#1
  1. Advisor
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2000
    Location
    Stockholm, Sweden
    Posts
    446
    Rep Power
    15

    Linux PAM OpenLDAP problem[solved]


    I am trying to get my Linux to authenticate against OpenLDAP....

    I've installed OpenLDAP pam_ldap, nss_ldap etc.
    My OpenLDAP-database is pouplated... and there are no
    problems running ldapadd,ldapsearch etc...

    system-auth is configured like this:
    PHP Code:
    auth        required      /lib/security/pam_env.so
    auth        sufficient    
    /lib/security/pam_unix.so likeauth nullok
    auth        sufficient    
    /lib/security/pam_ldap.so use_first_pass
    auth        required      
    /lib/security/pam_deny.so

    account     required      
    /lib/security/pam_unix.so
    account     sufficient    
    /lib/security/pam_ldap.so

    password    required      
    /lib/security/pam_cracklib.so retry=3 type=
    password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5 shadow
    password    sufficient    
    /lib/security/pam_ldap.so use_authtok
    password    required      
    /lib/security/pam_deny.so

    session     required      
    /lib/security/pam_mkhomedir.so skel=/etc/skelumask=0022
    session     required      
    /lib/security/pam_limits.so
    session     required      
    /lib/security/pam_unix.so
    session     optional      
    /lib/security/pam_ldap.so 
    nsswitch.conf looks like this:
    PHP Code:
    passwd:     files ldap
    shadow
    :     files ldap
    group
    :      files ldap 

    I've configured the LDAP -client /etc/ldap.conf
    And when running
    getent passwd
    ...I see the user (test) from my LDAP-database att the end of the list...

    But the problem is when I'm trying to log in as this user (test)
    PHP Code:
    # su - test
    suuser test does not exist 
    It says it doesn't exist... even though getent showed it...

    Any clues..?!
    Last edited by johan; August 18th, 2003 at 05:49 AM.
    - [ If I cant fix it, ask MacGyver... ] -
  2. #2
  3. Advisor
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2000
    Location
    Stockholm, Sweden
    Posts
    446
    Rep Power
    15
    This is not an issue anymore... I solved it..

    The problem was an earlier added user which conflicted with
    the uid. 1000...

    Well, anyway..... It works now..
    - [ If I cant fix it, ask MacGyver... ] -

IMN logo majestic logo threadwatch logo seochat tools logo