Red Hat Bugzilla – Bug 141611
Cannot login with nss_ldap, getent works correctly
Last modified: 2007-11-30 17:10:56 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Description of problem: I have set up a fresh installation of FC3, running authconfig and them modifying /etc/ldap.conf with the correct paramaters (binddn and bindpw). The setup is identical to other fc2 hosts which function corretly. When I try to login at the console with a user from ldap, it simply says "System error" and clears the screen. Nothing is logged to /var/log/messages, and there is a message of similar effect in /var/log/secure ('login: System error') If i run `getent passwwd <username>` it displays the correct information, indicating there is no problem with the connection to the server. I am also able to `touch test; chown <username> test`, where <username> is a user present in the ldap directory, and this does not cause an error. One other thing I noticed is that if I try `su <username>` as root the output is 'su: incorrect password'. Version-Release number of selected component (if applicable): nss_ldap-220-3 How reproducible: Always Steps to Reproduce: 1. Install FC3 x86_64 on compatible hardware 2. Run authconfig and specify the correct settings for LDAP 3. Try to login through any mechanism (login, ssh etc) Actual Results: When logging in with login, it displays 'System error'. Expected Results: Should be given a login shell. Additional info: Output of `getent passwd testuser`: testuser:$1$9huu78tyguiHH65fIOgh78/:10028:1002:User, Test: /home/testuser:/bin/bash
Can you please test the rpm package from Fedora Core development tree if that works?
I installed nss_ldap-226-2.x86_64 and the login now works correctly.
I have a similar problem. Login and getent works with pam_ldap in non-ssl more. I switch to ssl and I can execute a getent but su - username does not work. It retrurns "incorrect password". I grabbed the rpm from teh development tree and tested that. Neither getent or su work in ssl mode, but do in non-ssl mode. Any suggestions?
Add this to /etc/syslog.conf local4.* /var/log/ldap restart syslog and ldap and check /var/log/ldap for debug messages
Fedora Core 3 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC5 updates or in the FC6 test release, reopen and change the version to match. Thank you!
Closing per lack of response to previous request for information. This bug was originally filed against a much earlier version of Fedora Core, and significant changes have taken place since the last version for which this bug is confirmed. Note that FC3 and FC4 are supported by Fedora Legacy for security fixes only. Please install a still supported version and retest. If it still occurs on FC5 or FC6, please reopen and assign to the correct version. Otherwise, if this a security issue, please change the product to Fedora Legacy. Thanks, and we are sorry that we did not get to this bug earlier.