97676 – GDM LDAP User Authentication Fails

Bug 97676 - GDM LDAP User Authentication Fails

Summary: GDM LDAP User Authentication Fails

Keywords:
Status:	CLOSED DUPLICATE of bug 51352
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	openldap
Sub Component:
Version:	9
Hardware:	All
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	---
Assignee:	Havoc Pennington
QA Contact:	Mike McLean
Docs Contact:
URL:
Whiteboard:
Depends On:	51352
Blocks:	97675
TreeView+	depends on / blocked

Reported:	2003-06-19 04:39 UTC by Gabriel Donnell
Modified:	2007-03-27 04:07 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2003-06-19 08:38:19 UTC
Embargoed:

Attachments	(Terms of Use)
/var/log/messages (2.79 KB, text/plain) 2003-06-19 04:43 UTC, Gabriel Donnell	no flags	Details
View All

Description Gabriel Donnell 2003-06-19 04:39:58 UTC

Description of problem:
GDM authentication fails for LDAP user log in sessions.

Version-Release number of selected component (if applicable):
2.4.1.3-5

How reproducible:
Always

Steps to Reproduce:
1. Configure a Red Hat Linux 9.0 LDAP server:
https://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-ldap-quickstart.html
2. Configure a Red Hat Linux 9.0 LDAP client:
https://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-ldap-pam.html
3. If no user accounts were added to the LDAP database with the migration tools,
   then added a test user account.
4. Create a local home directory for the LDAP user on the LDAP client host.
5. Confirm there is no local account for the LDAP user on the LDAP client host.
6. Log in without GDM (su, ssh, a tty login screen, etc) to confirm it works.
7. Log in with GDM login window to verify failure.

Actual results:
User log in error message.

Expected results:
Log in to GDM session with LDAP user account.

Additional info:
An excerpt from the /var/log/messages file on the LDAP client system is
attached.

The first four lines show GDM log in failures for the testuser0 account which
is the LDAP user account.  Then it is followed by successful testuser0 log in
sessions from the login (tty1), su, and sshd utilities.

To illustrate that GDM does work for local accounts, I used my gdonnell local
account to log into a GDM session.  The log file has successful log in messages
for my gdonnell local account.

Comment 1 Gabriel Donnell 2003-06-19 04:43:10 UTC

Created attachment 92479 [details]
/var/log/messages

Comment 2 Gabriel Donnell 2003-06-19 04:56:24 UTC

Do not use TLS encryption on the LDAP client host because it does not work.
I reported this in the 97675 ticket.

Comment 3 Gabriel Donnell 2003-06-19 08:37:38 UTC

Hello,

I resolved the problem.  When I got TLS encryption to work, I was able to log
in from the GDM login screen.  I figured that GDM requires TLS encryption to
be enable.  For security reasons, this is very good.

In the 97675 ticket, I documented how I used the 51352 ticket to resolve the
TLS encryption problem in the 97675 ticket.

The TLS encryption requirement for GDM to authenticate with LDAP should be
documented.  May be I over looked it.  I did not see this in the Red Hat
Reference Guide or DAP Linux HOWTO.

*** This bug has been marked as a duplicate of 51352 ***

Note You need to log in before you can comment on or make changes to this bug.