Description of problem: After setting up authentication for ldap using SSL and TLS. I am unable to authenticate and login. getent passwd <user> works, it returns users from the ldap directory. getent group also works in that respect. Version-Release number of selected component (if applicable): 16 beta How reproducible: 100% of the time Steps to Reproduce: 1.set up ldap authentication and attempt to login or even su <ldapuser> when logged in with a local user 2. 3. Actual results: I grabbed these logs while trying to authenticate Nov 1 23:02:22 jupiter polkitd(authority=local): Registered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session4 (system bus name :1.143 [/usr/bin/gnome-shell], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Nov 1 23:02:42 jupiter su: pam_systemd(su-l:session): Failed to parse message: Message has only 3 arguments, but more were expected Nov 1 23:02:42 jupiter su: pam_unix(su-l:session): session opened for user root by test(uid=1000) Nov 1 23:05:45 jupiter su: pam_unix(su:auth): authentication failure; logname=test uid=1000 euid=0 tty=pts/1 ruser=test rhost= user=MJames Nov 1 23:06:01 jupiter su: pam_systemd(su-l:session): Failed to parse message: Message has only 3 arguments, but more were expected Nov 1 23:06:01 jupiter su: pam_unix(su-l:session): session opened for user root by test(uid=1000) Nov 1 23:06:13 jupiter su: pam_unix(su:auth): authentication failure; logname=test uid=1000 euid=0 tty=pts/1 ruser=test rhost= user=MJames Nov 1 23:07:16 jupiter su: pam_unix(su:auth): authentication failure; logname=test uid=1000 euid=0 tty=pts/1 ruser=test rhost= user=MJames Nov 1 23:08:12 jupiter su: pam_systemd(su-l:session): Failed to parse message: Message has only 3 arguments, but more were expected Nov 1 23:08:12 jupiter su: pam_unix(su-l:session): session opened for user root by test(uid=1000) Expected results: successful login Additional info:
It looks like F16 wont let users with a uid lower than 1000 login. This could be problematic if you already have a DS infrastructure loaded with user accounts show uid is lower than 1000. What negative effect will it have if I change all of my users uid in LDAP?
You have a few possibilities here. The easiest one is to call: "authconfig --enablesysnetauth --update" This will enable authentication of users with uid < 1000. Changing the uids of users means that all the files of these users have to be chmoded to the new uids. Another possibility is to change the UID_MIN GID_MIN settings to 500 in the /etc/login.defs and running "authconfig --update". It should change the minimum uid settings in /etc/pam.d/system-auth to 500.