LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices

Reply
 
LinkBack Search this Thread
Old 04-08-2008, 01:43 PM   #1
boxyzzy
LQ Newbie
 
Registered: Mar 2008
Location: Virginia
Distribution: Red Hat, Ubuntu, OpenSUSE
Posts: 10

Rep: Reputation: 0
LDAP login failure


RHEL Server 5.1 - SELinux permissive

I've implemented LDAP authentication via our campus LDAP directory:
uri ldap://authn.directory.doodah.edu

The problem that I am experiencing is that some, not all, userid logins fail, as shown below.

Failed:
... sshd[24881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=pc19.dept.doodah.edu user=user1
... sshd[24881]: Failed password for user1 from 123.456.78.10 port 2726 ssh2
Worked:
... sshd[25029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=pc19.dept.doodah.edu user=user2
... sshd[25029]: Accepted password for user2 from 123.456.78.10 port 2891 ssh2
... sshd[25029]: pam_unix(sshd:session): session opened for user user2 by (uid=0)

In all cases:
1) "ldapsearch" commands are successful, even those requiring a password.
2) The failing userids can login to another computer in another department utilizing the exact same LDAP methodology.

So, the problem is unique to my system.

I am clueless. I don't know where to begin to diagnose this problem where only some logins fail.

I need help and guidance from your collective wealth of expertise.

Thanks,

Mike
 
Old 04-09-2008, 04:13 PM   #2
boxyzzy
LQ Newbie
 
Registered: Mar 2008
Location: Virginia
Distribution: Red Hat, Ubuntu, OpenSUSE
Posts: 10

Original Poster
Rep: Reputation: 0
Thumbs up

Phew! I "beat it into submission"

LDAP was not the problem.

I discovered that the UID for each failing userid was less than 500.

/etc/pam.d/system-auth-ac introduced by authconfig-5.3.12-2.el5 implements this control. Changing /etc/pam.d/system-auth-ac to lower the value to, in my case, 100 corrects the login problem.

Now, I wonder, what are the ramifications of having/allowing general-puurpose users with UIDs less than the distributed convention of 500?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
want to login with ldap password in windows!! venki Linux - Networking 5 04-02-2007 06:10 AM
ldap+ftp same login?? venki Linux - Newbie 3 03-13-2007 03:23 AM
Ldap login problem matarodi Debian 0 09-11-2005 04:22 AM
HELP NEEDED: Open LDAP Make Test Failure jhotchkiss Linux - Software 0 10-20-2003 11:43 AM
SMB and LDAP Installed Can't Login sm4ck Linux - Networking 2 06-23-2003 10:04 PM


All times are GMT -5. The time now is 12:35 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration