You're looking at the right log file. I've been trying to duplicate your problem on a spare machine here and the only way I've been able to do it is if I rename /lib/security/pam_ldap.so. In this case, these are the messages I get: Jul 7 14:53:03 houuc9 sshd(pam_unix)[17393]: check pass; user unknown Jul 7 14:53:03 houuc9 sshd(pam_unix)[17393]: authentication failure; logname= u id=0 euid=0 tty=NODEVssh ruser= rhost=houuc8 Jul 7 14:53:15 houuc9 sshd(pam_unix)[17393]: check pass; user unknown Jul 7 14:53:19 houuc9 sshd(pam_unix)[17393]: check pass; user unknown Jul 7 14:53:22 houuc9 sshd(pam_unix)[17393]: 2 more authentication failures; lo gname= uid=0 euid=0 tty=NODEVssh ruser= rhost=houuc8 I can still do "getent passwd" because I still have /lib/libnss_ldap*, but obviosuly logins are broken. So I'm wondering if this might be the case for you. Do you have /lib/security/pam_ldap.so? And what does "rpm -V nss_ldap" give you? -Steve -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Steven D. Haughton Sent: Wednesday, July 07, 2004 11:45 AM To: General Red Hat Linux discussion list Subject: Re: Cant authenticate to LDAP domain with Redhat9 I added the debug line to my system-auth. It now looks like this: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_ldap.so debug use_first_pass auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so debug password required /lib/security/$ISA/pam_cracklib.so retry=3 type= password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/$ISA/pam_ldap.so debug use_authtok password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session optional /lib/security/$ISA/pam_ldap.so debug This is the messages I get in /var/log/messages when I try logging in: Jul 7 09:37:36 blochee sshd(pam_unix)[19078]: check pass; user unknown Jul 7 09:37:36 blochee sshd(pam_unix)[19078]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=blochee.ee.ucr.edu Jul 7 09:37:52 blochee sshd(pam_unix)[19078]: check pass; user unknown Jul 7 09:38:15 blochee sshd(pam_unix)[19078]: check pass; user unknown Jul 7 09:38:27 blochee sshd(pam_unix)[19078]: 2 more authentication failures; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=blochee.ee.ucr.edu It seems to me that no new information was outputed using the debug command... Am I looking at the right log file? On the machines that work I get this for "getent passwd" and "getent shadow": I picked one user at random cause if I put "getent passwd" the list would be to long. Computers that work in ldap: [root@kona root]# getent shadow pfu pfu:x:::::::0 [root@kona root]# getent passwd pfu pfu:x:15002:403:Peilin Fu:/home/eeres/pfu:/bin/bash Computer that does not work in ldap: [root@blochee root]# getent passwd pfu pfu:x:15002:403:Peilin Fu:/home/eeres/pfu:/bin/bash [root@blochee root]# getent shadow pfu pfu:x:::::::0 They are the same so it looks like it can read the ldap info ok. -- Steven -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
