LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 08-16-2008, 01:32 PM   #1
ludwig
Member
 
Registered: Jun 2002
Location: Orange County, CA
Distribution: Debian (squeeze), kernel 2.6.30-2-amd64
Posts: 32

Rep: Reputation: 15
LDAP Authentication Fails for Non-Root, but works for root


Hi All,

I've been trying to get authentication via ldap working on my home machine so that I can eventually migrate a computer science lab to handle authentication and automounts. So far I haven't had any problem getting slapd to work and populating the database and performing queries. I used the PADL migration tools to import group and passwd information, and I've browsed the database using ldapsearch, ldap-account-manager and luma, everything seems to be intact.

For testing I added a user "tony" to the ldap db, and no such user exists on the local machine. I've read a lot of links on ldap authentication and have setup the pam and nss conf files to handle this. I'm at the point where if I'm logged in as root, I can "su tony" and it works; my prompt reflects the user tony and there's a /home/tony directory created for the ldap account. Also, "getent passwd tony" shows up the ldap passwd entry, whether I'm logged in as root or not.

However, if I'm logged in with my own non-root account and try to login as tony, I get this:

----------
scott@benito:~$ su tony
Password:
su: Authentication failure
scott@benito:~$
----------

What's going on? I'm not doing any sort of encryption that I'm aware of, I'm trying to keep things as simple as possible just to get this thing off the ground. (Although, in the CS lab I'm likely to ramp up this aspect.)

Is there some way to verify the legitimacy of the "tony" password? Can anybody please give me list of things to check? I'm eager to get this working!

Oh, for what it's worth I'm running debian "lenny" with a 2.6.22 kernel.

Thanks very much!
 
Old 08-16-2008, 01:53 PM   #2
sarajevo
Member
 
Registered: Apr 2005
Distribution: Debian, OpenBSD,Fedora,RedHat
Posts: 228
Blog Entries: 1

Rep: Reputation: 31
Quote:
Originally Posted by ludwig View Post
----------
scott@benito:~$ su tony
Password:
su: Authentication failure
scott@benito:~$
----------

What's going on? I'm not doing any sort of encryption that I'm aware of, I'm trying to keep things as simple as possible just to get this thing off the ground. (Although, in the CS lab I'm likely to ramp up this aspect.)

Is there some way to verify the legitimacy of the "tony" password? Can anybody please give me list of things to check? I'm eager to get this working!

Oh, for what it's worth I'm running debian "lenny" with a 2.6.22 kernel.

Thanks very much!
Hi, are you trying to su from same machine where is ldap server or from some another machie over the net. I mean do you log as regular user on some machine and then on that machine do : su tony... if this is case take you should set up files related to ldap authentation ....and pam ,,, nice pam

With regards,
Link : http://www.debian-administration.org/articles/585
 
Old 08-16-2008, 05:53 PM   #3
ludwig
Member
 
Registered: Jun 2002
Location: Orange County, CA
Distribution: Debian (squeeze), kernel 2.6.30-2-amd64
Posts: 32

Original Poster
Rep: Reputation: 15
sarajevo, I have spent way too much time reading links regarding ldap authentication, but the one you provided is hands down the best one I've seen so far!

To answer your question, I've been testing with my ldap server and client on the same machine. I walked through the steps on the site you referenced (changing parameters to match my database) and now it's working! I tried to reproduce the failure by restoring my previous pam common-* files, but it works with the previous versions as well, so I'm afraid at this point I don't know what the problem was.

However, I was using libnss-ldapd and the website indicated using libnss-ldap instead. I purged libnss-ldapd (which removed slapd), then installed libnss-ldap and reinstalled slapd. So perhaps the fix is buried somewhere in the configuration of these two packages... At any rate, thanks a million for the response!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
"su - root" giving incorrect password but normal root login works. ?? arashi256 Linux - Newbie 10 06-03-2010 03:13 AM
CDRom works under /Root, not under non-/root junger Linux - Hardware 6 07-25-2005 07:26 PM
IntelliMouse thumb buttons work as root, broken as non-root user, wheel works always digital vortex Linux - Hardware 7 03-02-2004 04:14 PM
MDK 9.2 IceWM fails to start for users, works for root rabidundead Mandriva 1 02-02-2004 05:13 AM
su works but root login fails? Pcghost Linux - General 2 08-29-2003 08:26 PM


All times are GMT -5. The time now is 01:53 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration