Bug 176211

Summary: Unable to authenticate using to LDAP using Pam (such ssh)
Product: [Retired] 389 Reporter: Colin Tan <colintan>
Component: Directory ServerAssignee: Rich Megginson <rmeggins>
Status: CLOSED NOTABUG QA Contact: Orla Hegarty <ohegarty>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.0CC: ohegarty
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-01-23 22:29:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Colin Tan 2005-12-20 09:40:45 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

Description of problem:
Using information from the Howto:PAM configuration, I get en error in /var/log/messages from pam_unix on authentication failure. I am able to login from
the console or website. Crucial information is missing as to what the pam_password settings should be in the ldap.conf and how the server settings to enable this to work are.

I have tried with a null password and this doesn't work. (By clearing the passwd in the field)

I know this is a configuration problem but I just can't get enough debug info the try to understand it (setting pam_unix debug doesn't work) I am using FC-4

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Follow PAM Howto
2.SSH into server with LDAP only account
3.
  

Actual Results:  Login fails

Expected Results:  Able to Login

Additional info:
Comment 1 Colin Tan 2005-12-20 09:41:41 UTC 
Can't figure out where slpad.conf on Directory Server
Comment 2 Rich Megginson 2005-12-20 15:11:00 UTC 
There is no slapd.conf on Directory Server.  Configuration of Fedora Directory
Server is completely different than OpenLDAP.  The main configuration file for
Fedora DS is /opt/fedora-ds/slapd-yourhost/config/dse.ldif.  Be warned that if
you edit this file while the server is running, your changes will be lost. 
Server configuration should be done via the console or by using ldapmodify under
cn=config.  If you must edit the file, be sure to stop the server first.  If the
server fails to start or crashes after you make your change, you can revert to
dse.ldif.bak or dse.ldif.startOK or even dse_original.ldif if none of those work.
Comment 3 Rich Megginson 2005-12-20 15:23:32 UTC 
I'm not really sure what the problem is.  You should post a question to
fedora-directory-users - there are some PAM/ssh experts there who
should be able to assist you.  You will first have to go to
http://directory.fedora.redhat.com/wiki/Mailing_Lists
and follow the directions to sign up for fedora-directory-users before you will
be able to post and read your replies.
Comment 4 Chandrasekar Kannan 2008-08-11 23:43:35 UTC 
Bug already CLOSED. setting screened+ flag