Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

LDAP+PAM problems

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
wwexell
Posts: 1
Joined: 2005-10-18 18:37

LDAP+PAM problems

#1 Post by wwexell »

New install of Sarge via debootstrap.

I am trying to set up NSS and PAM to use LDAP. NSS appears to be working but PAM does not.

The LDAP service is up and running, and I can log into other (Gentoo) systems which use this LDAP instance for NSS and PAM. Local use of ldapsearch also works fine and I can bind as any of the users I have set up with the appropriate password.

The ONLY system on my network that is failing to properly use the LDAP service with PAM is the server itself.

Oh, id <username> and getent passwd both return good results. I can also su - <username> with good results. I just can't login via ssh.

Here are the config files. Let me know if you need more.
/etc/ldap.conf, /etc/libnss-ldap.conf, /etc/pam_ldap.conf

Code: Select all

host 192.168.20.3
base dc=heidewexell,dc=net
ldap_version 3
#binddn cn=admin,dc=heidewexell,dc=net
#bindpw dfLK.,.,
pam_password md5
/etc/ldap/slapd.conf

Code: Select all

include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
schemacheck     on
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd.args
loglevel        256
modulepath      /usr/lib/ldap
moduleload      back_bdb
backend         bdb
checkpoint 512 30
database        bdb
suffix          "dc=heidewexell,dc=net"
directory       "/var/lib/ldap"
index           objectClass eq
lastmod         on
access to attrs=userPassword
        by dn="cn=admin,dc=heidewexell,dc=net" write
        by anonymous auth
        by self write
        by * none
access to dn.base="" by * read
access to *
        by dn="cn=admin,dc=heidewexell,dc=net" write
        by * read
/etc/nsswitch.conf

Code: Select all

passwd:         files ldap
group:          files ldap
shadow:                 files ldap

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
/etc/pam.d/common-*

Code: Select all

account    sufficient   pam_ldap.so debug
account    required     pam_unix.so
account    required     pam_access.so

auth    required                pam_env.so
auth    sufficient              pam_ldap.so debug
auth    sufficient              pam_unix.so try_first_pass
auth    required                pam_deny.so

password   required     pam_cracklib.so retry=3
password   sufficient   pam_ldap.so debug
password   sufficient   pam_unix.so debug try_first_pass nullok md5 shadow use_authtok nis
password   required     pam_deny.so

session         required                pam_unix.so
/var/log/auth.log
Oct 18 12:14:31 dorval slapd[30657]: <= bdb_equality_candidates: (uid) index_param failed (18)
Oct 18 12:14:31 dorval slapd[30657]: conn=85 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Oct 18 12:14:31 dorval slapd[30657]: conn=85 op=2 BIND dn="uid=bob,ou=People,dc=heidewexell,dc=net" method=128
Oct 18 12:14:31 dorval slapd[30657]: conn=85 op=2 RESULT tag=97 err=49 text=[/code]
Top
Post Reply

Return to “System and Network configuration”