Red Hat Bugzilla – Bug 176211
Unable to authenticate using to LDAP using Pam (such ssh)
Last modified: 2008-08-11 19:43:35 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Description of problem:
Using information from the Howto:PAM configuration, I get en error in /var/log/messages from pam_unix on authentication failure. I am able to login from
the console or website. Crucial information is missing as to what the pam_password settings should be in the ldap.conf and how the server settings to enable this to work are.
I have tried with a null password and this doesn't work. (By clearing the passwd in the field)
I know this is a configuration problem but I just can't get enough debug info the try to understand it (setting pam_unix debug doesn't work) I am using FC-4
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Follow PAM Howto
2.SSH into server with LDAP only account
Actual Results: Login fails
Expected Results: Able to Login
Can't figure out where slpad.conf on Directory Server
There is no slapd.conf on Directory Server. Configuration of Fedora Directory
Server is completely different than OpenLDAP. The main configuration file for
Fedora DS is /opt/fedora-ds/slapd-yourhost/config/dse.ldif. Be warned that if
you edit this file while the server is running, your changes will be lost.
Server configuration should be done via the console or by using ldapmodify under
cn=config. If you must edit the file, be sure to stop the server first. If the
server fails to start or crashes after you make your change, you can revert to
dse.ldif.bak or dse.ldif.startOK or even dse_original.ldif if none of those work.
I'm not really sure what the problem is. You should post a question to
firstname.lastname@example.org - there are some PAM/ssh experts there who
should be able to assist you. You will first have to go to
and follow the directions to sign up for fedora-directory-users before you will
be able to post and read your replies.
Bug already CLOSED. setting screened+ flag