On Thu, Apr 10, 2008 at 12:34 PM, Aaron Bliss <abliss at brockport.edu> wrote: > > Thanks for getting back to me. Here is /etc/pam.d/system-auth > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > auth required pam_env.so > auth sufficient pam_unix.so nullok try_first_pass Ok I see that we have hand changed the above line to: auth sufficient pam_unix.so likeauth nullok nodelay ..... same lines deleted. > > session required pam_mkhomedir.so skel=/etc/skel/ umask=0077 Don't have the above line Our basic ldap.conf is the following.. I changed the o= and ou= egrep -v '^$|^[[:space:]]*$|^\#' /etc/ldap.conf base o=ZiaUniversity,c=US uri ldaps://ldap.ziauniversity.edu/ binddn uid=l33tdude,ou=GodsPeeps,o=ZiaUniversity,c=US bindpw XXXXXXXXXXXX timelimit 120 bind_timelimit 10 bind_policy soft idle_timelimit 3600 nss_base_netgroup ou=Dudes,o=University of New Mexico,c=US?one pam_password md5 nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon ssl on tls_cacertdir /etc/openldap/cacerts If you have a 'host ldap.uni.edu' it may try to do a non SSL connection first and fail and then a SSL one. > > > Stephen John Smoogen wrote: > On Thu, Apr 10, 2008 at 6:40 AM, Aaron Bliss <abliss at brockport.edu> wrote: > > > Hi everyone, > I have several redhat 4 and 5 machines authenticating successfully against > our ldap servers. I used authconfig to configure the clients and everything > works great, ssh, vsftp, etc. However, for some reason, I always see a log > entry similar to the following in /var/log/secure, even though the login > works; > Apr 10 08:34:27 server1 sshd[30937]: pam_unix(sshd:auth): authentication > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.21.80.195 > user=user1 > > Here is the contents of /etc/nsswitch.conf > cat /etc/nsswitch.conf | grep -v \# > > passwd: files ldap > shadow: files ldap > group: files ldap > hosts: files dns > bootparams: nisplus [NOTFOUND=return] files > ethers: files > netmasks: files > networks: files > protocols: files ldap > rpc: files > services: files ldap > netgroup: files ldap > publickey: nisplus > automount: files ldap > aliases: files nisplus > > > I think we will need the contents of /etc/pam.d/system-auth for anyone to > help . > > > > > > -- > Aaron Bliss > Systems Administrator > SUNY Brockport > (585) 395-2417 > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- Stephen J Smoogen. -- CSIRT/Linux System Administrator How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice"
