Hi, I'm trying to configure PAM to use LDAP, but none of my tests get any positive result : - ftp : /var/log/message :"protfpd[13557): pc5155.esiee.fr (localhost.localdomain[127.0.0.1]) - user bahlouls (Login falied): Can't find user." - login : i'm immediately logout and i can see in /var/log/message : "PAM_UNIX[13561]: (system-auth) session opened for use bahlouls" - pop : my login/password is refused and i can see in /var/log/message : "ipop3d[13578]; Login failure user=bahlouls domain=(null) host=localhost.localdomain [127.0.0.1]" My server runs a Netscape Directory Server (4.13) under Solaris 8. My clients use OpenLDAP libraries (2.0.7), PAM (0.72) and PAM - LDAP 108 under Mandrake 7.2 If you can help me or send me a "RTFM" link, i would be glad. Regards, Sébastien. PS: - Here follow some important files (there's no /etc/pam.conf) : /********* /etc/ldap.conf ************/ host pc5155d.esiee.fr base o=esiee, c=fr rootbindn cn=Directory Manager port 389 scope sub pam_login_attribute uid pam_lookup_policy yes pam_password crypt nss_base_passwd ou=Personnes,o=esiee,c=fr nss_base_group ou=Personnes,o=esiee,c=fr nss_base_shadow ou=Personnes,o=esiee,c=fr /******** /etc/pam.d/login ************/ #%PAM-1.0 auth required /lib/security/pam_securetty.so auth sufficient /lib/security/pam_ldap.so auth required /lib/security/pam_stack.so service=system-auth account sufficient /lib/security/pam_ldap.so account required /lib/security/pam_stack.so service=system-auth password sufficient /lib/security/pam_ldap.so password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack/sp service=system-auth session optional /lib/security/pam_console.so /*********** /etc/pam.d/ftp ***************/ #%PAM-1.0 auth required /lib/security/pam_ldap.so account required /lib/security/pam_ldap.so password required /lib/security/pam_ldap.so /********* /etc/pam.d/pop ***************/ auth required /lib/security/pam_ldap.so account required /lib/security/pam_ldap.so /********* /etc/nsswitch.conf ***********/ passwd: ldap files shadow: ldap files group: ldap files hosts: files dns Here is nn extract of my LDAP : dn: uid=bahlouls, ou=Personnes, o=esiee, c=fr objectclass: top objectclass: account objectclass: posixAccount objectclass: shadowAccount objectclass: organizationalPerson objectclass: inetOrgPerson uid: bahlouls givenname: Sebastien sn: Bahloul cn: Sebastien Bahloul gecos: Sebastien Bahloul shadowlastchange: 11457 shadowmax: 30 shadowwarning: 7 shadowinactive: 2 homedirectory: /tmp loginshell: /bin/sh gidnumber: 5000 uidnumber: 5000 mail: bahlouls@esiee.fr - /bin/sh is accessible for all users (r-x) - /tmp has the following permissions : "drwxrwxrwt" Sébastien Bahloul ------------------------------------- Eleve ingénieur en quatrième année Téléphone: +33 1 43 04 33 73 Fax: +33 1 45 92 66 99 Email: bahlouls@esiee.fr -------------------------------------
