On Thu, Apr 10, 2008 at 12:34 PM, Aaron Bliss <abliss(a)brockport.edu> wrote:
Thanks for getting back to me. Here is /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
Ok I see that we have hand changed the above line to:
auth sufficient pam_unix.so likeauth nullok nodelay
..... same lines deleted.
session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
Don't have the above line
Our basic ldap.conf is the following.. I changed the o= and ou=
egrep -v '^$|^[[:space:]]*$|^\#' /etc/ldap.conf
base o=ZiaUniversity,c=US
uri
ldaps://ldap.ziauniversity.edu/
binddn uid=l33tdude,ou=GodsPeeps,o=ZiaUniversity,c=US
bindpw XXXXXXXXXXXX
timelimit 120
bind_timelimit 10
bind_policy soft
idle_timelimit 3600
nss_base_netgroup ou=Dudes,o=University of New Mexico,c=US?one
pam_password md5
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon
ssl on
tls_cacertdir /etc/openldap/cacerts
If you have a 'host ldap.uni.edu' it may try to do a non SSL
connection first and fail and then a SSL one.
Stephen John Smoogen wrote:
On Thu, Apr 10, 2008 at 6:40 AM, Aaron Bliss <abliss(a)brockport.edu> wrote:
Hi everyone,
I have several redhat 4 and 5 machines authenticating successfully against
our ldap servers. I used authconfig to configure the clients and everything
works great, ssh, vsftp, etc. However, for some reason, I always see a log
entry similar to the following in /var/log/secure, even though the login
works;
Apr 10 08:34:27 server1 sshd[30937]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.21.80.195
user=user1
Here is the contents of /etc/nsswitch.conf
cat /etc/nsswitch.conf | grep -v \#
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files ldap
rpc: files
services: files ldap
netgroup: files ldap
publickey: nisplus
automount: files ldap
aliases: files nisplus
I think we will need the contents of /etc/pam.d/system-auth for anyone to
help .
--
Aaron Bliss
Systems Administrator
SUNY Brockport
(585) 395-2417
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"