Was working pam_ldap till sasl - what happened?
Hi
I googled all over, read a million howtos, and forum posts - I am out of ideas. Been on this now for over 3 days hope someone will be kind enough to help.
pam_ldap was working before i installed postfix,cyrus & sasl now it doesn't anymore.
I have added a test file with uid and gid of the LDAP-User to a dir but it doesn't resolve, and su LDAP-User doesn't work either.
In syslog I can see that ldap gets searched when I do 'ls -l' on the folder with the test file but nothing gets returned.
"finger LDAP-User" & "getent passwd|grep LDAP-User" returnes the user data via nss_ldap just fine.
(The username has been changed it isn't LDAP-User)
(Running on Debian Sarge - new install)
Trying a ssh login gives me following error:
sshd[5077]: Illegal user LDAP-User from ::ffff:70.118.xxx.xxx
sshd[5077]: (pam_unix) check pass; user unknown
sshd[5077]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.118.70.cfl.res.rr.com
sshd[5077]: error: PAM: Authentication service cannot retrieve authentication info. for illegal user LDAP-User from xxx.xxx.118.70.cfl.res.rr.com
sshd[5077]: Failed keyboard-interactive/pam for illegal user LDAP-User from ::ffff:70.118.xxx.xxx port 34721 ssh2
As you can see according to auth.log it doesn't even seam to try pam_ldap but when I look in to syslog I can see slapd being searched for the user.
My setup is real basic at this point:
#/etc/pam.d/common-auth
auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure try_first_pass
# /etc/pam.d/common-account
account sufficient pam_ldap.so
account required pam_unix.so try_first_pass
# /etc/pam.d/common-password
password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5
#/etc/pam_ldap.conf
host 127.0.0.1
base dc=pzzazz,dc=com
ldap_version 3
#I have added following to avoit LDAP acl conflicts
binddn cn=admin,dc=pzzazz,dc=com
bindpw secretPass
rootbinddn cn=admin,dc=pzzazz,dc=com
pam_password md5
Thank you for even reading this far.
Dennis Kaplan
Last edited by gruessle; 04-20-2006 at 12:55 AM.
|