Bug 750687 - Cannot login with LDAP credentials
Cannot login with LDAP credentials
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: authconfig (Show other bugs)
16
x86_64 Linux
unspecified Severity high
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-11-01 23:23 EDT by Maurice James
Modified: 2011-11-02 03:25 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-11-02 03:25:40 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Maurice James 2011-11-01 23:23:17 EDT
Description of problem:
After setting up authentication for ldap using SSL and TLS. I am unable to authenticate and login. getent passwd <user> works, it returns users from the ldap directory. getent group also works in that respect.

Version-Release number of selected component (if applicable):
16 beta

How reproducible:
100% of the time

Steps to Reproduce:
1.set up ldap authentication and attempt to login or even su <ldapuser> when logged in with a local user
2.
3.
  
Actual results:
I grabbed these logs while trying to authenticate

Nov  1 23:02:22 jupiter polkitd(authority=local): Registered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session4 (system bus name :1.143 [/usr/bin/gnome-shell], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Nov  1 23:02:42 jupiter su: pam_systemd(su-l:session): Failed to parse message: Message has only 3 arguments, but more were expected
Nov  1 23:02:42 jupiter su: pam_unix(su-l:session): session opened for user root by test(uid=1000)
Nov  1 23:05:45 jupiter su: pam_unix(su:auth): authentication failure; logname=test uid=1000 euid=0 tty=pts/1 ruser=test rhost=  user=MJames
Nov  1 23:06:01 jupiter su: pam_systemd(su-l:session): Failed to parse message: Message has only 3 arguments, but more were expected
Nov  1 23:06:01 jupiter su: pam_unix(su-l:session): session opened for user root by test(uid=1000)
Nov  1 23:06:13 jupiter su: pam_unix(su:auth): authentication failure; logname=test uid=1000 euid=0 tty=pts/1 ruser=test rhost=  user=MJames
Nov  1 23:07:16 jupiter su: pam_unix(su:auth): authentication failure; logname=test uid=1000 euid=0 tty=pts/1 ruser=test rhost=  user=MJames
Nov  1 23:08:12 jupiter su: pam_systemd(su-l:session): Failed to parse message: Message has only 3 arguments, but more were expected
Nov  1 23:08:12 jupiter su: pam_unix(su-l:session): session opened for user root by test(uid=1000)

Expected results:
successful login


Additional info:
Comment 1 Maurice James 2011-11-02 00:16:51 EDT
It looks like F16 wont let users with a uid lower than 1000 login. This could be problematic if you already have a DS infrastructure loaded with user accounts show uid is lower than 1000. What negative effect will it have if I change all of my users uid in LDAP?
Comment 2 Tomas Mraz 2011-11-02 03:25:40 EDT
You have a few possibilities here. The easiest one is to call:
"authconfig --enablesysnetauth --update"

This will enable authentication of users with uid < 1000.

Changing the uids of users means that all the files of these users have to be chmoded to the new uids.

Another possibility is to change the UID_MIN GID_MIN settings to 500 in the /etc/login.defs and running "authconfig --update". It should change the minimum uid settings in /etc/pam.d/system-auth to 500.

Note You need to log in before you can comment on or make changes to this bug.