On Tue, 2009-08-25 at 11:28 -0500, Brandon Perkins wrote: > So, this doesn't look right to me, I'd expect something more along the > lines of: > > #%PAM-1.0 > auth required pam_env.so > auth sufficient pam_ldap.so no_user_check > auth required pam_deny.so > account required pam_ldap.so no_user_check > > Notice the 'no_user_check's. My PAM is a bit rusty, so I don't recall > exactly what this does. But comparing against all known working > configurations against LDAP I see, this is the thing that stands-out > for > me. There is also the outside chance (that if this is a 64-bit box) > that the path to the library needs to be pre-pended with: > > /lib64/security/
I can't imagine that this is necessary... since none of the other PAM config files include it... and it doesn't yell at me about them being missing. > So its more like: > > #%PAM-1.0 > auth required /lib64/security/pam_env.so > auth sufficient /lib64/security/pam_ldap.so > no_user_check > auth required /lib64/security/pam_deny.so > account required /lib64/security/pam_ldap.so > no_user_check When I use "no_user_check" in my config... I see the following error in /var/log/messages: Aug 25 11:36:20 apptest-507 java: illegal option no_user_check > You should also take a look at /var/log/tomcat/catalina.out when > trying > to log into the Web interface with this user to see if there is > anything > interesting being reported at the Satellite level. The tomcat error that came out of this was: # tail -n 0 -f /var/log/tomcat5/catalina.out 2009-08-25 11:34:27,291 [TP-Processor5] WARN com.redhat.rhn.domain.user.legacy.LegacyRhnUserImpl - PAM login for user User <myuser> (id 21, org_id 1) failed with error Authentication failure. > Good luck! > Brandon Thanks... any thoughts on where to go from here? I can't seem to get any verbose logging from PAM... despite appending "debug" to the pam_ldap.so lines. -- Andy Speagle "THE Student" - UCATS Wichita State University
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list