RE: Cant authenticate to LDAP domain with Redhat9

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Your ldapsearch and getent look fine.  Do you have anything for
shadow in your nsswitch.conf?

For the pam stuff, start by looking at your system-auth file.
This is how it looks on a RH9 box as configured by authconfig:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so
account     [default=bad success=ok user_unknown=ignore
service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so

password    required      /lib/security/$ISA/pam_cracklib.so retry=3
type=
password    sufficient    /lib/security/$ISA/pam_unix.so nullok
use_authtok md5
shadow
password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_ldap.so

-Steve

-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Steven D. Haughton
Sent: Friday, July 02, 2004 11:01 AM
To: General Red Hat Linux discussion list
Subject: Re: Cant authenticate to LDAP domain with Redhat9

Hi,
Thanks for the clarification.  Those authconfig files were bothering me.
Ok, I did an ldapsearch and getent and they work fine (from what I can 
tell).

Output:

[root@blochee /]# ldapsearch -x -b "dc=ee,dc=ucr,dc=edu" uid=grad-adm
version: 2

#
# filter: uid=grad-adm
# requesting: ALL
#

# grad-adm, People, ee, ucr, edu
dn: uid=grad-adm,ou=People,dc=ee,dc=ucr,dc=edu
uid: grad-adm
cn: Graduate Affairs
sn: Affairs
mail: grad-adm@xxxxxxxxxx
labeledURI: http://www.ee.ucr.edu/~grad-adm
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
loginShell: /bin/bash
uidNumber: 30501
gidNumber: 402
homeDirectory: /home/eemisc/grad-adm
gecos: Graduate Affairs

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
[root@blochee /]# getent passwd grad-adm
grad-adm:x:30501:402:Graduate Affairs:/home/eemisc/grad-adm:/bin/bash

Should I test ldapsearch with  some different commands?
Also I tried logging in on virtual consoles with no luck (only root 
works). = (
You said that if ldapsearch and getent work then I should focus on
pam....
how would I go about testing pam?

Thanks again for all your help.

--
Steven





-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]

  Powered by Linux