I have not, yet, installel pam_ldap. However, the following entries in /etc/ldap.conf are, I think, trying to use it:
pam_filter objectclass=posixAccount pam_password crypt Looked at http://www.saas.nsw.edu.au/solutions/ldap-auth-pam.html to gather more information. Do you know of other good resources to configure pam? Thanks. ---- Not all who wander are lost. | ---- ___o | [EMAIL PROTECTED] Chuck Keagle | ------- \ <, | Work: (425) 865-1488 Enterprise Servers: HPC | ----- ( )/ ( ) | Cell: (425) 417-3434 > -----Original Message----- > From: Dustin Puryear [mailto:[EMAIL PROTECTED] > Sent: Friday, July 13, 2007 7:02 AM > To: Keagle, Chuck > Cc: ldap@listserver.itd.umich.edu > Subject: Re: [ldap] User Authentication Problems > > Are you trying to use pam_ldap? Is it configured? > > -- > Puryear IT, LLC > Identity Management, Directory Services, Systems Integration > Baton Rouge, LA * 225-706-8414 * http://www.puryear-it.com > > "Best Practices for Managing Linux and UNIX Servers" > http://www.puryear-it.com/pubs/linux-unix-best-practices > > > Chuck Keagle wrote: > > I've set things up the way I think they should be, but when > trying to > > log in as the newly LDAP created user (the first one), it > keeps saying > > invalid user. I must have missed something. First, Last, > d1, d2, & > > d3 are not actual values. Changed them for security. > > > > If I do an "ldapsearch -x -b 'cn=First > > Last,ou=people,dc=d1,dc=d2,dc=d3,dc=com'", ldap > successfully finds the > > user and prints out everything about it. > > > > /etc/openldap/ldap.conf and /etc/openldap/slapd.conf appear to have > > been set up correctly since ldapsearch works. > > > > I added ldap to /etc/nsswitch.conf passwd, shadow, and > group entries > > before files. I did not add db to those entries. > > > > I chkconfig'd on LDAP and saslauthd and started them both. > Originally > > only ldap. No change after adding saslauthd on. > > > > When looking at /var/log/secure, the following come out before > > entering the password when using ssh to log in and getting the > > password prompt (note that I changed IP and username from > their actual > > values for > > security): > > > > Jul 10 16:51:02 denali sshd[32449]: Invalid user xxxxxxx from > > ::ffff:0:0:0:0 Jul 10 23:51:02 denali sshd[32450]: > > input_userauth_request: invalid user xxxxxxx Jul 10 23:51:02 denali > > sshd[32450]: Failed none for invalid user xxxxxxx from > ::ffff:0:0:0:0 > > port 45103 ssh2 Jul 10 23:51:02 denali sshd[32450]: Failed > > gssapi-with-mic for invalid user xxxxxxx from ::ffff:0:0:0:0 port > > 45103 ssh2 Jul 10 23:51:02 denali sshd[32450]: Failed > gssapi-with-mic > > for invalid user xxxxxxx from ::ffff:0:0:0:0 port 45103 ssh2 Jul 10 > > 23:51:02 denali sshd[32450]: Failed publickey for invalid > user xxxxxxx > > from ::ffff:0:0:0:0 port 45103 ssh2 > > > > After trying the password, once, originally set up, these come out: > > > > Jul 10 23:56:36 denali sshd[32456]: Failed publickey for > invalid user > > xxxxxxx from ::ffff:0:0:0:0 port 45122 ssh2 Jul 10 23:56:48 denali > > sshd[32456]: Failed password for invalid user xxxxxxx from > > ::ffff:0:0:0:0 port 45122 ssh2 Jul 10 16:56:48 denali sshd[32455]: > > Failed password for invalid user xxxxxxx from ::ffff:0:0:0:0 port > > 45122 ssh2 > > > > Could someone enlighten me as to what else to look at to determine > > what might be wrong here, or what else to try. > > > > Thanks. > > > > --- > > You are currently subscribed to [EMAIL PROTECTED] as: > > [EMAIL PROTECTED] To unsubscribe send email to > [EMAIL PROTECTED] with the word UNSUBSCRIBE as the > SUBJECT of the message. > > --- You are currently subscribed to [EMAIL PROTECTED] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
