pam ldap nss_ldap

gregory_laroche at yahoo.fr (gregory LAROCHE) · Wed, 6 Feb 2008 20:53:52 +0100 (CET)

I have a problem with ldap authentification and pam,
that generate an error message like:
pam_unix(vsftpd:auth): authentication failure
pam_unix(sshd:auth): authentication failure
Did I need attributs for my users or something else ?

/etc/pam.d/vsftpd
auth       required     pam_listfile.so item=user
sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
auth       required     pam_shells.so
auth       include      system-auth

/etc/pam.d/system-auth
auth        required      pam_env.so
### if the next lign is commented, I could not
authenticate "myuser" by ftp or ssh, to the machine
through ldap directory server
#auth        sufficient    pam_unix.so nullok
try_first_pass
### if the lign before is not commented, I could auth,
to the machine through ldap but with the error
message, shown below
auth        requisite     pam_succeed_if.so uid >= 500
quiet
auth        sufficient    pam_ldap.so use_first_pass
auth        required      pam_deny.so

# error messages in /var/log/secure
pam_unix(vsftpd:auth): authentication failure
pam_unix(sshd:auth): authentication failure

# ldap entries
dn: uid=myuser,ou=people,dc=mydomain,dc=com
givenName: myuser
sn: myuser
mail: myuser.myuser at mydomain.com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: shadowaccount
objectClass: posixAccount
objectClass: account
objectClass: authorizedserviceobject
uid: myuser
cn: myuser myuser
uidNumber: 521
gidNumber: 521
homeDirectory: /tmp
loginShell: /bin/bash
host: myhost.mydomain.com
authorizedService: vsftpd
authorizedService: sshd
shadowLastChange: 13313
shadowMax: 99999
shadowWarning: 7
userPassword: {SSHA}yOhxgKxfjdkjfkdmjfkmdsjf298*x$==
nsuniqueid: 8fd56b01-1dd211b2-8724ac3a-e0940000
parentid: 4
entryid: 82
entrydn: uid=myuser,ou=people,dc=mydomain,dc=com
hassubordinates: FALSE
numsubordinates: 0
subschemasubentry: cn=schema

dn:
cn=myuser+gidnumber=521,ou=Groups,dc=mydomain,dc=com
cn: myuser
gidNumber: 521
objectClass: top
objectClass: posixgroup
nsuniqueid: d75bf701-1dd111b2-8725ac3a-e0940000
parentid: 3
entryid: 83
entrydn:
cn=myuser+gidnumber=521,ou=groups,dc=mydomain,dc=com
hassubordinates: FALSE
numsubordinates: 0
subschemasubentry: cn=schema

# config PAM : fedora core 5
# FDS 1.1 : fedora core 7
## -- Thanks you

      _____________________________________________________________________________ 
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail http://mail.yahoo.fr