Re: Cant authenticate to LDAP domain with Redhat9
From: Steven (shaughto_at_ee.ucr.edu)
Date: 07/07/04
- Previous message: Elmer E. Dow: "Re: Hang related to Internet connection"
- In reply to: Rigler, Steve: "RE: Cant authenticate to LDAP domain with Redhat9"
- Next in thread: Stuart Sears: "Re: Cant authenticate to LDAP domain with Redhat9"
- Reply: Stuart Sears: "Re: Cant authenticate to LDAP domain with Redhat9"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 07 Jul 2004 14:48:19 -0700 To: General Red Hat Linux discussion list <redhat-list@redhat.com>
Hi,
I do have /lib/security/pam_ldap.so. Also here is the following info:
[root@blochee root]# cd /lib/security/
[root@blochee security]# ls
pam_access.so pam_krb5.so pam_rhosts_auth.so pam_unix_auth.so
pam_chroot.so pam_lastlog.so pam_rootok.so pam_unix_passwd.so
pam_console.so pam_ldap.so pam_securetty.so pam_unix_session.so
pam_cracklib.so pam_limits.so pam_shells.so pam_unix.so
pam_deny.so pam_listfile.so pam_smb_auth.so pam_userdb.so
pam_env.so pam_localuser.so pam_smbpass.so pam_warn.so
pam_filter pam_mail.so pam_stack.so pam_wheel.so
pam_filter.so pam_mkhomedir.so pam_stress.so pam_winbind.so
pam_ftp.so pam_motd.so pam_tally.so pam_xauth.so
pam_group.so pam_nologin.so pam_time.so
pam_issue.so pam_permit.so pam_timestamp.so
pam_krb5afs.so pam_pwdb.so pam_unix_acct.so
[root@blochee security]# rpm -V nss_ldap
S.5....T c /etc/ldap.conf
[root@blochee security]#
Maybe there is a problem with pam_ldap.so?
Thanks again for your help.
-- Steven Rigler, Steve wrote: >You're looking at the right log file. > >I've been trying to duplicate your problem on a spare machine >here and the only way I've been able to do it is if I rename >/lib/security/pam_ldap.so. In this case, these are the >messages I get: > >Jul 7 14:53:03 houuc9 sshd(pam_unix)[17393]: check pass; user unknown >Jul 7 14:53:03 houuc9 sshd(pam_unix)[17393]: authentication failure; >logname= u >id=0 euid=0 tty=NODEVssh ruser= rhost=houuc8 >Jul 7 14:53:15 houuc9 sshd(pam_unix)[17393]: check pass; user unknown >Jul 7 14:53:19 houuc9 sshd(pam_unix)[17393]: check pass; user unknown >Jul 7 14:53:22 houuc9 sshd(pam_unix)[17393]: 2 more authentication >failures; lo >gname= uid=0 euid=0 tty=NODEVssh ruser= rhost=houuc8 > >I can still do "getent passwd" because I still have /lib/libnss_ldap*, >but obviosuly logins are broken. > >So I'm wondering if this might be the case for you. Do you have >/lib/security/pam_ldap.so? And what does "rpm -V nss_ldap" >give you? > >-Steve > >-----Original Message----- >From: redhat-list-bounces@redhat.com >[mailto:redhat-list-bounces@redhat.com] On Behalf Of Steven D. Haughton >Sent: Wednesday, July 07, 2004 11:45 AM >To: General Red Hat Linux discussion list >Subject: Re: Cant authenticate to LDAP domain with Redhat9 > >I added the debug line to my system-auth. It now looks like this: > >#%PAM-1.0 ># This file is auto-generated. ># User changes will be destroyed the next time authconfig is run. >auth required /lib/security/$ISA/pam_env.so >auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok >auth sufficient /lib/security/$ISA/pam_ldap.so debug >use_first_pass >auth required /lib/security/$ISA/pam_deny.so > >account required /lib/security/$ISA/pam_unix.so >account [default=bad success=ok user_unknown=ignore >service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so >debug > >password required /lib/security/$ISA/pam_cracklib.so retry=3 >type= >password sufficient /lib/security/$ISA/pam_unix.so nullok >use_authtok md5 shadow >password sufficient /lib/security/$ISA/pam_ldap.so debug >use_authtok >password required /lib/security/$ISA/pam_deny.so > >session required /lib/security/$ISA/pam_limits.so >session required /lib/security/$ISA/pam_unix.so >session optional /lib/security/$ISA/pam_ldap.so debug > > >This is the messages I get in /var/log/messages when I try logging in: > >Jul 7 09:37:36 blochee sshd(pam_unix)[19078]: check pass; user unknown >Jul 7 09:37:36 blochee sshd(pam_unix)[19078]: authentication failure; >logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=blochee.ee.ucr.edu >Jul 7 09:37:52 blochee sshd(pam_unix)[19078]: check pass; user unknown >Jul 7 09:38:15 blochee sshd(pam_unix)[19078]: check pass; user unknown >Jul 7 09:38:27 blochee sshd(pam_unix)[19078]: 2 more authentication >failures; logname= uid=0 euid=0 tty=NODEVssh ruser= >rhost=blochee.ee.ucr.edu > >It seems to me that no new information was outputed using the debug >command... >Am I looking at the right log file? > >On the machines that work I get this for "getent passwd" and "getent >shadow": >I picked one user at random cause if I put "getent passwd" the list >would be to long. > >Computers that work in ldap: >[root@kona root]# getent shadow pfu >pfu:x:::::::0 >[root@kona root]# getent passwd pfu >pfu:x:15002:403:Peilin Fu:/home/eeres/pfu:/bin/bash > >Computer that does not work in ldap: >[root@blochee root]# getent passwd pfu >pfu:x:15002:403:Peilin Fu:/home/eeres/pfu:/bin/bash >[root@blochee root]# getent shadow pfu >pfu:x:::::::0 > >They are the same so it looks like it can read the ldap info ok. > >-- >Steven > > > > > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
- Previous message: Elmer E. Dow: "Re: Hang related to Internet connection"
- In reply to: Rigler, Steve: "RE: Cant authenticate to LDAP domain with Redhat9"
- Next in thread: Stuart Sears: "Re: Cant authenticate to LDAP domain with Redhat9"
- Reply: Stuart Sears: "Re: Cant authenticate to LDAP domain with Redhat9"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
