Simple Authentication

"Les Halliday" <day@xxxxxxxx> · Mon, 08 Dec 2003 10:21:38 +0100

Hi everyone,

I am using SuSE 8.2 to try and achieve simple authentication against
novell edirectory. getent passwd or getent group only displays
information from local files. ldapsearch -x 'uid=linux29' returns the
correct information stored in edirectory. Entering a edirectory username
but wrong password results in the following in /var/log/messages:-

Dec  8 10:04:31 linux29 login[2063]: pam_unix2: pam_sm_authenticate()
called
Dec  8 10:04:37 linux29 login[2063]: pam_ldap: error trying to bind as
user "cn=Linux29,ou=SER,ou=KLK,o=EK" (Invalid credenti
als)
Dec  8 10:04:37 linux29 login[2063]: pam_unix2: pam_ldap returned 7
Dec  8 10:04:37 linux29 login[2063]: pam_unix2: username=[linux29]
Dec  8 10:04:37 linux29 login[2063]: pam_unix2: pw == NULL, return
PAM_USER_UNKNOWN
Dec  8 10:04:43 linux29 login[2063]: pam_ldap: error trying to bind as
user "cn=Linux29,ou=SER,ou=KLK,o=EK" (Invalid credenti
als)
Dec  8 10:04:43 linux29 login[2063]: FAILED LOGIN 1 FROM /dev/tty4 FOR
UNKNOWN, Authentication failure
Dec  8 10:04:47 linux29 login[2063]: pam_unix2: pam_sm_authenticate()
called

A correct username and password returns:-

Dec  8 10:07:15 linux29 login[2115]: pam_unix2: pam_sm_authenticate()
called
Dec  8 10:07:18 linux29 login[2115]: pam_unix2: pam_ldap returned 0
Dec  8 10:07:18 linux29 login[2115]: pam_unix2: pam_sm_acct_mgmt()
called
Dec  8 10:07:18 linux29 login[2115]: pam_unix2: pam_ldap returned 0
Dec  8 10:07:18 linux29 login[2115]: Failed to look up user 'linux29'.

Only the root account resides on the local machines.  I am struggling
bad and do not know what is wrong, probably something stupid. My
pam.d/login file is:-

#%PAM-1.0
auth            required        /lib/security/pam_env.so debug
#auth           sufficient      /lib/security/pam_unix.so debug likeauth
nullok
nodelay
auth            sufficient      /lib/security/pam_unix.so debug nullok
auth            sufficient      /lib/security/pam_ldap.so debug
auth            required        /lib/security/pam_deny.so debug

account         sufficient      /lib/security/pam_unix.so debug
account         sufficient      /lib/security/pam_ldap.so debug

password        required        /lib/security/pam_cracklib.so debug
retry=3 minl
en=4 dcredit=0 ucredit=0
password        sufficient      /lib/security/pam_unix.so debug nullok
md5 shado
w use_authok
password        sufficient      /lib/security/pam_ldap.so debug
use_authok
password        required        /lib/security/pam_deny.so debug

session         required        /lib/security/pam_limits.so debug
session         optional        /lib/security/pam_unix.so debug
session         required        /lib/security/pam_mkhomedir.so
skel=/etc/skel/ u
mask=0022
session         optional        /lib/security/pam_ldap.so debug

Any help appreciated

Les Halliday
Eksjo kommun

_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list