[Date Prev][Date Next] [Chronological] [Thread] [Top]

Redhat 7.2 ldap authentication takes two logins

To: openldap-software@OpenLDAP.org
Subject: Redhat 7.2 ldap authentication takes two logins
From: Barry Wright <barry@atlas.otago.ac.nz>
Date: Fri, 14 Dec 2001 15:58:38 +1300 (NZDT)

Hi,
   Has anybody on the list upgraded to Redhat 7.2 and had problems with
ldap and TLS. Apologies if this is related to TLS rather than openldap, I
don't know where the source of the problem lies.

I have ldap authentication using TLS working with RedHat 7.1 kernel
2.4.3-12 (openldap 2.0.11-8, openssh 2.5.2p2-5, nss_ldap 149-4, openssl
0.9.6-9) on a 800MHz 686.

When upgrade or new install a client to 7.2 kernel 2.4.7-10 (openldap
2.0.11-13, openssh 2.9p2-12, openssl 0.9.6b-8) it takes two logins before
it will authenticate to either 7.2 or 7.1 server, the logins do not need
to be the same user. However an existing 7.1 client will ldap authenticate
to the 7.2 server.

Two login problem apparent after upgrading openldap. Removing TLS 
requirement fixes problem but password is now clear text.

Client snip from /var/log/messages
client1 login(pam_unix)[16514]: check pass; user unknown
client1 login(pam_unix)[16514]: authentication failure; logname= uid=0
euid=0 tty=tty1 ruser= rhost=
client1 login[16514]: pam_ldap: ldap_start_tls_s Connect error
client1 login[16514]: FAILED LOGIN 1 FROM (null) FOR sastaff,
Authentication failure
client1 login(pam_unix)[16514]: check pass; user unknown
client1 login(pam_unix)[16514]: session opened for user sastaff by (uid=0)
client1  -- sastaff[16514]: LOGIN ON tty1 BY sastaff

Regards
Barry Wright

Prev by Date: Authentication Problems
Next by Date: Connection Pool(binded connection) for ldap server
Index(es):
- Chronological
- Thread