libpam-ldap does not authenticate users
From: Matt Clauson (mec_at_dotorg.org)
Date: 11/29/05
- Previous message: jpdrawneek: "ALSA compile problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 29 Nov 2005 10:30:27 -0700 To: debian-user@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
All: having problems getting libpam-ldap to authenticate users.
libnss-ldap does exactly fine when running the same base -- but PAM will
not. Moreso, I get the following errors when I try to login to the box
by ssh or on the console (ssh errors below):
Nov 29 10:26:33 ldaptest0 sshd[4421]: Illegal user mclauson from
::ffff:69.145.252.167
Nov 29 10:26:33 ldaptest0 sshd[4421]: Failed none for illegal user
mclauson from ::ffff:69.145.252.167 port 2413 ssh2
Nov 29 10:26:38 ldaptest0 sshd[4421]: pam_ldap: error trying to bind as
user "uid=mclauson,dc=advserv,dc=bresnan,dc=com" (Invalid credentials)
Nov 29 10:26:38 ldaptest0 sshd[4421]: (pam_unix) check pass; user unknown
Nov 29 10:26:38 ldaptest0 sshd[4421]: (pam_unix) authentication failure;
logname= uid=0 euid=0 tty=ssh ruser=
rhost=host-69-145-252-167.bln-mt.client.bresnan.net
Nov 29 10:26:40 ldaptest0 sshd[4421]: error: PAM: Permission denied for
illegal user mclauson from host-69-145-252-167.bln-mt.client.bresnan.net
Nov 29 10:26:40 ldaptest0 sshd[4421]: Failed keyboard-interactive/pam
for illegal user mclauson from ::ffff:69.145.252.167 port 2413 ssh2
Config files below -- suggestions?
pam_ldap.conf/libnss-ldap.conf (same file):
host 127.0.0.1
base dc=advserv,dc=example,dc=com
ldap_version 3
#binddn cn=nssuser,dc=advserv,dc=example,dc=com
#bindpw password
rootbinddn cn=admin,dc=advserv,dc=example,dc=com
#timelimit 30
#bind_timelimit 30
#bind_policy hard
#idle_timelimit 3600
#pam_filter objectclass=account
#pam_login_attribute uid
#pam_lookup_policy yes
#pam_check_host_attr yes
#pam_check_service_attr yes
#pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com
#pam_member_attribute uniquemember
#pam_min_uid 0
#pam_max_uid 0
#pam_login_attribute userPrincipalName
#pam_template_login_attribute uid
#pam_template_login nobody
pam_password exop
#pam_password_prohibit_message Please visit http://internal to change
your password.
#ssl start_tls
#ssl on
#tls_checkpeer yes
#tls_cacertfile /etc/ssl/ca.cert
#tls_cacertdir /etc/ssl/certs
#tls_randfile /var/run/egd-pool
#tls_ciphers TLSv1
#tls_cert
#tls_key
#sasl_secprops maxssf=0
#krb5_ccname FILE:/etc/.ldapcache
#pam_sasl_mech DIGEST-MD5
# end pam_ldap.conf
/etc/pam.d/common-auth:
auth sufficient pam_ldap.so try_first_pass ignore_unknown_user
auth sufficient pam_unix.so try_first_pass nullok_secure
#end common-auth
/etc/pam.d/common-account:
auth sufficient pam_ldap.so ignore_unknown_user
auth sufficient pam_unix.so
#end common-account
/etc/pam.d/common-session:
auth sufficient pam_ldap.so ignore_unknown_user
auth sufficient pam_unix.so
#end common-session
- --mec
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: GnuPT 2.7.2
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDjJAzvDNtj3aXDYkRAmYYAJwJT44syfTXVByXBLheGg5R6JKJMgCfadmf
1TgcKogjVysg/29ivMAN2GI=
=nQDb
-----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- Previous message: jpdrawneek: "ALSA compile problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
