I'm attempting to set up OpenSolaris with OpenLDAP and PADL's pam_ldap and nss_ldap clients and I'm having trouble. I've compiled OpenLDAP, nss_ldap, and pam_ldap, and replaced the nss_ldap.so.1 and pam_ldap.so.1 that originally came with OpenSolaris with the compiled versions. I've also configured the nsswitch.conf file, and "getent passwd" returns all of my LDAP accounts, plus "id -a <username>" returns the correct UIDs and group memberships. The issue seems to be with PAM. When I try to log in via SSH, I just get the password prompt repeatedly. Enabling SSH debugging shows the following errors when trying to authenticate an LDAP user: [code] Jun 14 15:02:31 turing-solaris sshd[25345]: [ID 800047 auth.debug] debug1: usera uth-request for user testuser service ssh-connection method keyboard-interactive Jun 14 15:02:31 turing-solaris sshd[25345]: [ID 800047 auth.debug] debug1: attem pt 3 initial attempt 1 failures 3 initial failures 1 Jun 14 15:02:31 turing-solaris sshd[25345]: [ID 800047 auth.debug] debug1: keybo ard-interactive devs Jun 14 15:02:45 turing-solaris sshd[25345]: [ID 800047 auth.debug] debug1: got 1 responses Jun 14 15:02:45 turing-solaris sshd[25345]: [ID 800047 auth.debug] debug1: PAM c onv function returns PAM_SUCCESS Jun 14 15:02:45 turing-solaris sshd[25345]: [ID 219349 auth.debug] pam_unix_auth : user testuser not found Jun 14 15:02:45 turing-solaris sshd[25345]: [ID 800047 auth.info] Keyboard-inter active (PAM) userauth failed[13] while authenticating: No account present for us er Jun 14 15:02:45 turing-solaris sshd[25345]: [ID 800047 auth.notice] Failed keybo ard-interactive for testuser from 192.168.10.70 port 38722 ssh2 Jun 14 15:02:45 turing-solaris sshd[25345]: [ID 800047 auth.debug] debug1: usera uth-request for user testuser service ssh-connection method keyboard-interactive Jun 14 15:02:45 turing-solaris sshd[25345]: [ID 800047 auth.debug] debug1: attem pt 4 initial attempt 2 failures 4 initial failures 2 [/code]
I think the key is the part about "user testuser not found" but I'm not sure why, since NSS seems to work find, and I'm not sure how to fix it. Additionally, if I try to su from a non-root account to my "testuser" account, I get prompted for the password and get a similar error: [code] -bash-3.2$ su - testuser Password: su: Unknown id: testuser [/code] Again, no idea why this is happening - if "id -a testuser" returns the correct output, why can't su see the user?? Any hints, help, point out of obvious mistakes, etc., would be great. I've configured the /etc/pam.conf file per several sets of instructions on how to enable LDAP authentication, and I'll be happy to attach that, if necessary. Thanks - Nick This message posted from opensolaris.org
