[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP & PAM on Redhat 8 Problem

To: openldap-software@OpenLDAP.org
Subject: LDAP & PAM on Redhat 8 Problem
From: Paul Holman <pablos@kadrevis.com>
Date: Wed, 5 Feb 2003 03:11:06 -0800

I'm working on setting up OpenLDAP on a Redhat 8.0 server. I'm attempting to authenticate logins to a Redhat 8 client using pam_ldap. I've followed all the documentation and tutorials I can find, and everything works, except the login. I can use ldapsearch on the server & client. I'm able to obtain userPassword this way if I bind as a user allowed by my ACL to read that field. Here is the error my client generates when I attempt to log in:

Feb 5 02:30:25 thebit login(pam_unix)[9065]: check pass; user unknown Feb 5 02:30:25 thebit login(pam_unix)[9065]: authentication failure; logname=LO GIN uid=0 euid=0 tty=tty1 ruser= rhost= Feb 5 02:30:28 thebit login[9065]: FAILED LOGIN 1 FROM (null) FOR testuser3, Au thentication failure

testuser3 is in my LDAP database, the password I use has been thrice checked. Here is the log on my LDAP server when this happens:

Feb 5 03:01:35 isaev slapd[9043]: daemon: conn=2 fd=10 connection from IP=10.1. 1.49:33378 (IP=0.0.0.0:636) accepted. Feb 5 03:01:35 isaev slapd[9152]: conn=2 op=0 BIND dn="CN=PROXYUSER,DC=KADREVIS,DC=COM" method=128 Feb 5 03:01:35 isaev slapd[9152]: conn=2 op=0 RESULT tag=97 err=0 text= Feb 5 03:01:35 isaev slapd[9151]: conn=2 op=1 SRCH base="ou=People,dc=kadrevis,dc=com" scope=1 filter="(&(objectClass=posixAccount)(uid=testuser3))" Feb 5 03:01:36 isaev slapd[9151]: conn=2 op=1 SEARCH RESULT tag=101 err=0 text=

Feb 5 03:01:36 isaev slapd[9152]: conn=2 op=2 SRCH base="ou=People,dc=kadrevis,dc=com" scope=1 filter="(&(objectClass=posixAccount)(uid=testuser3))" Feb 5 03:01:36 isaev slapd[9152]: conn=2 op=2 SEARCH RESULT tag=101 err=0 text=

Feb 5 03:01:38 isaev slapd[9151]: conn=2 op=3 SRCH base="ou=People,dc=kadrevis,dc=com" scope=1 filter="(&(objectClass=posixAccount)(uid=testuser3))" Feb 5 03:01:39 isaev slapd[9151]: conn=2 op=3 SEARCH RESULT tag=101 err=0 text=

My current theory is that something about the way pam_unix operates on Redhat 8 is different than the rest of the Linux world. I've edited /etc/pam.d/system-auth to look like all the examples I've seen.

I can send out my config files to anyone willing to help.

Thanks, pablos.
pablos@kadrevis.com

Follow-Ups:
- Re: LDAP & PAM on Redhat 8 Problem
  - From: Jehan PROCACCIA <Jehan.Procaccia@int-evry.fr>
- Re: LDAP & PAM on Redhat 8 Problem
  - From: Luis Martinez Martinez <luimarma@iti.upv.es>

Prev by Date: Re: can't connect to ldap server (0x5B)
Next by Date: ACL in the slapd.conf ???
Index(es):
- Chronological
- Thread