-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All: having problems getting libpam-ldap to authenticate users. libnss-ldap does exactly fine when running the same base -- but PAM will not. Moreso, I get the following errors when I try to login to the box by ssh or on the console (ssh errors below):
Nov 29 10:26:33 ldaptest0 sshd[4421]: Illegal user mclauson from ::ffff:69.145.252.167 Nov 29 10:26:33 ldaptest0 sshd[4421]: Failed none for illegal user mclauson from ::ffff:69.145.252.167 port 2413 ssh2 Nov 29 10:26:38 ldaptest0 sshd[4421]: pam_ldap: error trying to bind as user "uid=mclauson,dc=advserv,dc=bresnan,dc=com" (Invalid credentials) Nov 29 10:26:38 ldaptest0 sshd[4421]: (pam_unix) check pass; user unknown Nov 29 10:26:38 ldaptest0 sshd[4421]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host-69-145-252-167.bln-mt.client.bresnan.net Nov 29 10:26:40 ldaptest0 sshd[4421]: error: PAM: Permission denied for illegal user mclauson from host-69-145-252-167.bln-mt.client.bresnan.net Nov 29 10:26:40 ldaptest0 sshd[4421]: Failed keyboard-interactive/pam for illegal user mclauson from ::ffff:69.145.252.167 port 2413 ssh2 Config files below -- suggestions? pam_ldap.conf/libnss-ldap.conf (same file): host 127.0.0.1 base dc=advserv,dc=example,dc=com ldap_version 3 #binddn cn=nssuser,dc=advserv,dc=example,dc=com #bindpw password rootbinddn cn=admin,dc=advserv,dc=example,dc=com #timelimit 30 #bind_timelimit 30 #bind_policy hard #idle_timelimit 3600 #pam_filter objectclass=account #pam_login_attribute uid #pam_lookup_policy yes #pam_check_host_attr yes #pam_check_service_attr yes #pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com #pam_member_attribute uniquemember #pam_min_uid 0 #pam_max_uid 0 #pam_login_attribute userPrincipalName #pam_template_login_attribute uid #pam_template_login nobody pam_password exop #pam_password_prohibit_message Please visit http://internal to change your password. #ssl start_tls #ssl on #tls_checkpeer yes #tls_cacertfile /etc/ssl/ca.cert #tls_cacertdir /etc/ssl/certs #tls_randfile /var/run/egd-pool #tls_ciphers TLSv1 #tls_cert #tls_key #sasl_secprops maxssf=0 #krb5_ccname FILE:/etc/.ldapcache #pam_sasl_mech DIGEST-MD5 # end pam_ldap.conf /etc/pam.d/common-auth: auth sufficient pam_ldap.so try_first_pass ignore_unknown_user auth sufficient pam_unix.so try_first_pass nullok_secure #end common-auth /etc/pam.d/common-account: auth sufficient pam_ldap.so ignore_unknown_user auth sufficient pam_unix.so #end common-account /etc/pam.d/common-session: auth sufficient pam_ldap.so ignore_unknown_user auth sufficient pam_unix.so #end common-session - --mec -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: GnuPT 2.7.2 Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDjJAzvDNtj3aXDYkRAmYYAJwJT44syfTXVByXBLheGg5R6JKJMgCfadmf 1TgcKogjVysg/29ivMAN2GI= =nQDb -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
