[Date Prev][Date Next] [Chronological] [Thread] [Top]

Solaris10+openldap+nss_ldap+pam_ldap=nightmare

To: <anderson@vailsys.com>
Subject: Solaris10+openldap+nss_ldap+pam_ldap=nightmare
From: <Juergen.Sprenger@swisscom.com>
Date: Fri, 15 Apr 2011 15:52:13 +0200
Accept-language: en-US, de-CH
Acceptlanguage: en-US, de-CH
Cc: openldap-technical@openldap.org
Content-language: en-US
Thread-index: Acv7dFLaQ+fop5AcSuO58Fj3/WLR9A==
Thread-topic: Solaris10+openldap+nss_ldap+pam_ldap=nightmare

If everything else works fine, and only ssh fails
check sshd_config for this parameter:
PAMAuthenticationViaKBDInt yes

pam.conf:
Try moving statements with ldap.so.1 to the end of 
each section and add debug switch:
login	auth requisite	pam_authtok_get.so.1
login	auth required	pam_dhkeys.so.1
login	auth required	pam_unix_cred.so.1
login	auth sufficient	pam_unix_auth.so.1
login	auth required	pam_dial_auth.so.1
login	auth sufficient	pam_ldap.so.1 try_first_pass debug

If it's not only ssh-login:
- is output of 'getent passwd' ok?
- provide output of 'ldaplist'
- provide output of 'ldapclient list'
- check setup of nscd (svc:/system/name-service-cache:default)

Jürgen Sprenger

Prev by Date: Re: Issue when injecting a new AttributeTypes in OpenLdap
Next by Date: SOLVED - Re: fedora and openldap
Index(es):
- Chronological
- Thread