RE: Cant authenticate to LDAP domain with Redhat9

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I wouldn't blame the directory server, but it would be nice to see
logs of what is getting through (ie, what the client is requesting).

The ssh version doesn't really answer why you couldn't log in from
a virtual terminal.  As a matter of fact, the machine I'm testing
this against is a RH9 machine with the 3.5p1 version of openssh.

The log messages aren't particularly informative one way or another.
If it really were using pam_ldap and it were a authentication issue 
you'd see messages like this:

Jul  9 06:24:19 myhost sshd[16305]: pam_ldap: error trying to bind as
user "uid=
joeuser,ou=People,dc=example,dc=com" (Invalid credentials)

-Steve
 

-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Steven
Sent: Thursday, July 08, 2004 10:50 PM
To: General Red Hat Linux discussion list
Subject: Re: Cant authenticate to LDAP domain with Redhat9

Ok, I wanted to check with my boss before messing with the ldap server.
So I
asked him; he said that there is nothing wrong with the server.  He then
proceeded to take a quick look at the "server which is pissing me off"
and
said that in order for pam_ldap.so to work I need ssh 3.7 or higher.

I thought to myself, finally, maybe this is the answer, since I had
openssh
3.5.  Anyways I proceed to install rpms of openssh 3.7.1p2-1 and its
dependencies.  Here is the specifics:

[root@blochee root]# rpm -qa | grep ssh
openssh-askpass-3.7.1p2-1
openssh-3.7.1p2-1
openssh-clients-3.7.1p2-1
openssh-server-3.7.1p2-1
openssh-askpass-gnome-3.7.1p2-1
[root@blochee root]#

I made sure to check my /etc/ssh/ssh_config and my /etc/ssh/sshd_config
and
modified anything that was not correct.  Anyways to my dismay this did
NOT
WORK.  However, my login error does give a new line of information in my
/log/messages file. Here it is:

Jul  8 20:20:57 blochee sshd(pam_unix)[21476]: check pass; user unknown
Jul  8 20:20:57 blochee sshd(pam_unix)[21476]: authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=spidey.ee.ucr.edu
Jul  8 20:20:59 blochee sshd[21474]: error: PAM: Authentication failure
Jul  8 20:21:03 blochee sshd(pam_unix)[21477]: check pass; user unknown
Jul  8 20:21:03 blochee sshd(pam_unix)[21477]: authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=spidey.ee.ucr.edu
Jul  8 20:21:05 blochee sshd[21474]: error: PAM: Authentication failure

What I now get that I did not have before is the line with "error: PAM:
Authentication failure".
If I am understanding this correctly this means that pam_ldap.so is
getting
called now.... Am I correct in my assumption?
This is good because before I update ssh I did not get that error so it
look
like pam-ldap.so was not working at all.
Does this shed any light onto my problem?  Maybe my ssh config files are
not
set correctly?
If you still think I need to look at the ldap server log files I will.

BTW, On the other redhat servers they run with openssh 3.5.1 and they
work......
Thanks for everybodies help on this problem.
--
Steven

----- Original Message ----- 
From: "Rigler, Steve" <SRigler@xxxxxxxxxxxxxxx>
To: "General Red Hat Linux discussion list" <redhat-list@xxxxxxxxxx>
Sent: Thursday, July 08, 2004 4:30 AM
Subject: RE: Cant authenticate to LDAP domain with Redhat9


> Assuming this is OpenLDAP and logging is set to a decent level
> (see the "loglevel" directive in the slapd.conf and read
> "man slapd.conf" to find out what the different loglevels do),
> you can find out where it is doing logging by looking for
> "local4.*" in the /etc/syslog.conf.
>
> Logging might not be turned on.  I usually only turn it on when
> I'm trying to debug a problem (which requires a restart of slapd).
>
> -Steve
>
> -----Original Message-----
> From: redhat-list-bounces@xxxxxxxxxx
> [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Steven
> Sent: Wednesday, July 07, 2004 7:05 PM
> To: General Red Hat Linux discussion list
> Subject: Re: Cant authenticate to LDAP domain with Redhat9
>
> I can log in as root to my ldap server....
> My boss set up the ldap domain so I really have not spent much time in
> that server.
> I looked for the log files, but cannot find them...  The usually
> var/log/messages file is empty.
> Where should I look for some log files pertaining to the ldap info I
> seek?
>
> --
> Steven
>
> Rigler, Steve wrote:
>
> >Do you have access to look at the logs on your directory
> >server?
> >
> >-Steve
> >
> >-----Original Message-----
> >From: redhat-list-bounces@xxxxxxxxxx on behalf of Steven
> >Sent: Wed 7/7/2004 5:02 PM
> >To: General Red Hat Linux discussion list
> >Subject: Re: Cant authenticate to LDAP domain with Redhat9
> >
> >Hi,
> >
> >No I have not tried rpm -V pam, but here is the output:
> >
> >[root@blochee root]# rpm -V pam
> >S.5....T c /etc/pam.d/system-auth
> >[root@blochee root]#
> >
> >Any thoughts on my problem... It is driving me up the wall.
> >
> >--
> >Steven
> >
> >
> >
> >
> >
>
>
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
>
>
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list




-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux