I am trying to configure my Red Hat AS 4.2 box to authenticate users
using LDAP. More specifically, I only want to verify the user's
password using LDAP, the accounts are local. As far as I can tell then
system is performing the LDAP bind during the login process; using
tcpflow I can see the LDAP information passed to the server.
Unfortunately, I cannot tell what is really going on. Even though I
have 'debug' option enabled in the pam config file, the logs do not
show any pam_ldap activity.
Below is a snippet from the sshd pam config with LDAP:
#LDAP
auth sufficient pam_ldap.so use_first_pass debug
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
...
Originally, I was getting a LDAP bind error in /var/log/messages.
After fixing ldap.conf and verifying the settings using ldapsearch, I no
longer see the error. However, I don't see an specific pam_ldap errors
in any of my logs now.
I have done some searching and found a few news group posts with
some sample logs. It looks like there is a way to enable more verbose
logging:
Dec 8 10:04:43 linux29 login[2063]: pam_ldap: error trying to bind as
user "cn=Linux29,ou=SER,ou=KLK,o=EK" (Invalid credentials)
There is a debug option in ldap.conf, but that just created a log file
with output similar to running ldapsearch with the debugging option.
Hopefully someone can point me to the debugging option so that my logs
are a bit more helpful in troubleshooting this issue.
thanks,
John
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
