FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 11-05-2010, 06:46 PM
James
 
Default ldap client authentication

Yes, I have both of these options enabled:

logdir <somedir>
debug 256

The logdir is filled with empty files that, in the name of the file,
has the pid of the pam process. However, these files are empty and
they do not have anything in them.

Thoughts?

-james

On Fri, Nov 5, 2010 at 12:49, Ward Poelmans <wpoely86@gmail.com> wrote:
> On Fri, Nov 5, 2010 at 17:41, James <jtp@nc.rr.com> wrote:
>> It seems that the LDAP is failing to work, as well, in CentOS 5 --
>> same ldap.conf file that (a) fails in Gentoo, and (b) works in Ubuntu.
>>
>> What's the best way to star troubleshooting this from a PAM perspective?
>>
>> I have a debug line set at the bottom of the ldap.conf file, but that
>> doesn't seem to be giving me enough information. Also, I've set
>> 'debug' at the end of every line in my /etc/pam.d/system-auth file, to
>> no avail. Nothing is showing up in /var/log/debug -- PAM indicates
>> that the 'debug' keyword sends messages to syslog for processing.
>
> adding the debug keyword to the pam module doesn't do anything but in ldap.conf:
> logdir <directory>
> * *Specifies the directory used for logging by the LDAP client
> library. This feature is not supported by all client libraries.
> debug <level>
> * *Specifies the debug level used for logging by the LDAP client
> library. This feature is not supported by all client libraries, and
> does not apply to the nss_ldap and pam_ldap modules themselves
> (debugging, if any, is configured separately and usually at compile
> time).
>
> Ward
>
>
 
Old 11-05-2010, 07:06 PM
Ward Poelmans
 
Default ldap client authentication

On Fri, Nov 5, 2010 at 20:46, James <jtp@nc.rr.com> wrote:
> The logdir is filled with empty files that, in the name of the file,
> has the pid of the pam process. However, these files are empty and
> they do not have anything in them.
>
> Thoughts?

Try putting the compile time debugging options on?

Ward
 
Old 11-07-2010, 08:59 PM
James
 
Default ldap client authentication

I've enabled compile-time debug flags, to no avail.

I did some troubleshooting for several hours last night and discovered
something interesting -- the LDAP server is responding with a SUCCESS
message to the bind request, but PAM (for whatever reason) is still
denying my login request.

Here's the output of a sniffer capture between the client and the LDAP server:

bindResponse
resultCode: success (0)

The /var/log/auth.log file indicates the following:

==> auth.log <==
Nov 3 06:24:00 s_dgram@auth.whatever.com sshd[11393]: error: PAM:
Authentication failure for illegal user tb from 10.9.3.153
Nov 3 06:24:00 s_dgram@auth.whatever.com sshd[11393]: Failed
keyboard-interactive/pam for invalid user tb from 10.9.3.153 port
56665 ssh2
Nov 3 06:24:00 s_dgram@auth.whatever.com sshd[11396]:
pam_tally2(sshd:auth): pam_get_uid; no such user


My /etc/pam.d/system-auth file is pretty much verbatim what is listed here:

http://www.gentoo.org/doc/en/ldap-howto.xml

Also, my /etc/nsswitch.conf file has "files" and "ldap" in the
appropriate places.

passwd: files ldap
shadow: files ldap
group: files ldap

Thoughts would be greatly appreciated -- I'm almost there! I just need
to figure out why PAM isn't playing nice with LDAP authentication.

-james

I'm so close I can taste it. Any thoughts or ideas on how to fix
this would be greatly appreciated.


On Fri, Nov 5, 2010 at 20:06, Ward Poelmans <wpoely86@gmail.com> wrote:
> On Fri, Nov 5, 2010 at 20:46, James <jtp@nc.rr.com> wrote:
>> The logdir is filled with empty files that, in the name of the file,
>> has the pid of the pam process. However, these files are empty and
>> they do not have anything in them.
>>
>> Thoughts?
>
> Try putting the compile time debugging options on?
>
> Ward
 

Thread Tools




All times are GMT. The time now is 04:53 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org