[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
LDAP & PAM on Redhat 8 Problem
I'm working on setting up OpenLDAP on a Redhat 8.0 server. I'm
attempting to authenticate logins to a Redhat 8 client using pam_ldap.
I've followed all the documentation and tutorials I can find, and
everything works, except the login. I can use ldapsearch on the server
& client. I'm able to obtain userPassword this way if I bind as a user
allowed by my ACL to read that field. Here is the error my client
generates when I attempt to log in:
Feb 5 02:30:25 thebit login(pam_unix)[9065]: check pass; user unknown
Feb 5 02:30:25 thebit login(pam_unix)[9065]: authentication failure;
logname=LO
GIN uid=0 euid=0 tty=tty1 ruser= rhost=
Feb 5 02:30:28 thebit login[9065]: FAILED LOGIN 1 FROM (null) FOR
testuser3, Au
thentication failure
testuser3 is in my LDAP database, the password I use has been thrice
checked. Here is the log on my LDAP server when this happens:
Feb 5 03:01:35 isaev slapd[9043]: daemon: conn=2 fd=10 connection from
IP=10.1.
1.49:33378 (IP=0.0.0.0:636) accepted.
Feb 5 03:01:35 isaev slapd[9152]: conn=2 op=0 BIND
dn="CN=PROXYUSER,DC=KADREVIS,DC=COM" method=128
Feb 5 03:01:35 isaev slapd[9152]: conn=2 op=0 RESULT tag=97 err=0 text=
Feb 5 03:01:35 isaev slapd[9151]: conn=2 op=1 SRCH
base="ou=People,dc=kadrevis,dc=com" scope=1
filter="(&(objectClass=posixAccount)(uid=testuser3))"
Feb 5 03:01:36 isaev slapd[9151]: conn=2 op=1 SEARCH RESULT tag=101
err=0 text=
Feb 5 03:01:36 isaev slapd[9152]: conn=2 op=2 SRCH
base="ou=People,dc=kadrevis,dc=com" scope=1
filter="(&(objectClass=posixAccount)(uid=testuser3))"
Feb 5 03:01:36 isaev slapd[9152]: conn=2 op=2 SEARCH RESULT tag=101
err=0 text=
Feb 5 03:01:38 isaev slapd[9151]: conn=2 op=3 SRCH
base="ou=People,dc=kadrevis,dc=com" scope=1
filter="(&(objectClass=posixAccount)(uid=testuser3))"
Feb 5 03:01:39 isaev slapd[9151]: conn=2 op=3 SEARCH RESULT tag=101
err=0 text=
My current theory is that something about the way pam_unix operates on
Redhat 8 is different than the rest of the Linux world. I've edited
/etc/pam.d/system-auth to look like all the examples I've seen.
I can send out my config files to anyone willing to help.
Thanks, pablos.
pablos@kadrevis.com