[Date Prev][Date Next] [Chronological] [Thread] [Top]

Weird NSS/PAM Problem

To: OpenLDAP-software@OpenLDAP.org
Subject: Weird NSS/PAM Problem
From: Marius Stepien <marius@linuxgamer.de>
Date: Sun, 31 Mar 2002 22:11:43 +0200
Content-disposition: inline
User-agent: Mutt/1.3.28i

Hello !

I have some trouble here to get OpenLDAP running correctly together with
NSS/PAM Authentification. I tried everything I could imagine, looked
through many mailinglist archives and read all docu I was able to find, but
the problem still remains. ARGH ;)


I migrated the Login Authentification on my system to OpenLDAP
(2.0.23), /etc/shadow,passwd,groups were removed, all data ist now stored
in LDAP.
The login is done with NSS_LDAP and PAM_LDAP and it works, the system
reads the data correctly out of the LDAP database and every user is able
to login on his account.

But still, the openldap server writes some strange error messages to
SYSLOG. For example, when user root logs in, the following message appears
in the log:

----------------------------------------------------------------------
Mar 30 16:28:58 [login] pam_ldap: error trying to bind as user "cn=root,
ou=sysusers, ou=sysaccounts, dc=hailstorm, dc=linuxgamer, c=de" (Invalid
credentials)
Mar 30 16:28:58 [login] ROOT LOGIN  on `tty2'
----------------------------------------------------------------------


As you can see, the login was succesful, although pam_ldap reports an
error...

What could be the error ? Are my ACLŽs wrong ?

Here are my config files:


############ /etc/ldap.conf ################
host localhost
base dc=hailstorm,dc=linuxgamer,c=de
ldap_version 3

binddn cn=root,dc=hailstorm,dc=linuxgamer,c=de
bindpw wonttellya ;) 	# it is the correct root password
rootbinddn cn=root,dc=hailstorm,dc=linuxgamer,c=de
# /etc/ldap.secret also contains the root password

port 389

pam_password exop


############ /etc/openldap/slapd.conf ################
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include		/etc/openldap/schema/misc.schema

pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args
replogfile     /var/log/Openldap/current

directory       /var/db/openldap
backend ldbm

database ldbm
suffix "dc=hailstorm,dc=linuxgamer,c=de"
rootdn "cn=root,dc=hailstorm,dc=linuxgamer,c=de"
rootpw wonttellya ;)

cachesize       1000
dbcachesize     100000
dbnolocking

index   objectClass     eq

access to attr=userPassword
	by dn="cn=root,dc=hailstorm,dc=linuxgamer,c=de" write
	by self write
	by anonymous auth
	by * none
access to *
	by dn="cn=root,dc=hailstorm,dc=linuxgamer,c=de" write
	by self write
	by * read


#################### /etc/pam.d/login ######################
auth            sufficient      /lib/security/pam_ldap.so
auth            required        /lib/security/pam_unix.so try_first_pass
shadow md5
account         sufficient      /lib/security/pam_ldap.so
account         required        /lib/security/pam_unix.so try_first_pass
shadow md5
password        sufficient      /lib/security/pam_ldap.so
password        required        /lib/security/pam_unix.so shadow md5
session         sufficient      /lib/security/pam_ldap.so
session         required        /lib/security/pam_unix.so



Thank you very much for your help !!!


-- 
    __    _ ____  __  _ __  __ #--------------------#
   / /   (_) __ \/ / / /\ \/ / |   Marius Stepien   |
  / /___/ / / / / /_/ / /   /  |marius@linuxgamer.de|
 /_____/_/_/ /_/\____/ /_/\_\  #--------------------#

Prev by Date: Something wrong with colon in attributetype (fwd)
Next by Date: Re: Something wrong with colon in attributetype (fwd)
Index(es):
- Chronological
- Thread