FC5 LDAP Authentication Problem[Scanned]

Chris Bradford chrisbradford at cambridge-news.co.uk
Wed Apr 26 10:16:28 UTC 2006


More progress!

New AD users work fine - they can login under FC5.

Unfortunately with over 400 users I need to ensure that old users work.

There is an error message that flashes up on login on tty1, however it
is gone before I can read any of it. 

Hwere would this error be viewable? I've looked in /var/log/messages and
/var/log/secure and cannot see it.

Here is some of the /var/log/secure file:

-----------------------------

Apr 26 10:59:19 linuxclient2 login: pam_unix(login:auth): authentication
failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=
user=testuser12
Apr 26 10:59:19 linuxclient2 login: pam_krb5[3446]: authentication
succeeds for 'testuser12' (testuser12 at CAMBRIDGE.NEWS)
Apr 26 10:59:20 linuxclient2 login: pam_unix(login:session): session
opened for user testuser12 by LOGIN(uid=0)
Apr 26 10:59:21 linuxclient2 login: LOGIN ON tty1 BY testuser12
Apr 26 11:00:16 linuxclient2 login: pam_unix(login:session): session
closed for user testuser12
Apr 26 11:00:23 linuxclient2 login: pam_unix(login:auth): authentication
failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=
user=chrisbradford
Apr 26 11:00:24 linuxclient2 login: pam_krb5[3515]: authentication
succeeds for 'chrisbradford' (chrisbradford at CAMBRIDGE.NEWS)
Apr 26 11:00:35 linuxclient2 login: pam_unix(login:auth): authentication
failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=
user=chrisbradford
Apr 26 11:00:35 linuxclient2 login: pam_krb5[3531]: authentication
succeeds for 'chrisbradford' (chrisbradford at CAMBRIDGE.NEWS)
Apr 26 11:01:59 linuxclient2 login: pam_unix(login:auth): authentication
failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=  user=pat
hills
Apr 26 11:02:00 linuxclient2 login: pam_krb5[3549]: authentication
succeeds for 'pat hills' (pat hills at CAMBRIDGE.NEWS)

------------------------------

As you can see testuser12, a new AD account works fine.

But chrisbradford and pat hills do not.

What would cause this?

Cheers,

Chris
-----Original Message-----
From: fedora-list-bounces at redhat.com
[mailto:fedora-list-bounces at redhat.com] On Behalf Of Chris Bradford
Sent: 26 April 2006 09:30
To: For users of Fedora Core releases
Subject: RE: FC5 LDAP Authentication Problem[Scanned]


I have made some progress with this.

Looking at the var/log/secure file a found that kerberos was not
loading. I have fixed this using authconfig --enablekrb5 --updateall and
configured /etc/krb5.conf with kdc information for our domain.

I also found in the /var/log/secure file:

Apr 26 09:25:04 linuxclient2 login: pam_unix(login:auth): authentication
failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=
user=chrisbradford Apr 26 09:25:04 linuxclient2 login: pam_krb5[2309]:
authentication succeeds for 'chrisbradford'
(chrisbradford at CAMBRIDGE.NEWS)

It seems like pam_ldap is not being called, instead pam_unix is.

I have enabled ldap using authconfig --enableldap --enableldapauth
--updateall and configured /etc/openldap/ldap.conf and /etc/ldap.conf.

Any ideas?

Thanks,

Chris


-----Original Message-----
From: fedora-list-bounces at redhat.com
[mailto:fedora-list-bounces at redhat.com] On Behalf Of Chris Bradford
Sent: 25 April 2006 22:18
To: For users of Fedora Core releases
Subject: RE: FC5 LDAP Authentication Problem[Scanned]


Milos,

I'm putting together a guide at the moment on my web site. A collection
of all the material I have found to date.

Up until recently I was about to publish it as I had FC4 working. Now
with these FC5 problems it'll be a week or so until its complete.

Check it out at http://cb-net.co.uk.

I'll announce it on the front page when its done.

Cheers,

Chris Bradford
Systems Administrator
Cambridge Newspapers


-----Original Message-----
From: fedora-list-bounces at redhat.com on behalf of Safe Life
Sent: Tue 4/25/2006 7:12 PM
To: For users of Fedora Core releases
Subject: Re: FC5 LDAP Authentication Problem[Scanned]
 
Chris,

is there any comprehensive description of FC binding to the W2K3 AD? I
know the AD side, but being "newbie" in the FC environment.

Regards,
Milos

-- 
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list


 



This message has been scanned for viruses by BlackSpider MailControl -
www.blackspider.com

-- 
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list


 




More information about the users mailing list