LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-20-2006, 12:48 AM   #1
gruessle
Member
 
Registered: Dec 2003
Location: USA
Distribution: Debian
Posts: 40

Rep: Reputation: 15
Question Was working pam_ldap till sasl - what happened?


Hi
I googled all over, read a million howtos, and forum posts - I am out of ideas. Been on this now for over 3 days hope someone will be kind enough to help.

pam_ldap was working before i installed postfix,cyrus & sasl now it doesn't anymore.
I have added a test file with uid and gid of the LDAP-User to a dir but it doesn't resolve, and su LDAP-User doesn't work either.
In syslog I can see that ldap gets searched when I do 'ls -l' on the folder with the test file but nothing gets returned.

"finger LDAP-User" & "getent passwd|grep LDAP-User" returnes the user data via nss_ldap just fine.

(The username has been changed it isn't LDAP-User)
(Running on Debian Sarge - new install)

Trying a ssh login gives me following error:
sshd[5077]: Illegal user LDAP-User from ::ffff:70.118.xxx.xxx
sshd[5077]: (pam_unix) check pass; user unknown
sshd[5077]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.118.70.cfl.res.rr.com
sshd[5077]: error: PAM: Authentication service cannot retrieve authentication info. for illegal user LDAP-User from xxx.xxx.118.70.cfl.res.rr.com
sshd[5077]: Failed keyboard-interactive/pam for illegal user LDAP-User from ::ffff:70.118.xxx.xxx port 34721 ssh2

As you can see according to auth.log it doesn't even seam to try pam_ldap but when I look in to syslog I can see slapd being searched for the user.

My setup is real basic at this point:
#/etc/pam.d/common-auth
auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure try_first_pass

# /etc/pam.d/common-account
account sufficient pam_ldap.so
account required pam_unix.so try_first_pass

# /etc/pam.d/common-password
password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5

#/etc/pam_ldap.conf
host 127.0.0.1
base dc=pzzazz,dc=com
ldap_version 3
#I have added following to avoit LDAP acl conflicts
binddn cn=admin,dc=pzzazz,dc=com
bindpw secretPass
rootbinddn cn=admin,dc=pzzazz,dc=com
pam_password md5

Thank you for even reading this far.

Dennis Kaplan

Last edited by gruessle; 04-20-2006 at 12:55 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Nvidia Drivers Working till Shutdown JayCnrs Linux - Laptop and Netbook 8 07-22-2005 02:19 PM
how to install pam_ldap? mel82 Slackware - Installation 1 02-18-2005 01:21 PM
need help for pam_ldap!!! ahshin Linux - Networking 0 10-08-2003 07:40 PM
PAM_LDAP and eDirectory Trucker Linux - Networking 2 02-25-2003 02:25 AM
pam_ldap with tls and sasl hardigunawan Linux - Networking 3 05-21-2002 08:29 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration