[root@ldap home]# getent passwd | grep example
[root@ldap home]#
[root@ldap home]# cat /etc/nsswitch.conf | grep -v \#
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
[root@ldap home]# cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session optional pam_mkhomedir.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
[root@ldap home]# cat /etc/ldap.conf | grep -v \#
BASE dc=tncionline, dc=net
URI ldap://127.0.0.1
port 389
SIZELIMIT 12
TIMELIMIT 15
DEREF never
timelimit 600
bind_timelimit 600
bind_policy soft
idle_timelimit 3600
nss_initgroups_ignoreusers pserwe,dgates,root,ldap,named,avahi,haldaemon,dbus
base dc=tncionline, dc=net
pam_password md5
Peter
On Wed, Dec 16, 2009 at 12:24 PM, Craig White <craigwhite@xxxxxxxxxxx> wrote:
On Wed, 2009-12-16 at 12:07 -0800, Peter Serwe wrote:----
> Found an ldif user recipe for CentOS5.2..
>
> Added the user "tactest" with the password "tactest".
>
> Dec 16 12:05:30 ldap sshd[11705]pam_unix(sshd:auth): check pass; user
> unknown
> Dec 16 12:05:30 ldap sshd[11705]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ldap
> Dec 16 12:05:30 ldap sshd[11705]: pam_succeed_if(sshd:auth): error
> retrieving information about user tactest
>
> auth still fails.
before you get into authorizations...
does the user show? I think not...
getent passwd |grep tactest
if that's the case, and you want help from the list...
what is in files...
/etc/nsswitch.com
/etc/pam.d/system-auth
/etc/ldap.conf
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
--
Peter Serwe
http://truthlightway.blogspot.com/
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
