Solaris 8 LDAP client pam.conf problem

From: Sundaram Ramasamy (sun@percipia.com)
Date: Thu Oct 09 2003 - 17:10:11 EDT

Hi all,

I am trying to configure Solaris 8 for open LDAP client authentication. Now

getent passwd list the all users from the LDAP. But id/su/ssh programs
failed to login.

===========================
# getent passwd | grep spais
spais::1006:100:System User:/home/spais:/bin/bash
# grep spais /etc/passwd
# id spais
id: invalid user name: "spais"

=======================

Here is my pam.conf file

#
#ident "@(#)pam.conf 1.14 99/09/16 SMI"
#
# Copyright (c) 1996-1999, Sun Microsystems, Inc.
# All Rights Reserved.
#
# PAM configuration
#
# Authentication management
#
#login auth required /usr/lib/security/pam_winbind.so

login auth sufficient /lib/security/pam_ldap.so debug
login auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1
try_first_pass
#
#rlogin auth sufficient /usr/lib/security/pam_winbind.so

rlogin auth sufficient /lib/security/pam_ldap.so debug
rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass

#
#dtlogin auth sufficient /usr/lib/security/pam_winbind.so
dtlogin auth sufficient /lib/security/pam_ldap.so debug
dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass

#
rsh auth sufficient /lib/security/pam_ldap.so debug
rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
#other auth sufficient /usr/lib/security/pam_winbind.so
other auth sufficient /lib/security/pam_ldap.so debug
other auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
# Account management
#
#
#login account sufficient /usr/lib/security/pam_winbind.so
login account sufficient /lib/security/pam_ldap.so debug
login account requisite /usr/lib/security/$ISA/pam_roles.so.1
login account required /usr/lib/security/$ISA/pam_unix.so.1
#
#dtlogin account sufficient /usr/lib/security/pam_winbind.so
dtlogin account sufficient /lib/security/pam_ldap.so debug
dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1
#
#other account sufficient /usr/lib/security/pam_winbind.so
other account sufficient /lib/security/pam_ldap.so debug
other account requisite /usr/lib/security/$ISA/pam_roles.so.1
other account required /usr/lib/security/$ISA/pam_unix.so.1
#
# Session management
#
other session sufficient /lib/security/pam_ldap.so debug
other session required /usr/lib/security/$ISA/pam_unix.so.1
dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Password management
#
#other password sufficient /usr/lib/security/pam_winbind.so
other password sufficient /lib/security/pam_ldap.so debug
other password required /usr/lib/security/$ISA/pam_unix.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
#rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#login auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#other auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other account optional /usr/lib/security/$ISA/pam_krb5.so.1

Any idea what I am doing wrong?

Thanks
SR
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:27:16 EDT