What i was trying to find was some steps on how to configure the redhat client
to authenticate. I think i am having problems with the password because.
If i
1) login as root and then
2) do a "su - ldaptestuser" this works!
i dont need the ldaptestuser password when i su from root.
and everything works fine but i cant change or do anything with the
passwrod.
but if i
1) login as myself (i am not in ldap)
2) su - ldaptestuser
and i get prompted for the password, i get a password incorrect.
I tried the authconfig command on the client and that didnt help.
I must be missing something real simple but it escapes me. I cut and past the password from /etc/shadow into the account profile.
Tony Earnshaw <tonni@billy.demon.nl> wrote:
man, 2003-01-20 kl. 15:40 skrev charld:
> I just got everything installed but I am having problems
> with authentication.
>
> I have a Redhat 7.3 LDAP server running
> openldap-2.0.11
> db-3.2.9
>
> And my clients are Redhat 7.3, Solaris 8 and Solaris 9. I need to get
> the Redhat Clients working first.
>
> When I try to log in with one of the LDAP managed accounts
> on the Redhat client I get ?incorrect password? but if I login
> as root and then su to one of the LDAP managed accounts it
> works fine. I am thinking I have a config problem with one of
> the pam files or something is incorrect with my password settings.
Root is in /etc/passwd, the ldap-based people aren't.
Assuming you have *everything* else configured directly, which is an
awfully big assumption, suspect the login file in /etc/pam.d. I (RH 7.2)
compiled and installed the PADL pam_ldap and nss_ldap modules and in
/usr/share/doc/nss_ldap-189/pam.d I have the correct files for
/etc/pam.d. Goodness knows where they are on standard RH installs, if
anywhere.
*Hint* Always make backups of any pam.d files you play around with, and
always keep a terminal open with a root login, in case anything goes
wrong.
The rest of your stuff looks o.k. at first glance, but I can't really
tell.
Best,
Tony
--
> These are my settings.
>
> Server
> -------
> (acme.ldif)
> dn: dc=acme,dc=com
> objectclass: nisDomainObject
> nisDomain: acme.com
>
> dn: cn=Manager,dc=acme,dc=com
> objectclass: organizationalRole
> cn: Manager
>
> dn: ou=Ethers,dc=acme,dc=com
> objectclass: organizationalUnit
> ou: Ethers
> dn: ou=Group,dc=acme,dc=com
> objectclass: organizationalUnit
> ou: Group
> dn:! ou=Alia ses,dc=acme,dc=com
> objectclass: organizationalUnit
> ou: Aliases
> dn: ou=Netgroup,dc=acme,dc=com
> objectclass: organizationalUnit
> ou: Netgroup
> dn: ou=Networks,dc=acme,dc=com
> objectclass: organizationalUnit
> ou: Networks
> dn: ou=People,dc=acme,dc=com
> objectclass: organizationalUnit
> ou: People
> dn: ou=protocols,dc=acme,dc=com
> objectclass: organizationalUnit
> ou: protocols
> dn: ou=rpc,dc=acme,dc=com
> objectclass: organizationalUnit
> ou: rpc
> dn: ou=Services,dc=acme,dc=com
> objectclass: organizationalUnit
> ou: Services
> dn: ou=Hosts,dc=acme,dc=com
> objectclass: organizationalUnit
> ou: Hosts
> dn: ou=profile,dc=acme,dc=com
> objectclass: organizationalUnit
> ou: profile
>
> acme_account.ldif
> ----------------------
> dn: cn= Ldap Test user,ou=People,dc=acme,dc=com
> objectClass: posixAccount
> objectClass: shadowAAccount
> cn: User
> uid: ldap
> uidNumber: 504
> gidNumber: 1
> homeDirectory: /home/ldap
> userPassword: what goes here MD5 or CRYPT
> loginShell: /bin/bash
> gecos: Test user
> shadowLastChange: 12066
> shadowFlag: 0
>
> on the redhat client
> ---------------------
> have /etc/nsswitch.conf changes
> what has to go in
> /etc/pam.d/login
> /etc/pam.d/passwd
> /ettc/ldap.conf
>
> and is there anything other file I missed? I what to get the
> Redhat part working first and Solaris later.
>
>
>
> Thank You
>
>
>
>
> ______________________________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now
--
Tony Earnshaw
When all's said and done ...
there's nothing left to say or do.
e-post: tonni@billy.de! mon.nlwww: http://www.billy.demon.nl