[Date Prev][Date Next] [Chronological] [Thread] [Top]

beginner question: authentication via pam_ldap does not work

I'm new to ldap and I just installed via rpm the client tools pam_ldap
and nss_ldap to do user authentification. The rpm packages are included
in my linux distribution.
I use Suse Linux with kernel 2.2.19 and the rpm manager gives me as
version number for pam_ldap 105-31 and for nss_ldap 150-15.
I don't get it working and I have no idea, where to begin to search. How
can I find out, if pam_ldap is really used for authentification and if
it gets anything from the ldap server?
I had a look at /var/log/messages, but I could not find anything related
to pam_ldap.

In the meantime I tried to search with "ldapsearch -x -b o=hs-harz -h
fasan.fh-harz.de uid=97" and I got an answer from the ldap server with
the entries for this user.

Is there an option in ldap.conf to use simple authentication like
"ldapsearch -x" ?

Something about my configuration:

pam_ldap.so resides in /lib/security

My /etc/pam.d/login:

auth     required       pam_securetty.so
auth     required       pam_nologin.so
auth     sufficient     pam_ldap.so
auth     required       pam_unix.so       nullok try_first_pass
account  sufficient     pam_ldap.so
account  required       pam_unix.so
password required       pam_pwcheck.so    nullok
password required       pam_ldap.so       use_first_pass use_authok
password required       pam_unix.so       nullok use_first_pass
session  required       pam_unix.so       none # debug or trace
session  required       pam_limits.so
session  required       pam_env.so
session  optional       pam_mail.so

my /etc/nsswitch.conf:
passwd: files ldap
shadow: files ldap
group:  files ldap
hosts:          files dns
networks:       files dns
services:       files
protocols:      files
rpc:            files
ethers:         files
netmasks:       files
netgroup:       files
publickey:      files
my /etc/ldap.conf: (only the not commented lines)
host fasan.fh-harz.de
base o=hs-harz
ldap_version 2
port 389
scope base
pam_filter objectclass=posixaccount
pam_login_attribute uid
ssl no