OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Simple Authentication

From: Les Halliday (dayeksjo.se)
Date: Mon Dec 08 2003 - 03:21:38 CST


Hi everyone,

I am using SuSE 8.2 to try and achieve simple authentication against
novell edirectory. getent passwd or getent group only displays
information from local files. ldapsearch -x 'uid=linux29' returns the
correct information stored in edirectory. Entering a edirectory username
but wrong password results in the following in /var/log/messages:-

Dec 8 10:04:31 linux29 login[2063]: pam_unix2: pam_sm_authenticate()
called
Dec 8 10:04:37 linux29 login[2063]: pam_ldap: error trying to bind as
user "cn=Linux29,ou=SER,ou=KLK,o=EK" (Invalid credenti
als)
Dec 8 10:04:37 linux29 login[2063]: pam_unix2: pam_ldap returned 7
Dec 8 10:04:37 linux29 login[2063]: pam_unix2: username=[linux29]
Dec 8 10:04:37 linux29 login[2063]: pam_unix2: pw == NULL, return
PAM_USER_UNKNOWN
Dec 8 10:04:43 linux29 login[2063]: pam_ldap: error trying to bind as
user "cn=Linux29,ou=SER,ou=KLK,o=EK" (Invalid credenti
als)
Dec 8 10:04:43 linux29 login[2063]: FAILED LOGIN 1 FROM /dev/tty4 FOR
UNKNOWN, Authentication failure
Dec 8 10:04:47 linux29 login[2063]: pam_unix2: pam_sm_authenticate()
called

A correct username and password returns:-

Dec 8 10:07:15 linux29 login[2115]: pam_unix2: pam_sm_authenticate()
called
Dec 8 10:07:18 linux29 login[2115]: pam_unix2: pam_ldap returned 0
Dec 8 10:07:18 linux29 login[2115]: pam_unix2: pam_sm_acct_mgmt()
called
Dec 8 10:07:18 linux29 login[2115]: pam_unix2: pam_ldap returned 0
Dec 8 10:07:18 linux29 login[2115]: Failed to look up user 'linux29'.

Only the root account resides on the local machines. I am struggling
bad and do not know what is wrong, probably something stupid. My
pam.d/login file is:-

#%PAM-1.0
auth required /lib/security/pam_env.so debug
#auth sufficient /lib/security/pam_unix.so debug likeauth
nullok
nodelay
auth sufficient /lib/security/pam_unix.so debug nullok
auth sufficient /lib/security/pam_ldap.so debug
auth required /lib/security/pam_deny.so debug

account sufficient /lib/security/pam_unix.so debug
account sufficient /lib/security/pam_ldap.so debug

password required /lib/security/pam_cracklib.so debug
retry=3 minl
en=4 dcredit=0 ucredit=0
password sufficient /lib/security/pam_unix.so debug nullok
md5 shado
w use_authok
password sufficient /lib/security/pam_ldap.so debug
use_authok
password required /lib/security/pam_deny.so debug

session required /lib/security/pam_limits.so debug
session optional /lib/security/pam_unix.so debug
session required /lib/security/pam_mkhomedir.so
skel=/etc/skel/ u
mask=0022
session optional /lib/security/pam_ldap.so debug

Any help appreciated

Les Halliday
Eksjo kommun

_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://www.redhat.com/mailman/listinfo/pam-list