[Date Prev][Date Next] [Chronological] [Thread] [Top]

Authentication Modules / System-Auth



Greetings!

It seems as if my OpenLDAP Server is now up and running, i can
authenticate users against the LDAP Server. However, as soon as
i deactivate the LDAP Server (OpenLDAP 2.0.27-8), i cannot login,
not even with users that are stored in the common Linux files, I
have been told / i have read, that this is a common problem with
PAM frequently discussed here.

I'm currently using some older packages that can be found as RPM's
on the RH9 CD's, server is set up with RH9 in that case of course.
--
OpenLDAP 2.0.27-8
pam-0.75-48
openssl-0.9.7c-3 (installed for gq)
gq-0.7.0.0.beta2.6
--

I logged in as root, shut down the LDAP server, then logged out
and tried to log in again. I also tried to login as an LDAP-only
stored user to see how this would show up in the syslog. Here
it is (The LDAP only user is "testuser"):

/var/log/messages:
------------------------------
login(pam_unix)[3409]: session opened for user root by LOGIN(uid=0)
-- root[3409]: ROOT LOGIN ON tty1
ldap: slapd shutdown succeeded
login(pam_unix)[3409]: session closed for user root
login(pam_unix)[3498]: check pass; user unknown
login(pam_unix)[3498]: authentication failure; logname= uid=0 euid=0
tty=tty1 ruser= rhost=
login(pam_unix)[3498]: could not identify user (from getpwnam(testuser))
login[3498]: pam_ldap: ldap_simple_bind Can't contact LDAP server
------------------------------

/etc/pam.d/system-auth (generated by RH9 authconfig with ldap enabled)
------------------------------
auth    required    /lib/security/$ISA/pam_env.so
auth    sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth    sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
auth    required    /lib/security/$ISA/pam_deny.so

account    required    /lib/security/$ISA/pam_unix.so
account    [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore]    /lib/security/$ISA/pam_ldap.so

password    required    /lib/security/$ISA/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authok md5 shadow
password    sufficient    /lib/security/$ISA/pam_ldap.so use_authok
password    required    /lib/security/$ISA/pam_deny.so

session    required    /lib/security/$ISA/pam_limits.so
session    required    /lib/security/$ISA/pam_unix.so
session    required    /lib/security/$ISA/pam_ldap.so
------------------------------

/etc/pam.d/login:
------------------------------
auth    required    pam_securetty.so
auth    sufficient    pam_stack.so service=system-auth
auth    required    pam_nologin.so
account    required    pam_stack.so service=system-auth
password    required    pam_stack.so service=system-auth
session    required    pam_stack.so service=system-auth
session    optional    pam_console.so
------------------------------

If you need more information, please let me know.

Thanks in advance.

MfG,
Michael Lackner
--
Montanuniversität Leoben
Institut für angewandte Mathematik und Geometrie
Abteilung für Informationstechnologie, IT-Administration
michael.lackner@unileoben.ac.at  |  +43 (0)3842/402-1505
http://www.hardoverclock.com | thrawn@hardoverclock.com