176211 – Unable to authenticate using to LDAP using Pam (such ssh)

Bug 176211 - Unable to authenticate using to LDAP using Pam (such ssh)

Summary: Unable to authenticate using to LDAP using Pam (such ssh)

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	389
Classification:	Retired
Component:	Directory Server
Sub Component:
Version:	1.0
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Rich Megginson
QA Contact:	Orla Hegarty
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-12-20 09:40 UTC by Colin Tan
Modified:	2008-08-11 23:43 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2006-01-23 22:29:40 UTC
Embargoed:

Attachments	(Terms of Use)

Description Colin Tan 2005-12-20 09:40:45 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

Description of problem:
Using information from the Howto:PAM configuration, I get en error in /var/log/messages from pam_unix on authentication failure. I am able to login from
the console or website. Crucial information is missing as to what the pam_password settings should be in the ldap.conf and how the server settings to enable this to work are.

I have tried with a null password and this doesn't work. (By clearing the passwd in the field)

I know this is a configuration problem but I just can't get enough debug info the try to understand it (setting pam_unix debug doesn't work) I am using FC-4

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Follow PAM Howto
2.SSH into server with LDAP only account
3.
  

Actual Results:  Login fails

Expected Results:  Able to Login

Additional info:

Comment 1 Colin Tan 2005-12-20 09:41:41 UTC

Can't figure out where slpad.conf on Directory Server

Comment 2 Rich Megginson 2005-12-20 15:11:00 UTC

There is no slapd.conf on Directory Server.  Configuration of Fedora Directory
Server is completely different than OpenLDAP.  The main configuration file for
Fedora DS is /opt/fedora-ds/slapd-yourhost/config/dse.ldif.  Be warned that if
you edit this file while the server is running, your changes will be lost. 
Server configuration should be done via the console or by using ldapmodify under
cn=config.  If you must edit the file, be sure to stop the server first.  If the
server fails to start or crashes after you make your change, you can revert to
dse.ldif.bak or dse.ldif.startOK or even dse_original.ldif if none of those work.

Comment 3 Rich Megginson 2005-12-20 15:23:32 UTC

I'm not really sure what the problem is.  You should post a question to
fedora-directory-users - there are some PAM/ssh experts there who
should be able to assist you.  You will first have to go to
http://directory.fedora.redhat.com/wiki/Mailing_Lists
and follow the directions to sign up for fedora-directory-users before you will
be able to post and read your replies.

Comment 4 Chandrasekar Kannan 2008-08-11 23:43:35 UTC

Bug already CLOSED. setting screened+ flag

Note You need to log in before you can comment on or make changes to this bug.