Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Hi Read the bold for a quick view. I asked this question also over at the Networking forum but didn't get a reaply. I googled all over, read a million howtos, and forum posts - I am out of ideas. Been on this now for over 3 days hope someone will be kind enough to help.
pam_ldap was working before i installed postfix,cyrus & sasl now it doesn't anymore.
I have added a test file with uid and gid of the LDAP-User to a dir but it doesn't resolve, and su LDAP-User doesn't work either.
In syslog I can see that ldap gets searched when I do 'ls -l' on the folder with the test file but nothing gets returned.
"finger LDAP-User" & "getent passwd|grep LDAP-User" returnes the user data via nss_ldap just fine.
(The username has been changed it isn't LDAP-User)
(Running on Debian Sarge - new install)
Trying a ssh login gives me following error:
sshd: Illegal user LDAP-User from ::ffff:70.118.xxx.xxx
sshd: (pam_unix) check pass; user unknown
sshd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.118.70.cfl.res.rr.com
sshd: error: PAM: Authentication service cannot retrieve authentication info. for illegal user LDAP-User from xxx.xxx.118.70.cfl.res.rr.com
sshd: Failed keyboard-interactive/pam for illegal user LDAP-User from ::ffff:70.118.xxx.xxx port 34721 ssh2
As you can see according to auth.log it doesn't even seam to try pam_ldap but when I look in to syslog I can see slapd being searched for the user.
My setup is real basic at this point:
auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure try_first_pass
I actually figured it out. 4 days on this. Well you know how it is.
I created a new user with phpldapadmin and that one was working.
Then I exported and compared the two users ldif files.
The difference was that the user which didn't work din't have the objectClass as last entry.
So I cut and pasted following from somewhere 3th or 4th place from bottom all the way down to the end and it worked.
Thank you anyway. Hope one with the same problem finds this before spending 4 days on it.