[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP PAM authentication

To: OPENLDAP <openldap-software@OpenLDAP.org>
Subject: OpenLDAP PAM authentication
From: "Kent L. Nasveschuk" <kent@wareham.k12.ma.us>
Date: 13 Mar 2004 12:09:28 -0500
Organization:

Hello,

I'm trying to get authentication to LDAP working on some Linux boxes.

(4) RedHat 8.0 machines
all run OpenLDAP 2.1.23 ldbm backend
1 is master
3 are slaves

I use LDAP for Samba 3.0 authentication on all machines works fine, no
complaints. I want to move authentication and account info to LDAP. I
have it partially working on the master LDAP server. When a user who
doesn't have a local account, but does have a posix account in LDAP,
logs in using SSH, the home directory is created according to what is in
LDAP. This only work on the master.

The other 3 servers this is the response get when trying to logon from
SSH:

Connection to 172.16.0.15 closed by remote host.
Connection to 172.16.0.15 closed.

If I look at /var/log/secure this is what I get:

Mar 13 11:44:50 hammond2 sshd[13323]: Accepted password for testuser
from 172.16.0.45 port 49207 ssh2
Mar 13 11:44:50 hammond2 sshd[13325]: fatal: PAM session setup
failed[6]: Permission denied

So the password is accepted but that's where it ends.
Config files for slave servers are essentially setup the same as the
master: 

/etc/ldap.conf
/etc/nsswitch.conf
/etc/pam.d/login
/etc/pam.d/system-auth
/etc/pam.d/samba



Any suggestions on where to look?


-- 
Kent L. Nasveschuk <kent@wareham.k12.ma.us>

Follow-Ups:
- Re: OpenLDAP PAM authentication
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: modrdn: deleteoldrdn question
Next by Date: Kerberos schemas
Index(es):
- Chronological
- Thread