[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pam_ldap error



This may be silly, but can you "su" to the ldap user? If you can, then you know it's an authentication problem. Change the password, see what that does. I use {SSHA} for my passwords. Is crypt a default password method? I think that I had to say --enable-crypt when I built openldap.

Asif Iqbal wrote:
I found the problem. I started as slapd -h ldap:///
ldaps:/// but port 636 was not open. I changed it and running as slapd -h
ldaps:/// and now it does not complain about connection problem but now it says

error: PAM: No account present for user

I do have an account for the user. To check I searched for the user and found
the user's password does not show {CRYPT}

the ldif for userPassword was {CRYPT}IIGHcSnVKzrZA but when I search the user it
shows userPassword:: e0NSWVBUfUlJR0hjU25WS3pyWkE=


Any suggestion/explanation would be greatly appreciated

On Mon, 1 Dec 2003, Csillag [iso-8859-2] Tam?s wrote:

  
Hi,

On Mon, Dec 01, 2003 at 02:24:16PM -0500, Asif Iqbal wrote:
    
On Mon, 1 Dec 2003, Jeff Gamsby wrote:

      
 Does ldapsearch -x work? If on Linux, how about getent passwd?
        
ldapsearch -x works just fine. genent passwd works fine too
      
pam_ldap is independent from getent passwd (it uses libnss_ldap)
and it's config file is: /etc/nsswitch.conf and /etc/{.,ldap}/ldap.conf
(the second is debian specific I think)
(But it is good to test wheather your database is available)

pam_ldap's config file is: /etc/pam_ldap.conf

If the problem is not the pam_ldap.conf file, you can try to debug it
in the following way:
tcpdump
or
(backup first!!) cp /etc/pam.d/ssh /etc/pam.d/su
strace su someuser (do this as root but remove, rootok pam module from
the list, so it will ask for password)

    
Asif Iqbal wrote:

        
Hi All

I am trying to ssh auth against the ldap server using pam_ldap and getting the
following error

Dec  1 13:03:44 scrub sshd[11979]: [ID 280705 auth.error] pam_ldap:
ldap_simple_bind Can't contact LDAP server
Dec  1 13:03:44 scrub sshd[11977]: [ID 800047 auth.error] error: PAM: Can not
retrieve authentication info

sshd auth --> pam_ldap.so (in pam.conf)

Thanks