[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP & PAM on Redhat 8 Problem



Hi,

I had problems with pam and ldap in RH8.0 as well. In my case I found that the 
nscd daemon package (which rules the auth cache subsystem) was broken for 
pam-ldap on RH8.0. If I dissable this daemon pam-ldap auth works, although 
there is an important performance hit. I posted a bug to REDHAT about this, 
but still no answer. Perhaps you are having the same problem.

Luis
El Miércoles, 5 de Febrero de 2003 12:11, Paul Holman escribió:
> I'm working on setting up OpenLDAP on a Redhat 8.0 server.  I'm
> attempting to authenticate logins to a Redhat 8 client using pam_ldap.
> I've followed all the documentation and tutorials I can find, and
> everything works, except the login.  I can use ldapsearch on the server
> & client.  I'm able to obtain userPassword this way if I bind as a user
> allowed by my ACL to read that field.  Here is the error my client
> generates when I attempt to log in:
>
> Feb  5 02:30:25 thebit login(pam_unix)[9065]: check pass; user unknown
> Feb  5 02:30:25 thebit login(pam_unix)[9065]: authentication failure;
> logname=LO
> GIN uid=0 euid=0 tty=tty1 ruser= rhost=
> Feb  5 02:30:28 thebit login[9065]: FAILED LOGIN 1 FROM (null) FOR
> testuser3, Au
> thentication failure
>
> testuser3 is in my LDAP database, the password I use has been thrice
> checked.  Here is the log on my LDAP server when this happens:
>
> Feb  5 03:01:35 isaev slapd[9043]: daemon: conn=2 fd=10 connection from
> IP=10.1.
> 1.49:33378 (IP=0.0.0.0:636) accepted.
> Feb  5 03:01:35 isaev slapd[9152]: conn=2 op=0 BIND
> dn="CN=PROXYUSER,DC=KADREVIS,DC=COM" method=128
> Feb  5 03:01:35 isaev slapd[9152]: conn=2 op=0 RESULT tag=97 err=0 text=
> Feb  5 03:01:35 isaev slapd[9151]: conn=2 op=1 SRCH
> base="ou=People,dc=kadrevis,dc=com" scope=1
> filter="(&(objectClass=posixAccount)(uid=testuser3))"
> Feb  5 03:01:36 isaev slapd[9151]: conn=2 op=1 SEARCH RESULT tag=101
> err=0 text=
>
> Feb  5 03:01:36 isaev slapd[9152]: conn=2 op=2 SRCH
> base="ou=People,dc=kadrevis,dc=com" scope=1
> filter="(&(objectClass=posixAccount)(uid=testuser3))"
> Feb  5 03:01:36 isaev slapd[9152]: conn=2 op=2 SEARCH RESULT tag=101
> err=0 text=
>
> Feb  5 03:01:38 isaev slapd[9151]: conn=2 op=3 SRCH
> base="ou=People,dc=kadrevis,dc=com" scope=1
> filter="(&(objectClass=posixAccount)(uid=testuser3))"
> Feb  5 03:01:39 isaev slapd[9151]: conn=2 op=3 SEARCH RESULT tag=101
> err=0 text=
>
> My current theory is that something about the way pam_unix operates on
> Redhat 8 is different than the rest of the Linux world.  I've edited
> /etc/pam.d/system-auth to look like all the examples I've seen.
>
> I can send out my config files to anyone willing to help.
>
> Thanks, pablos.
> pablos@kadrevis.com