750687 – Cannot login with LDAP credentials

Bug 750687 - Cannot login with LDAP credentials

Summary: Cannot login with LDAP credentials

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	authconfig
Sub Component:
Version:	16
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-11-02 03:23 UTC by Maurice James
Modified:	2011-11-02 07:25 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-11-02 07:25:40 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Maurice James 2011-11-02 03:23:17 UTC

Description of problem:
After setting up authentication for ldap using SSL and TLS. I am unable to authenticate and login. getent passwd <user> works, it returns users from the ldap directory. getent group also works in that respect.

Version-Release number of selected component (if applicable):
16 beta

How reproducible:
100% of the time

Steps to Reproduce:
1.set up ldap authentication and attempt to login or even su <ldapuser> when logged in with a local user
2.
3.
  
Actual results:
I grabbed these logs while trying to authenticate

Nov  1 23:02:22 jupiter polkitd(authority=local): Registered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session4 (system bus name :1.143 [/usr/bin/gnome-shell], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Nov  1 23:02:42 jupiter su: pam_systemd(su-l:session): Failed to parse message: Message has only 3 arguments, but more were expected
Nov  1 23:02:42 jupiter su: pam_unix(su-l:session): session opened for user root by test(uid=1000)
Nov  1 23:05:45 jupiter su: pam_unix(su:auth): authentication failure; logname=test uid=1000 euid=0 tty=pts/1 ruser=test rhost=  user=MJames
Nov  1 23:06:01 jupiter su: pam_systemd(su-l:session): Failed to parse message: Message has only 3 arguments, but more were expected
Nov  1 23:06:01 jupiter su: pam_unix(su-l:session): session opened for user root by test(uid=1000)
Nov  1 23:06:13 jupiter su: pam_unix(su:auth): authentication failure; logname=test uid=1000 euid=0 tty=pts/1 ruser=test rhost=  user=MJames
Nov  1 23:07:16 jupiter su: pam_unix(su:auth): authentication failure; logname=test uid=1000 euid=0 tty=pts/1 ruser=test rhost=  user=MJames
Nov  1 23:08:12 jupiter su: pam_systemd(su-l:session): Failed to parse message: Message has only 3 arguments, but more were expected
Nov  1 23:08:12 jupiter su: pam_unix(su-l:session): session opened for user root by test(uid=1000)

Expected results:
successful login


Additional info:

Comment 1 Maurice James 2011-11-02 04:16:51 UTC

It looks like F16 wont let users with a uid lower than 1000 login. This could be problematic if you already have a DS infrastructure loaded with user accounts show uid is lower than 1000. What negative effect will it have if I change all of my users uid in LDAP?

Comment 2 Tomas Mraz 2011-11-02 07:25:40 UTC

You have a few possibilities here. The easiest one is to call:
"authconfig --enablesysnetauth --update"

This will enable authentication of users with uid < 1000.

Changing the uids of users means that all the files of these users have to be chmoded to the new uids.

Another possibility is to change the UID_MIN GID_MIN settings to 500 in the /etc/login.defs and running "authconfig --update". It should change the minimum uid settings in /etc/pam.d/system-auth to 500.

Note You need to log in before you can comment on or make changes to this bug.