FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 08-25-2011, 03:49 PM
Alfred von Campe
 
Default Help integrating CentOS 6 with existing network login infrastructure

I've updated my kickstart configuration files to work with CentOS 6 and am most of the way there integrating a CentOS 6 system into our LDAP/NIS environment. My authconfig line in the kickstart file is as follows:

authconfig --enablemd5 --passalgo=sha512 --enablenis --nisdomain=XXX --nisserver=nis.XXX.com --useshadow --enablekrb5 --krb5realm=XXX.COM --krb5kdc=ldap.XXX.com --krb5adminserver=ldap.XXX.com

This is virtually identical to the authconfig line I was using in CentOS 5. My issue is that users cannot log in with their network (NIS) usernames and passwords.

If I log in as root, I can do a "su - username" and get the user's automounted home directory with the correct uid/gid, but if I try to log in as the user, or do a "su - username" as a non-root user and have to enter the password, authentication always fails.

The entries in /var/log/secure just say "su: pam_unix(su-l:auth): authentication failure". I'm not a pam expert and don't know how to debug this. Anyone else run into this and/or know what might be the problem? This works just fine in CentOS 5.

Alfred

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-26-2011, 01:18 PM
Steven Crothers
 
Default Help integrating CentOS 6 with existing network login infrastructure

Are they logging in locally or via SSH?

If they are logging in via SSH you can probably increase the verbosity of that and SSH usually has some pretty great messages.

On Thu, Aug 25, 2011 at 11:49 AM, Alfred von Campe <alfred@von-campe.com> wrote:

I've updated my kickstart configuration files to work with CentOS 6 and am most of the way there integrating a CentOS 6 system into our LDAP/NIS environment. *My authconfig line in the kickstart file is as follows:




*authconfig --enablemd5 --passalgo=sha512 --enablenis --nisdomain=XXX --nisserver=nis.XXX.com --useshadow --enablekrb5 --krb5realm=XXX.COM --krb5kdc=ldap.XXX.com --krb5adminserver=ldap.XXX.com




This is virtually identical to the authconfig line I was using in CentOS 5. *My issue is that users cannot log in with their network (NIS) usernames and passwords.



If I log in as root, I can do a "su - username" and get the user's automounted home directory with the correct uid/gid, but if I try to log in as the user, or do a "su - username" as a non-root user and have to enter the password, authentication always fails.




The entries in /var/log/secure just say "su: pam_unix(su-l:auth): authentication failure". *I'm not a pam expert and don't know how to debug this. *Anyone else run into this and/or know what might be the problem? This works just fine in CentOS 5.




Alfred



_______________________________________________

CentOS mailing list

CentOS@centos.org

http://lists.centos.org/mailman/listinfo/centos



--
Steven Crotherssteven.crothers@gmail.com

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-26-2011, 01:26 PM
Alfred von Campe
 
Default Help integrating CentOS 6 with existing network login infrastructure

On Aug 26, 2011, at 9:18, Steven Crothers wrote:Are they logging in locally or via SSH?

Locally. *Remote logins via ssh work just fine as the home directory is auto-mounted and ssh can find its keys.
I think I solved the problem, but am out of the office today to fully test it. *It involved setting the default realm and adding some encryption types to the /etc/krb5.conf file. *What I still don't understand is what has changed in CentOS 6 that causes a kickstarted system not to be able to authenticate users whereas a CentOS 5 system can. *I need to do a few more installs to track down the root cause, and then I'll post an update here.
Alfred
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 03:45 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org