LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-29-2003, 06:11 AM   #1
abrb220
Member
 
Registered: Jul 2003
Location: Roodepoort South Africa
Distribution: Redhat / Suse
Posts: 39

Rep: Reputation: 15
pam and ldap authentication problem


Hi am trying to validate a user against a ldap directory with a small pam
enabled application.

If I use "pam_unix.so" in the pam config file for the app
the users authenticates fine.On the other hand if I use
"pam_ldap.so" the authentication fails.

The pam log file records :

pam_ldap: error trying to bind as user "uid=abrb220,ou=People,dc=ldap268"
(Insufficient access)

I think I have set up the ldap directory correctly but are really unsure
about how to put the passwords in.
Here is a the entry of a user in the ldif file used to add it.

----------------------------------------------------------------

dn: uid=abrb220,ou=People,dc=ldap268
uid: abrb220
cn: Rodney
sn: Rodney
mail: abrb220@ldap268.com
mailRoutingAddress: abrb220@ldap268.com
mailHost: ldap268.com
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: account
objectClass: posixAccount
objectClass: top
userPassword: {crypt}x
loginShell: /bin/bash
uidNumber: 500
gidNumber: 500
homeDirectory: /home/abrb220
gecos: Rodney

---------------------------------------------------------------


The other config files :


/etc/ldap.conf :

------------------------------------------------------------------
# Your LDAP server. Must be resolvable without using LDAP.

# The distinguished name of the search base.
HOST 127.0.0.1
BASE dc=ldap268

pam_login_attribute uid
ldap_version 3
rootbinddn cn=admin,dc=ldap268

------------------------------------------------------------------
/etc/openldap/slapd.conf

------------------------------------------------------------------

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/misc.schema

database ldbm
suffix "dc=ldap268"
rootdn "cn=admin, dc=ldap268"
rootpw {MD5}X03MO1qnZdYdgyfeuILPmQ==
#rootpw secret
directory /var/lib/ldap
loglevel 296
password-hash {md5}

access to * by *
------------------------------------------------------------------

The apps pam file in /etc/pam.d :

------------------------------------------------------------------
#%PAM-1.0
auth required pam_warn.so
auth required pam_ldap.so

------------------------------------------------------------------


thanks
 
Old 10-08-2003, 06:01 AM   #2
bogo
LQ Newbie
 
Registered: Oct 2003
Posts: 1

Rep: Reputation: 0
edit your pam.d-files

Hi,

first try the following command to verify you can potentially access your server: ldapsearch -x -b "dc=ldap268" "(objectclass=*)"
If you see some output, i.e. your directory-objects the client to server connection is ok. What concerns me more is you pam.conf file. Does it really look like this or are that only the first two lines? You have to edit it in any case if you want to login:
* forget pam.conf, there hasn't to be anything in it
* your pam_ldap.conf should at least consist of these lines:

host [YOUR SERVERS IP]
base dc=ldap268
uri ldap://[YOUR SERVERS IP]/
ldap_version 3
scope sub
timelimit 30
pam_login_attribute uid
pam_member_attribute memberUid
pam_password exop
sslno

more information about that syntax at www.padl.com

To successfully login edit the files in /etc/pam.d (example passwd) like this

password sufficient pam_ldap.so obscure min=4
password required pam_unix.so nullok obscure min=4

you should now be able to login at the console.

If you don't know how to create passwords by hand:
perl -e 'print crypt('YOUR_PASS','TWO_CHARACTER_SALT'),"\n"'

cut and paste it like {crypt}YOUR_PASS_HASH into your ldif.
 
Old 07-31-2005, 03:49 PM   #3
fortezza
Member
 
Registered: Mar 2003
Location: Colorado
Distribution: Fedora Core 4
Posts: 297

Rep: Reputation: 30
Did this fix the problem?

Just wondering, I am having the same problem authenticating with Fedora Directory Server.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
pam ldap limit authentication hassan2 Suse/Novell 0 08-01-2005 06:03 PM
PAM/Kerberos authentication problem hmartin216 Linux - Security 2 03-11-2005 09:28 PM
ldap authentication problem fitz9948 Linux - Networking 0 10-26-2004 02:44 PM
Failing to log into ssh via ldap auth. Pam Problem? cehlers Linux - Security 1 10-10-2004 07:55 AM
Squid PAM authentication and LDAP redmat Linux - Newbie 1 09-03-2004 07:22 PM


All times are GMT -5. The time now is 08:34 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration