You are not logged in.

Pages: 1

#1 2012-02-20 15:12:24

rexcze
Member
Registered: 2007-05-12
Posts: 54

[SOLVED] Ldap and pam

Hello,

I have problem with LDAP and pam (pam_ldap). We have ldap server which works with Ubuntu client, but on arch there is problem with authentication.

In ldap.conf:

base ou=users,dc=sql,dc=org
uri ldaps://ron.sql.org
ldap_version 3
rootbinddn cn=manager,ou=admin,dc=sql,dc=org
pam_password ssha

in /etc/pam.d/login

#%PAM-1.0
auth		required	pam_securetty.so
auth		requisite	pam_nologin.so
auth            sufficient      pam_ldap.so use_first_pass debug
auth		required	pam_unix.so nullok
auth		required	pam_tally.so onerr=succeed file=/var/log/faillog
# use this to lockout accounts for 10 minutes after 3 failed attempts
#auth		required	pam_tally.so deny=2 unlock_time=600 onerr=succeed file=/var/log/faillog
account         sufficient      pam_ldap.so use_first_pass debug
account		required	pam_access.so
account		required	pam_time.so
account		required	pam_unix.so
#password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
#password	required	pam_unix.so sha512 shadow use_authtok
password	sufficient	pam_ldap.so use_authtok use_first_pass debug
session		required	pam_unix.so
session		sufficient      pam_ldap.so use_first_pass debug
session		required	pam_env.so
session		required	pam_motd.so
session		required	pam_limits.so
session		optional	pam_mail.so dir=/var/spool/mail standard
session		optional	pam_lastlog.so
session		optional	pam_loginuid.so
-session	optional	pam_ck_connector.so nox11
-session	optional	pam_systemd.so

After trying "login" I get this:

Feb 20 16:11:06 myhost login[1515]: pam_securetty(login:auth): access denied: tty 'pts/0' is not secure !
Feb 20 16:11:08 myhost login[1515]: pam_unix(login:auth): check pass; user unknown
Feb 20 16:11:08 myhost login[1515]: pam_unix(login:auth): authentication failure; logname=root uid=0 euid=0 tty=/dev/pts/0 ruser= rhost= 
Feb 20 16:11:08 myhost login[1515]: pam_tally(login:auth): pam_get_uid; no such user
Feb 20 16:11:11 myhost login[1515]: FAILED LOGIN (1) on '/dev/pts/0' FOR 'UNKNOWN', User not known to the underlying authentication module

I tried sshd (with /etc/pam.d/sshd configured) and get this:

Feb 20 16:12:21 myhost sshd[1519]: Invalid user test from 192.168.2.153
Feb 20 16:12:21 myhost sshd[1519]: input_userauth_request: invalid user test [preauth]
Feb 20 16:12:24 myhost sshd[1519]: pam_ldap: error trying to bind as user "uid=test,ou=users,dc=sql,dc=org" (Invalid credentials)
Feb 20 16:12:24 myhost sshd[1519]: pam_unix(sshd:auth): check pass; user unknown
Feb 20 16:12:24 myhost sshd[1519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.153 
Feb 20 16:12:26 myhost sshd[1519]: Failed password for invalid user test from 192.168.2.153 port 58168 ssh2

Please help :-)

Last edited by rexcze (2012-02-20 17:09:49)

Offline

#2 2012-02-20 17:02:36

Damnshock
Member
From: Barcelona
Registered: 2006-09-13
Posts: 414

Re: [SOLVED] Ldap and pam

Before dealing with pam make sure ldap works from your arch machine.

My blog: blog.marcdeop.com
Jabber ID: damnshock@jabber.org

Offline

#3 2012-02-20 17:07:26

rexcze
Member
Registered: 2007-05-12
Posts: 54

Re: [SOLVED] Ldap and pam

Ldap worked. It was my fault, I did not install nss_ldap package :-) Thank you for help!

Offline

Pages: 1

Board footer

Powered by FluxBB