Bug 750687

Summary: Cannot login with LDAP credentials
Product: [Fedora] Fedora Reporter: Maurice James <midnightsteel>
Component: authconfigAssignee: Tomas Mraz <tmraz>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 16CC: tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-11-02 07:25:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Maurice James 2011-11-02 03:23:17 UTC 
Description of problem:
After setting up authentication for ldap using SSL and TLS. I am unable to authenticate and login. getent passwd <user> works, it returns users from the ldap directory. getent group also works in that respect.

Version-Release number of selected component (if applicable):
16 beta

How reproducible:
100% of the time

Steps to Reproduce:
1.set up ldap authentication and attempt to login or even su <ldapuser> when logged in with a local user
2.
3.
  
Actual results:
I grabbed these logs while trying to authenticate

Nov  1 23:02:22 jupiter polkitd(authority=local): Registered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session4 (system bus name :1.143 [/usr/bin/gnome-shell], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Nov  1 23:02:42 jupiter su: pam_systemd(su-l:session): Failed to parse message: Message has only 3 arguments, but more were expected
Nov  1 23:02:42 jupiter su: pam_unix(su-l:session): session opened for user root by test(uid=1000)
Nov  1 23:05:45 jupiter su: pam_unix(su:auth): authentication failure; logname=test uid=1000 euid=0 tty=pts/1 ruser=test rhost=  user=MJames
Nov  1 23:06:01 jupiter su: pam_systemd(su-l:session): Failed to parse message: Message has only 3 arguments, but more were expected
Nov  1 23:06:01 jupiter su: pam_unix(su-l:session): session opened for user root by test(uid=1000)
Nov  1 23:06:13 jupiter su: pam_unix(su:auth): authentication failure; logname=test uid=1000 euid=0 tty=pts/1 ruser=test rhost=  user=MJames
Nov  1 23:07:16 jupiter su: pam_unix(su:auth): authentication failure; logname=test uid=1000 euid=0 tty=pts/1 ruser=test rhost=  user=MJames
Nov  1 23:08:12 jupiter su: pam_systemd(su-l:session): Failed to parse message: Message has only 3 arguments, but more were expected
Nov  1 23:08:12 jupiter su: pam_unix(su-l:session): session opened for user root by test(uid=1000)

Expected results:
successful login


Additional info:
Comment 1 Maurice James 2011-11-02 04:16:51 UTC 
It looks like F16 wont let users with a uid lower than 1000 login. This could be problematic if you already have a DS infrastructure loaded with user accounts show uid is lower than 1000. What negative effect will it have if I change all of my users uid in LDAP?
Comment 2 Tomas Mraz 2011-11-02 07:25:40 UTC 
You have a few possibilities here. The easiest one is to call:
"authconfig --enablesysnetauth --update"

This will enable authentication of users with uid < 1000.

Changing the uids of users means that all the files of these users have to be chmoded to the new uids.

Another possibility is to change the UID_MIN GID_MIN settings to 500 in the /etc/login.defs and running "authconfig --update". It should change the minimum uid settings in /etc/pam.d/system-auth to 500.