I've enabled compile-time debug flags, to no avail.
I did some troubleshooting for several hours last night and discovered
something interesting -- the LDAP server is responding with a SUCCESS
message to the bind request, but PAM (for whatever reason) is still
denying my login request.
Here's the output of a sniffer capture between the client and the LDAP server:
resultCode: success (0)
The /var/log/auth.log file indicates the following:
==> auth.log <==
Nov 3 06:24:00 firstname.lastname@example.org sshd: error: PAM:
Authentication failure for illegal user tb from 10.9.3.153
Nov 3 06:24:00 email@example.com sshd: Failed
keyboard-interactive/pam for invalid user tb from 10.9.3.153 port
Nov 3 06:24:00 firstname.lastname@example.org sshd:
pam_tally2(sshd:auth): pam_get_uid; no such user
My /etc/pam.d/system-auth file is pretty much verbatim what is listed here:
Also, my /etc/nsswitch.conf file has "files" and "ldap" in the
passwd: files ldap
shadow: files ldap
group: files ldap
Thoughts would be greatly appreciated -- I'm almost there! I just need
to figure out why PAM isn't playing nice with LDAP authentication.
I'm so close I can taste it.
Any thoughts or ideas on how to fix
this would be greatly appreciated.
On Fri, Nov 5, 2010 at 20:06, Ward Poelmans <email@example.com> wrote:
> On Fri, Nov 5, 2010 at 20:46, James <firstname.lastname@example.org> wrote:
>> The logdir is filled with empty files that, in the name of the file,
>> has the pid of the pam process. However, these files are empty and
>> they do not have anything in them.
> Try putting the compile time debugging options on?