[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Help! using openldap to authenticate solaris clients

To: Chuck Theobald <chuckt@darkwing.uoregon.edu>
Subject: RE: Help! using openldap to authenticate solaris clients
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 26 Mar 2004 12:36:44 -0800
Cc: Openldap list <openldap-software@OpenLDAP.org>
In-reply-to: <5.2.0.9.2.20040326114919.0282d038@darkwing.uoregon.edu>
References: <EB9BB050C436604DA09F8C11D7AFB8D3065A19B7@shawmail01.shaw.c a> <5.2.0.9.2.20040326114919.0282d038@darkwing.uoregon.edu>

This doesn't sound like an OpenLDAP-specific problem, but a
problem with configuration of whatever software you are using
on 'cat' to manage logins.  Your questions would be more
appropriate directed to a list support that software.

Note that PADL offers mailing lists for their PAM and NSS LDAP
modules at pamldap@padl.com and nssldap@padl.com, respectively.

Kurt

At 12:10 PM 3/26/2004, Chuck Theobald wrote:
>Hi Robert,
>
>I have authentication to the ldap server working.  My ldap server, dog, is running ldap 2.1.25 with pam_ldap v. 1.65 and nss_ldap v. 2.11.  The config files are reasonably standard (see http://lcni.uoregon.edu/~chuck/ldap-stuff/)
>When I ssh into dog using an account that exists only in the ldap directory, access is granted.
>
>Each LDAP account has an objectClass attribute of posixAccount.  The problem is that with similar config files installed on other machines, but referencing dog as the ldap server, authentication fails, see the log files at the above location.  That is, I try to login to, say cat, with ldap account credentials and it fails.
>
>Thanks for asking,
>Chuck
>
>
>At 09:45 AM 3/25/2004 -0700, you wrote:
>>Chuck
>>
>>I noticed you have gotten openldap to authenticate solaris 8 clients.  I too
>>have tried this and found several issues.  What was your versions of
>>software and procedures that worked for you?
>>
>>
>>Robert Hayne
>>
>>-----Original Message-----
>>From: Chuck Theobald [mailto:chuckt@darkwing.uoregon.edu]
>>Sent: Wednesday, March 24, 2004 6:00 PM
>>To: OpenLDAP-software@OpenLDAP.org
>>Subject: Help! using openldap to authenticate solaris clients
>>
>>
>>Hi,
>>
>>I've got openldap running on a Solaris 8 machine (dog), set up to use
>>nsswitch and pam.  Authentication against the LDAP directory succeeds if I
>>log in directly to this machine, but when trying to log in to another
>>machine (cat) configured to reference dog's LDAP directory, authentication
>>fails.  Observing dog's slapd log shows over a hundred lines being written
>>when logging into dog, but only some 10 or so when trying to log in to
>>cat.  Both dog and cat have essentially similar pam.conf, ldap.conf, and
>>nsswitch.conf files.  I am using PADL's  pam_ldap and nss_ldap modules on
>>both machines.
>>
>>I've been referencing Carter's LDAP System Adminstration book and the Sun
>>blueprints book but neither deal with this kind of utter failure.
>>
>>Any advice?
>>
>>
>>Chuck Theobald
>>Information Technology Consultant
>>The Robert and Beverly Lewis Center for Neuroimaging
>>University of Oregon
>>P: 541-346-0343
>>F: 541-346-0345
>
>Chuck Theobald
>Information Technology Consultant
>The Robert and Beverly Lewis Center for Neuroimaging
>University of Oregon
>P: 541-346-0343
>F: 541-346-0345
>

References:
- RE: Help! using openldap to authenticate solaris clients
  - From: Chuck Theobald <chuckt@darkwing.uoregon.edu>

Prev by Date: RE: Help! using openldap to authenticate solaris clients
Next by Date: RE: Need SASL idiot-proof walkthrough
Index(es):
- Chronological
- Thread