From: Sundaram Ramasamy (sun@percipia.com)
Date: Thu Oct 09 2003 - 17:10:11 EDT
Hi all,
I am trying to configure Solaris 8 for open LDAP client authentication. Now
getent passwd list the all users from the LDAP. But id/su/ssh programs
failed to login.
===========================
# getent passwd | grep spais
spais::1006:100:System User:/home/spais:/bin/bash
# grep spais /etc/passwd
# id spais
id: invalid user name: "spais"
=======================
Here is my pam.conf file
#
#ident "@(#)pam.conf 1.14 99/09/16 SMI"
#
# Copyright (c) 1996-1999, Sun Microsystems, Inc.
# All Rights Reserved.
#
# PAM configuration
#
# Authentication management
#
#login auth required /usr/lib/security/pam_winbind.so
login auth sufficient /lib/security/pam_ldap.so debug
login auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1
try_first_pass
#
#rlogin auth sufficient /usr/lib/security/pam_winbind.so
rlogin auth sufficient /lib/security/pam_ldap.so debug
rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
#dtlogin auth sufficient /usr/lib/security/pam_winbind.so
dtlogin auth sufficient /lib/security/pam_ldap.so debug
dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
rsh auth sufficient /lib/security/pam_ldap.so debug
rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
#other auth sufficient /usr/lib/security/pam_winbind.so
other auth sufficient /lib/security/pam_ldap.so debug
other auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
# Account management
#
#
#login account sufficient /usr/lib/security/pam_winbind.so
login account sufficient /lib/security/pam_ldap.so debug
login account requisite /usr/lib/security/$ISA/pam_roles.so.1
login account required /usr/lib/security/$ISA/pam_unix.so.1
#
#dtlogin account sufficient /usr/lib/security/pam_winbind.so
dtlogin account sufficient /lib/security/pam_ldap.so debug
dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1
#
#other account sufficient /usr/lib/security/pam_winbind.so
other account sufficient /lib/security/pam_ldap.so debug
other account requisite /usr/lib/security/$ISA/pam_roles.so.1
other account required /usr/lib/security/$ISA/pam_unix.so.1
#
# Session management
#
other session sufficient /lib/security/pam_ldap.so debug
other session required /usr/lib/security/$ISA/pam_unix.so.1
dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Password management
#
#other password sufficient /usr/lib/security/pam_winbind.so
other password sufficient /lib/security/pam_ldap.so debug
other password required /usr/lib/security/$ISA/pam_unix.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
#rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#login auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#other auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other account optional /usr/lib/security/$ISA/pam_krb5.so.1
Any idea what I am doing wrong?
Thanks
SR
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:27:16 EDT