ou: rpc
> dn: ou=Services,dc=acme,dc=com
> objectclass: organizationalUnit
> ou: Services
> dn: ou=Hosts,dc=acme,dc=com
> objectclass: organizationalUnit
> ou: Hosts
> dn: ou=profile,dc=acme,dc=com
> objectclass: organizationalUnit
> ou: profile
> 
> acme_account.ldif
> ----------------------
> dn: cn= Ldap Test user,ou=People,dc=acme,dc=com
> objectClass: posixAccount
> objectClass: shadowAAccount
> cn: User
> uid: ldap
> uidNumber: 504
> gidNumber: 1
> homeDirectory: /home/ldap
> userPassword: what goes here MD5 or CRYPT
> loginShell: /bin/bash
> gecos: Test user
> shadowLastChange: 12066
> shadowFlag: 0
> 
> on the redhat client
> ---------------------
> have /etc/nsswitch.conf changes
> what has to go in 
> /etc/pam.d/login
> /etc/pam.d/passwd
> /ettc/ldap.conf
> 
> and is there anything other file I missed? I what to get the
> Redhat part working first and Solaris later.
> 
>  
> 
> Thank You
> 
> 
> 
> 
> ______________________________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now
-- 

Tony Earnshaw

When all's said and done ...
there's nothing left to say or do.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl