[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap, pam_ldap, and solaris 8

To: openldap-software@OpenLDAP.org
Subject: openldap, pam_ldap, and solaris 8
From: Mark <papajohns@giddieup.net>
Date: Tue, 6 Apr 2004 12:03:26 -0700
Content-disposition: inline
User-agent: Mutt/1.2.5i

I can't seem to get the solaris 8 to authenticate via openldap..

i have set up a user named testuser but i can't seem to get it to login...it just hangs..., ldapsearch binds with the user and i can do a search using testuser with commands like ldapmodify and ldapsearch...so i think its something wrong in the pam_ldap?

also...when i try to authenticate via ldap, my su - wont work from the other accounts, and my sudo hangs as well...
is there something wrong in the config?

any help in direction would be appreciated.

thanx,
m

==========================================
my nsswitch.conf

passwd:     files ldap 
group:      files ldap

# You must also set up the /etc/resolv.conf file for DNS name
# server lookup.  See resolv.conf(4).
hosts:      files dns
ipnodes:    files
# Uncomment the following line and comment out the above to resolve
# both IPv4 and IPv6 addresses from the ipnodes databases. Note that
# IPv4 addresses are searched in all of the ipnodes databases before
# searching the hosts databases. Before turning this option on, consult
# the Network Administration Guide for more details on using IPv6.
#ipnodes:   files dns

networks:   files
protocols:  files
rpc:        files
ethers:     files
netmasks:   files
bootparams: files
publickey:  files
# At present there isn't a 'files' backend for netgroup;  the system will
#   figure it out pretty quickly, and won't use netgroups at all.
netgroup:   files
automount:  files
aliases:    files
services:   files
sendmailvars:   files
printers:       user files

auth_attr:  files
prof_attr:  files
project:    files

========================================
my pam.conf


#
#ident  "@(#)pam.conf   1.16    01/01/24 SMI"
#
# Copyright (c) 1996-2000 by Sun Microsystems, Inc.
# All rights reserved.
#
# PAM configuration
#
# Authentication management
#
#login  auth required   /usr/lib/security/$ISA/pam_unix.so.1 
login   auth required   /usr/lib/security/$ISA/pam_dial_auth.so.1 


login   auth sufficient /usr/lib/security/$ISA/pam_unix.so.1 
login   auth required   /opt/pam_ldap/current/lib/security/pam_ldap.so.1 use_first_pass

#
#rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin  auth required   /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin auth required   /usr/lib/security/$ISA/pam_unix.so.1
#
#rsh    auth required   /usr/lib/security/$ISA/pam_rhosts_auth.so.1
#other  auth required   /usr/lib/security/$ISA/pam_unix.so.1

other   auth sufficient /usr/lib/security/$ISA/pam_unix.so.1
other   auth required   /opt/pam_ldap/current/lib/security/pam_ldap.so.1 use_first_pass


#
# Account management
#
login   account requisite       /usr/lib/security/$ISA/pam_roles.so.1 
login   account required        /usr/lib/security/$ISA/pam_projects.so.1
#login  account required        /usr/lib/security/$ISA/pam_unix.so.1 

login   account sufficient      /usr/lib/security/$ISA/pam_unix.so.1 
login   account required        /opt/pam_ldap/current/lib/security/pam_ldap.so.1 use_first_pass


#
dtlogin account requisite       /usr/lib/security/$ISA/pam_roles.so.1 
dtlogin account required        /usr/lib/security/$ISA/pam_projects.so.1
dtlogin account required        /usr/lib/security/$ISA/pam_unix.so.1 
#
other   account requisite       /usr/lib/security/$ISA/pam_roles.so.1 
#other  account required        /usr/lib/security/$ISA/pam_projects.so.1
#other  account required        /usr/lib/security/$ISA/pam_unix.so.1 


#other  account required        /usr/lib/security/$ISA/pam_projects.so.1
other   account sufficient      /usr/lib/security/$ISA/pam_unix.so.1 
other   account required        /opt/pam_ldap/current/lib/security/pam_ldap.so.1 use_first_pass




#
# Session management
#
other   session required        /usr/lib/security/$ISA/pam_unix.so.1 
#
# Password management
#
#other  password required       /usr/lib/security/$ISA/pam_unix.so.1 

other   password sufficient     /usr/lib/security/$ISA/pam_unix.so.1 
other   password required       /opt/pam_ldap/current/lib/security/pam_ldap.so try_first_pass




dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
#rlogin auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#login  auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin        auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#other  auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin        account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other  account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other  session optional /usr/lib/security/$ISA/pam_krb5.so.1
#other  password optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#
# Support for Solaris PPP (sppp)
ppp     auth    required        /usr/lib/security/$ISA/pam_unix.so.1 
ppp     auth    required        /usr/lib/security/$ISA/pam_dial_auth.so.1 
ppp     account requisite       /usr/lib/security/$ISA/pam_roles.so.1 
ppp     account required        /usr/lib/security/$ISA/pam_projects.so.1
ppp     account required        /usr/lib/security/$ISA/pam_unix.so.1 
ppp     session required        /usr/lib/security/$ISA/pam_unix.so.1

Follow-Ups:
- Re: openldap, pam_ldap, and solaris 8
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: openldap, pam_ldap, and solaris 8
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: ldap_sasl_interactive_bind_s: Unknown authentication method (86)
Next by Date: ldappasswd fails with "context csn indexing failed"
Index(es):
- Chronological
- Thread