Hi, The only significant difference I see between your system_auth and mine is the /$ISA/. Also you have an extra line for pam_ldap.so Well here is my system_auth. Also this is the same system_auth that works on other computers... but I may need to modify it to work for redhat 9? #%PAM-1.0 auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_unix.so likeauth nullok auth sufficient /lib/security/pam_ldap.so use_first_pass auth required /lib/security/pam_deny.so account required /lib/security/pam_unix.so account sufficient /lib/security/pam_ldap.so password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok md5 shadow use_authtok password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so session optional /lib/security/pam_ldap.so Is the $ISA necessary? And how about extra line for pam_ldap.so? I'll give it a shot and see if it makes a difference. Thanks. -- Steven ----- Original Message ----- From: "Rigler, Steve" <SRigler@xxxxxxxxxxxxxxx> To: "General Red Hat Linux discussion list" <redhat-list@xxxxxxxxxx> Sent: Friday, July 02, 2004 1:14 PM Subject: RE: Cant authenticate to LDAP domain with Redhat9 > Your ldapsearch and getent look fine. Do you have anything for > shadow in your nsswitch.conf? > > For the pam stuff, start by looking at your system-auth file. > This is how it looks on a RH9 box as configured by authconfig: > > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > auth required /lib/security/$ISA/pam_env.so > auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok > auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass > auth required /lib/security/$ISA/pam_deny.so > > account required /lib/security/$ISA/pam_unix.so > account [default=bad success=ok user_unknown=ignore > service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so > > password required /lib/security/$ISA/pam_cracklib.so retry=3 > type= > password sufficient /lib/security/$ISA/pam_unix.so nullok > use_authtok md5 > shadow > password sufficient /lib/security/$ISA/pam_ldap.so use_authtok > password required /lib/security/$ISA/pam_deny.so > > session required /lib/security/$ISA/pam_limits.so > session required /lib/security/$ISA/pam_unix.so > session optional /lib/security/$ISA/pam_ldap.so > > -Steve > > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Steven D. Haughton > Sent: Friday, July 02, 2004 11:01 AM > To: General Red Hat Linux discussion list > Subject: Re: Cant authenticate to LDAP domain with Redhat9 > > Hi, > Thanks for the clarification. Those authconfig files were bothering me. > Ok, I did an ldapsearch and getent and they work fine (from what I can > tell). > > Output: > > [root@blochee /]# ldapsearch -x -b "dc=ee,dc=ucr,dc=edu" uid=grad-adm > version: 2 > > # > # filter: uid=grad-adm > # requesting: ALL > # > > # grad-adm, People, ee, ucr, edu > dn: uid=grad-adm,ou=People,dc=ee,dc=ucr,dc=edu > uid: grad-adm > cn: Graduate Affairs > sn: Affairs > mail: grad-adm@xxxxxxxxxx > labeledURI: http://www.ee.ucr.edu/~grad-adm > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: top > objectClass: shadowAccount > loginShell: /bin/bash > uidNumber: 30501 > gidNumber: 402 > homeDirectory: /home/eemisc/grad-adm > gecos: Graduate Affairs > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > [root@blochee /]# getent passwd grad-adm > grad-adm:x:30501:402:Graduate Affairs:/home/eemisc/grad-adm:/bin/bash > > Should I test ldapsearch with some different commands? > Also I tried logging in on virtual consoles with no luck (only root > works). = ( > You said that if ldapsearch and getent work then I should focus on > pam.... > how would I go about testing pam? > > Thanks again for all your help. > > -- > Steven > > > > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
