PAM Ldap login via OpenSSH or Console on an SGI ProPack 2.3 Linux server fails

From: Michael Thompson (Google_at_UserID.net)
Date: 02/12/04

• Next message: sweepea_at_kickapoo.com: "Re: copying install cd's (for network install server)"
• Previous message: Lewis Saunders: "Re: SE graphics"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: 12 Feb 2004 07:38:48 -0800

I am running into a problem with using LDAP authentication on an SGI
ProPack 2.3 linux server. The configuration files are direct copies
from a RedHat linux server that works perfectly. I have been doing
most of my testing via the console login to make things a little more
cut and dry.

The message "User not known to the underlying authentication module"
appears when a correct LDAP username and password has been entered.
The message "LDAP Password:" appears if a wrong password has been
entered (this is correct and should happen). This is how I know the
LDAP lookups are functional. Also, finger from the server works
great.

The functioning RedHat server uses the same versions of nss, pam, and
openssh listed below.

Software Versions:
SGI ProPack 2.3 for Linux, Build 230r11-0310072229
nss_ldap 215
pam_ldap 167
OpenSSh 3.7.1p2

-----------------------------------------------------
SGI ProPack 2.3 for Linux, Build 230r11-0310072229
Kernel 2.4.21-sgi230r7 on an ia64

<FQDN cut out>.edu login: aj8417
Password:

User not known to the underlying authentication module
-----------------------------------------------------
Current /etc/pam.d/login file which works on a RedHat server is as
follows:
#%PAM-1.0

auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_ldap.so try_first_pass
account required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_access.so
accessfile=/etc/security/access.conf fieldsep=:
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/
umask=0022
session optional /lib/security/pam_console.so

Any help would be appreciated.
-Michael

---

• Next message: sweepea_at_kickapoo.com: "Re: copying install cd's (for network install server)"
• Previous message: Lewis Saunders: "Re: SE graphics"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages samba file deletes slow ... I use this method to move backups from the Linux server to burn them on ... ldap machine suffix = ou=People ... (Debian-User) Re: Sendmail doesnt recognize the old users password after migration of RedHat 9 to RedHat Enterpris ... > We've installed a new linux server with RedHat Enterprise 3 and we want to ... > doesn't recognize the old users password. ... (RedHat) LDAP client configuration question ... We have an LDAP server up and running redhat 8. ... (Debian-User) Re: Very novice question ... > I want to setup a Linux server. ... > Does RedHat still have a free version or what? ... it has Mandrake listed as the 2 most popular. ... > probably PostgreSQL, and a mail server. ... (linux.redhat) Re: Question for you all ... Redhat), you can actually secure a Linux server to be very close, if not as ... (Security-Basics)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)