So it has the line "password sufficient /lib/security/pam_ldap.so use_authtok".
This is my system-auth file now:
#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so
password required /lib/security/$ISA/pam_cracklib.so retry=3 type=
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session optional /lib/security/$ISA/pam_ldap.so session optional /lib/security/$ISA/pam_ldap.so
Yet, I still can not log on as any users, only as root.
I am going to add the debug command to end of each line and see if that sheds any light on the problem.
-- Steven
Faehl, Chris wrote:
You don't reference ldap in your system-auth file. From the archives: #%PAM-1.0
auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_unix.so likeauth nullok auth sufficient /lib/security/pam_ldap.so use_first_pass auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so account sufficient /lib/security/pam_ldap.so
password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok md5 shadow use_authtok password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so session optional /lib/security/pam_ldap.so
Add a line under "password sufficient /lib/security/pam_unix.so ..." that says: password sufficient /lib/security/pam_ldap.so use_authtok
-- Chris Faehl Hosting Manager, RightNow Technologies
-----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Faehl, Chris Sent: Wednesday, July 07, 2004 8:45 AM To: General Red Hat Linux discussion list Subject: RE: Cant authenticate to LDAP domain with Redhat9
Steven,
Your file looks good (works on my test box). Thinking...
-- Chris Faehl Hosting Manager, RightNow Technologies
-----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of shaughto@xxxxxxxxxx Sent: Tuesday, July 06, 2004 9:52 PM To: General Red Hat Linux discussion list Subject: Re: Cant authenticate to LDAP domain with Redhat9
Hi, thanks for the reply.
Here is my /etc/pam.d/sshd:
#%PAM-1.0 auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session required pam_limits.so session optional pam_console.so
See it points to system-auth so it should work fine, correct? Please let me know if that looks right. Also I do not have a sshd.040706 file. Thanks for your help.
-- Steven
The problem's /etc/pam.d/sshd.
cp /etc/pam.d/sshd /etc/pam.d/sshd.040706 && cp /etc/pam.d/system-auth /etc/pam.d/sshd
Problem should then be fixed (I burned several days on this - RedHat's docs could use some revision).
-- Chris Faehl Hosting Manager, RightNow Technologies
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
