RE: Problem with solaris & FDS authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

==
well, I decided to turn off the nscd completely, while I'm testing.
==
GT: Pls run nscd, without it LDAP name service may not work, after running nscd, check if "id testdba" shows the expected result, you may add "debug" keyword to all lines in /etc/pam.conf to observe all possible /var/adm/messages for "sshd" processing.
 
GT: You also need to zero into FDS access and errors log files for useful clues, show us some of the access log details if possible.
 
===
I  have them in the ldap.client.file but the default profile looks like this:

# default, profile, composers.foo.com
dn: cn=default,ou=profile,dc=composers,dc=foo,dc=com
defaultSearchBase: dc=composers,dc=foo,dc=com
authenticationMethod: simple
followReferrals: TRUE
bindTimeLimit: 2
profileTTL: 43200
searchTimeLimit: 30
objectClass: top
objectClass: DUAConfigProfile
defaultServerList: 149.85.70.17
credentialLevel: proxy
cn: default
defaultSearchScope: one

Am I missing anything?  I don't have serviceSearchDescriptor but I think it should chain
ou=People+defaultSearchBase, right?
===
GT: Use Fedord Management Console to add the three SSDs into the "default" profile, just right click and edit its properties, add/edit attributes, the bindTimeLimit of 2 seconds is too low, you may want to up it to 10 seconds.
 
serviceSearchDescriptor: passwd: ou=People,dc=composers,dc=foo,dc=com?one
serviceSearchDescriptor: group: ou=group,dc=composers,dc=foo,dc=com?one
serviceSearchDescriptor: shadow: ou=People,dc=composers,dc=foo,dc=com?one
bindTimeLimit: 10
 
GT: Make sure on top of DNS, you have 149.85.70.17 and LDAP Server hostname in `hostname`.`domainname` format in /etc/hosts, there should be an "hosts: files dns" in /etc/nsswitch.conf, it should not be "hosts: ldap"

===
debug1: Next authentication method: publickey
debug1: Trying private key: /.ssh/identity
debug1: Trying private key: /.ssh/id_rsa
debug1: Trying private key: /.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
LDAP Password:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Password:

And notice it's asking me for a separate ldap password.  What's up with that?
===
GT: IIRC "Password:" is the prompting of pam_unix_xxxx.so.1 auth module
"LDAP Password:" is the prompting of pam_ldap.so.1 auth module, when first pass failed, 2nd pass continued.

<<winmail.dat>>

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux