To troublshoot PAM issue, you may add "debug" keyword at the end of
every or selected lines of /etc/pam.conf, and /var/adm/messages should
show more messages.
To troubleshoot SSH Server, you may start sshd with "-d" (debfufg)
option (Interactive Mode Only), or use "ssh -v testdba@localhost" at the
SSH Client (-v means verbose mode).
You may use the sample pam.conf from
http://docs.sun.com/app/docs/doc/816-4556/6maort2te?a=view, do comment
out all the "pam_unix_cred.so.1" lines as they are meant for Solaris10.
Gary
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Igor
Sent: Tuesday, August 30, 2005 4:30 AM
To: General discussion list for the Fedora Directory server project.
Subject: [Fedora-directory-users] Problem with solaris & FDS
authentication
Hi, guys. I finally got the solaris box to talk to the FDS (thank you
all for your
help).
I'm now having a problem where I can't telnet/ssh from another machine.
On the client, I have this:
bash-2.03# ldaplist -l passwd testdba
dn: uid=testdba,ou=People, dc=composers,dc=foo,dc=com
givenName: oracle
sn: user
loginShell: /bin/bash
uidNumber: 10001
gidNumber: 7000
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
objectClass: shadowaccount
uid: testdba
cn: oracle user
homeDirectory: /home/testdba
bash-2.03#
The ACIs (in addition to the default ones):
Bind Password:
dc=composers,dc=foo,dc=com
aci=(targetattr =
"cn||uid||uidNumber||gidNumber||homeDirectory||shadowLastChange||shadowM
in||shadowMax||shadowWarning|
|shadowInactive||shadowExpire||shadowFlag||memberUid"
)(version 3.0; acl LDAP_Naming_Services_deny_write_access;deny (write)
userdn = "ldap:
///self";)
aci=(target="ldap:///dc=composers,dc=foo,dc=com")(targetattr="userPasswo
rd")(version 3.0;
acl LDAP_Naming_Services_proxy_password_read; allow (compare,search)
userdn = "
ldap:///cn=proxyagent,ou=profile,dc=composers,dc=foo,dc=com";)
There's nothing in the /var/adm/messages. My pam.conf [snipped] is
this:
# login service (explicit because of pam_dial_auth)
#
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth sufficient pam_unix_auth.so.1
login auth required pam_ldap.so.1 try_first_pass
login auth required pam_dial_auth.so.1
#ssh
sshd auth sufficient /usr/lib/security/pam_ldap.so.1
sshd auth required /usr/lib/security/pam_unix.so.1 use_first_pass
---
The userPassword field is not displayed when I do ldaplist. Is that
normal? Even when I
do this:
/usr/bin/ldapsearch -D
"cn=proxyagent,ou=profile,dc=composers,dc=foo,dc=com" -h
cnyitlin02 -b dc=composers,dc=foo,dc=com objectclass=\*
uid=testdba,ou=People, dc=composers,dc=foo,dc=com
givenName=oracle
sn=user
loginShell=/bin/bash
uidNumber=10001
gidNumber=7000
objectClass=top
objectClass=person
objectClass=organizationalPerson
objectClass=inetorgperson
objectClass=posixAccount
objectClass=shadowaccount
uid=testdba
cn=oracle user
homeDirectory=/home/testdba
How can I go about troubleshooting this?
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users