PAM pass through & ENTRY problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Stipl, Stepan wrote:
> Hi,
> 	I'm currently playing with Fedora DS - and I really like it :).
>
> problem: I'm trying to use PAM pass through plugin -> pam_krb5 -> Active Directory/Kerberos
>
> I'm able t get this working fine, with pamIDMapMethod set to RDN, but not set to ENTRY with apropriate pamIDAttr set.
>
> With disabled PAM PT plugin, I'm able to do simple bind to given object.
>
> With enabled PAM PT plugin, set to RDN I'm able to do bind with password stored in Kerberos, and with allowed pamFallback also with password stored in Fedora DS.
>
> And finally with PAM PT plugin enabled and set to ENTRY and attribute specified in pamIDAttr - I'm unable to do bind with Kerberos password, only with simple bind pass. stored in Fedora DS if pamFallback is enabled.
>
> errors log with debuglevel set for plugins debugging:
>
> [04/Jan/2007:11:13:40 +0100] pam_passthru-plugin - => pam_passthru_bindpreop
> [04/Jan/2007:11:13:40 +0100] - allow_operation: component identity is NULL
> [04/Jan/2007:11:13:40 +0100] pam_passthru-plugin - Could not find BIND dn cn=xxx,ou=users,dc=xxx,dc=com (error 32 - No such object)
> [04/Jan/2007:11:13:40 +0100] pam_passthru-plugin - Bind DN [cn=xxx,ou=users,dc=xxx,dc=com] is invalid or not found
> [04/Jan/2007:11:13:40 +0100] pam_passthru-plugin - <= handled (error 32 - No such object)
>
> The message looks strange to me, because bind DN cn=xxx,ou=users,dc=xxx,dc=com exists and I'm able to do bind to it with password stored in Fedora DS.
> So please if you see where I'm wrong or have any ideas, suggestion please help, if I won't be able to solve this, it'll unfortunatey prevent me from deploying Fedora DS :(.
>   
What version of Fedora DS are you using?  1.0.4 should work - earlier 
versions had problems with the ENTRY method.  Can you post your pam 
passthru plugin configuration entry, and an example of your user entry, 
being careful to obscure sensitive information?
> thanks,
>
> .stepan
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070104/1eec4617/attachment.bin
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux