PAM or LDAP problem ?

[Izauddin Mohd Isa <izauddin@magnifix.com.my>]

Hi,

I have a strange problem that I have with one of my server recently. I
upgrade to RedHat 6.2
and move my user into the LDAP server. I upgrade this openldap package
that came with redhat 1.2.7
to openldap 1.2.9. I use pam_ldap for user authentication.

The problem seem to be at the PAM side but when I take out the pam_ldap
authentication module for
/etc/pam.d/login, the problem is gone. The problem is, when a user
telnet to the server, it prompt for login
and password and the user correctly enter both entry, and after that the
connection is lost, with a message
the connection is closed by the server.

This only happen when the remote host / machine that telnetting to the
server did not have a dns entry in the
dns server that the server do name lookup or do not have entry in the
server /etc/hosts file, but if I put an
entry in the server /etc/hosts file the same remote machine can connect
to the server, without any problem

>From the server /var/log/message I got the message : -

-- messages when login from an unknown machine
(the machine do not have dns entry or /etc/hosts file entry at the
server)--

Jun 21 11:08:34 database PAM_pwdb[12059]: (login) session opened for
user demo by (uid=0)
Jun 21 11:08:34 database inetd[561]: pid 12058: exit status 1

-- messages when login from known machine --
(machine which have entry in dns or the server /etc/hosts file)

Jun 21 11:10:08 database PAM_pwdb[12185]: (login) session opened for
user demo by (uid=0).

But if I take out the pam_ldap module form the /etc/pam.d/login for both
the auth & account the remote machine
can connect to the server without any problem. Where is the problem at
PAM level or at LDAP, do LDAP
have access configuration by ip address or do PAM have, and do PAM have
debug log ? coz form the /var/log/message
did not show much.

Thanks in advance for any info / help

Regards
Din