Has anyone used the Sun pam_ldap in Solaris 9?
I can't get it to work with their in.ftpd (actually the wu-ftpd
behiond a Sunscreen).
Here's my pam.conf:
ftp auth requisite pam_authtok_get.so.1 debug
ftp auth required pam_dhkeys.so.1 debug
ftp auth required pam_ldap.so.1 debug
ftp account requisite pam_roles.so.1
ftp account required pam_projects.so.1
ftp account required pam_ldap.so.1
ftp session required pam_ldap.so.1
ftp password required pam_dhkeys.so.1
ftp password requisite pam_authtok_get.so.1
ftp password requisite pam_authtok_check.so.1
ftp password required pam_authtok_store.so.1
(I copied the "other" and replaced the pam_unix*.so with pam_ldap).
Here's my ldap entry (don't worry, nothing secret -- test entry):
dn: uid=gary,ou=People,dc=support,dc=Ulticom,dc=com
loginShell: /bin/ksh
sn: Algier
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixaccount
cn: Gary Algier
givenName: Gary
uid: gary
ou: Information Technologies
uidNumber: 402
gidNumber: 1102
gecos: Gary Algier
homeDirectory: /private/gary
l: Mt. Laurel
roomNumber: 1020 K-8
userPassword:: e2NyeXB0fWUxcE9aY1l6WjkvdS4=
My syslog shows (after adding debug as a severity):
Aug 8 15:37:05 eye ftpd[1449]: [ID 745051 auth.debug] PAM[1449]: pam_authenticate(5e698, 1): error No account present for user
I even wrote a simple "pamtest" executable and got:
% ./pamtest ftp gary howell
pamtest: pam error: No account present for user
What does it mean "No account"?
The regular mechanisms for defining users seems to be working ok as
the logins program finds me:
% logins -xol gary
gary:402::1102:Gary Algier:/private/gary:/bin/ksh:LK:010170:0:0:0
I have successfully used the pam_ldap_ntlm module with Solaris 8, but
I have a Solaris 9 system that I need to use the vendor supplied tools.
Can anyone shed some light?
--
Gary Algier, WB2FWZ gaa at ulticom.com +1 856 787 2758
Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033
