Re: Cant authenticate to LDAP domain with Redhat9

shaughto_at_ee.ucr.edu

Date: Fri, 09 Jul 2004 08:28:11 -0700
To: General Red Hat Linux discussion list <redhat-list@redhat.com>


--
Steven
Rigler, Steve wrote:
>I wouldn't blame the directory server, but it would be nice to see
>logs of what is getting through (ie, what the client is requesting).
>
>The ssh version doesn't really answer why you couldn't log in from
>a virtual terminal.  As a matter of fact, the machine I'm testing
>this against is a RH9 machine with the 3.5p1 version of openssh.
>
>The log messages aren't particularly informative one way or another.
>If it really were using pam_ldap and it were a authentication issue 
>you'd see messages like this:
>
>Jul  9 06:24:19 myhost sshd[16305]: pam_ldap: error trying to bind as
>user "uid=
>joeuser,ou=People,dc=example,dc=com" (Invalid credentials)
>
>-Steve
> 
>
>-----Original Message-----
>From: redhat-list-bounces@redhat.com
>[mailto:redhat-list-bounces@redhat.com] On Behalf Of Steven
>Sent: Thursday, July 08, 2004 10:50 PM
>To: General Red Hat Linux discussion list
>Subject: Re: Cant authenticate to LDAP domain with Redhat9
>
>Ok, I wanted to check with my boss before messing with the ldap server.
>So I
>asked him; he said that there is nothing wrong with the server.  He then
>proceeded to take a quick look at the "server which is pissing me off"
>and
>said that in order for pam_ldap.so to work I need ssh 3.7 or higher.
>
>I thought to myself, finally, maybe this is the answer, since I had
>openssh
>3.5.  Anyways I proceed to install rpms of openssh 3.7.1p2-1 and its
>dependencies.  Here is the specifics:
>
>[root@blochee root]# rpm -qa | grep ssh
>openssh-askpass-3.7.1p2-1
>openssh-3.7.1p2-1
>openssh-clients-3.7.1p2-1
>openssh-server-3.7.1p2-1
>openssh-askpass-gnome-3.7.1p2-1
>[root@blochee root]#
>
>I made sure to check my /etc/ssh/ssh_config and my /etc/ssh/sshd_config
>and
>modified anything that was not correct.  Anyways to my dismay this did
>NOT
>WORK.  However, my login error does give a new line of information in my
>/log/messages file. Here it is:
>
>Jul  8 20:20:57 blochee sshd(pam_unix)[21476]: check pass; user unknown
>Jul  8 20:20:57 blochee sshd(pam_unix)[21476]: authentication failure;
>logname= uid=0 euid=0 tty=ssh ruser= rhost=spidey.ee.ucr.edu
>Jul  8 20:20:59 blochee sshd[21474]: error: PAM: Authentication failure
>Jul  8 20:21:03 blochee sshd(pam_unix)[21477]: check pass; user unknown
>Jul  8 20:21:03 blochee sshd(pam_unix)[21477]: authentication failure;
>logname= uid=0 euid=0 tty=ssh ruser= rhost=spidey.ee.ucr.edu
>Jul  8 20:21:05 blochee sshd[21474]: error: PAM: Authentication failure
>
>What I now get that I did not have before is the line with "error: PAM:
>Authentication failure".
>If I am understanding this correctly this means that pam_ldap.so is
>getting
>called now.... Am I correct in my assumption?
>This is good because before I update ssh I did not get that error so it
>look
>like pam-ldap.so was not working at all.
>Does this shed any light onto my problem?  Maybe my ssh config files are
>not
>set correctly?
>If you still think I need to look at the ldap server log files I will.
>
>BTW, On the other redhat servers they run with openssh 3.5.1 and they
>work......
>Thanks for everybodies help on this problem.
>--
>Steven
>
>----- Original Message ----- 
>From: "Rigler, Steve" <SRigler@MarathonOil.com>
>To: "General Red Hat Linux discussion list" <redhat-list@redhat.com>
>Sent: Thursday, July 08, 2004 4:30 AM
>Subject: RE: Cant authenticate to LDAP domain with Redhat9
>
>
>  
>
>>Assuming this is OpenLDAP and logging is set to a decent level
>>(see the "loglevel" directive in the slapd.conf and read
>>"man slapd.conf" to find out what the different loglevels do),
>>you can find out where it is doing logging by looking for
>>"local4.*" in the /etc/syslog.conf.
>>
>>Logging might not be turned on.  I usually only turn it on when
>>I'm trying to debug a problem (which requires a restart of slapd).
>>
>>-Steve
>>
>>-----Original Message-----
>>From: redhat-list-bounces@redhat.com
>>[mailto:redhat-list-bounces@redhat.com] On Behalf Of Steven
>>Sent: Wednesday, July 07, 2004 7:05 PM
>>To: General Red Hat Linux discussion list
>>Subject: Re: Cant authenticate to LDAP domain with Redhat9
>>
>>I can log in as root to my ldap server....
>>My boss set up the ldap domain so I really have not spent much time in
>>that server.
>>I looked for the log files, but cannot find them...  The usually
>>var/log/messages file is empty.
>>Where should I look for some log files pertaining to the ldap info I
>>seek?
>>
>>--
>>Steven
>>
>>Rigler, Steve wrote:
>>
>>    
>>
>>>Do you have access to look at the logs on your directory
>>>server?
>>>
>>>-Steve
>>>
>>>-----Original Message-----
>>>From: redhat-list-bounces@redhat.com on behalf of Steven
>>>Sent: Wed 7/7/2004 5:02 PM
>>>To: General Red Hat Linux discussion list
>>>Subject: Re: Cant authenticate to LDAP domain with Redhat9
>>>
>>>Hi,
>>>
>>>No I have not tried rpm -V pam, but here is the output:
>>>
>>>[root@blochee root]# rpm -V pam
>>>S.5....T c /etc/pam.d/system-auth
>>>[root@blochee root]#
>>>
>>>Any thoughts on my problem... It is driving me up the wall.
>>>
>>>--
>>>Steven
>>>
>>>
>>>
>>>
>>>
>>>      
>>>
>>-- 
>>redhat-list mailing list
>>unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>>https://www.redhat.com/mailman/listinfo/redhat-list
>>
>>
>>
>>
>>-- 
>>redhat-list mailing list
>>unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>>https://www.redhat.com/mailman/listinfo/redhat-list
>>
>>
>>    
>>
>
>
>  
>
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Re: Cant authenticate to LDAP domain with Redhat9

Relevant Pages