Guest Kaspersky Posted August 3, 2007 Report Share Posted August 3, 2007 (edited) Hi all, I have LDAP server on SLES 10.0 and LDAP clients on Mandriva2007 and SuSE. Suse works without problems but Mandriva 2007 have several one. I have configured Mandriva to use ldap now ldap users can login via network without problem, but user cannot login on local machine. What did wrong? PS It seems that the problems in pam module Edited August 3, 2007 by Kaspersky Link to comment Share on other sites More sharing options...
adamw Posted August 4, 2007 Report Share Posted August 4, 2007 I'll bet a *small* amount of money it's this: http://qa.mandriva.com/show_bug.cgi?id=20882 try running something like this: grep pam_stack.so /etc/pam.d/* any file that is returned is problematic. paste the result here. thanks! Link to comment Share on other sites More sharing options...
Guest Kaspersky Posted August 8, 2007 Report Share Posted August 8, 2007 Sorry for waitinh grep pam_stack.so /etc/pam.d/* /etc/pam.d/rexec:#auth required pam_stack.so service=system-auth /etc/pam.d/rexec:#account required pam_stack.so service=system-auth /etc/pam.d/rexec:#session required pam_stack.so service=system-auth /etc/pam.d/rexec.rpmnew:auth required pam_stack.so service=system-auth /etc/pam.d/rexec.rpmnew:account required pam_stack.so service=system-auth /etc/pam.d/rexec.rpmnew:session required pam_stack.so service=system-auth /etc/pam.d/rlogin:#auth required pam_stack.so service=system-auth /etc/pam.d/rlogin:#account required pam_stack.so service=system-auth /etc/pam.d/rlogin:#password required pam_stack.so service=system-auth /etc/pam.d/rlogin:#session required pam_stack.so service=system-auth /etc/pam.d/rlogin.rpmnew:auth required pam_stack.so service=system-auth /etc/pam.d/rlogin.rpmnew:account required pam_stack.so service=system-auth /etc/pam.d/rlogin.rpmnew:password required pam_stack.so service=system-auth /etc/pam.d/rlogin.rpmnew:session required pam_stack.so service=system-auth /etc/pam.d/rsh:#account required pam_stack.so service=system-auth /etc/pam.d/rsh:#session required pam_stack.so service=system-auth /etc/pam.d/rsh.rpmnew:account required pam_stack.so service=system-auth /etc/pam.d/rsh.rpmnew:session required pam_stack.so service=system-auth /etc/pam.d/xlock:auth required pam_stack.so service=system-auth I have replaced "account required pam_stack.so service=system-auth" to "account include system-auth" But it does not help to login ldap users on local machine. ssh works without problems. What does it means? Link to comment Share on other sites More sharing options...
aioshin Posted August 9, 2007 Report Share Posted August 9, 2007 (edited) try to compare this with yours or try to use this, auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so session optional /lib/security/$ISA/pam_mkhomedir.so skel=/etc/skel/ umask=0022 session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so This was taken on my centos using ldap and local accounts as auth server... Using authconfig, there's an option to chose both local and ldap. In Mandriva, using drakauth, there's no option to choose both, that may be the problem, you have to manually edit the file /etc/pam.d/system-auth . Try to compare yours on the above quoted. On my desktop (mandriva), I authenticate to local and winbind (AD 2003) and here's my mandriva /etc/pam.d/system-auth #%PAM-1.0 auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_winbind.so use_first_pass auth required pam_deny.so account sufficient pam_unix.so account sufficient pam_winbind.so use_first_pass account required pam_deny.so password required pam_cracklib.so retry=3 minlen=2 dcredit=0 ucredit=0 password sufficient pam_unix.so nullok use_authtok md5 shadow password required pam_deny.so session optional pam_mkhomedir.so skel=/etc/skel/ umask=0022 session optional pam_keyinit.so revoke session required pam_limits.so session required pam_unix.so just try... Edited August 9, 2007 by aioshin Link to comment Share on other sites More sharing options...
Guest Kaspersky Posted August 9, 2007 Report Share Posted August 9, 2007 Thanks for comment but it does not help. I used drakauth utility for configuring Mandriva 2007 to use ldap. ssh works but ldap users cannot login using su command Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now