login_get_lastlog: Cannot find account for uid

From: marten@atlas.sk
Date: Thu Jan 27 2005 - 16:44:38 EST

• Next message: ert weerr: "SUMMARY: Online log file monitoring script?"
• Previous message: Craig Russell: "Summary:sed question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,
I'm trying to setup nss_ldap/pam_ldap (from padl, version 176) on "SunOS 5.10
s10_72 i86pc i386 i86pc".

I can succesfully login as LDAP user via login and su services (finger,
listusers and getent utilities work as well).
When trying to login via ssh (I tried both sshd from Sun as well as OpenSSH,
compiled with-pam option), I get following message:

Jan 27 22:20:00 mysun last message repeated 1 time
Jan 27 22:20:39 mysun sshd[6675]: [ID 800047 auth.info] Accepted
keyboard-interactive/pam for oraoid from 10.10.10.10 port 1673 ssh2
Jan 27 22:20:39 mysun sshd[6675]: [ID 916208 auth.debug] nss_ldap:
__session.ls_state=-1, __session.ls_conn=0, __pid=-1, pid=6675, __euid=-1,
euid=0
Jan 27 22:20:39 mysun sshd[6675]: [ID 916208 auth.debug] nss_ldap:
__session.ls_state=0, __session.ls_conn=8158f48, __pid=6675, pid=6675,
__euid=0, euid=0
Jan 27 22:20:39 mysun sshd[6675]: [ID 916208 auth.debug] nss_ldap:
__session.ls_state=1, __session.ls_conn=8159260, __pid=6675, pid=6675,
__euid=0, euid=0
Jan 27 22:20:39 mysun last message repeated 1 time
Jan 27 22:20:39 mysun sshd[6707]: [ID 800047 auth.crit] fatal:
login_get_lastlog: Cannot find account for uid 1001
Jan 27 22:20:39 mysun sshd[6675]: [ID 916208 auth.debug] nss_ldap:
__session.ls_state=1, __session.ls_conn=8159260, __pid=6675, pid=6675,
__euid=0, euid=0

...any idea what can be wrong ?

my pam.conf file looks like:

#
#ident "@(#)pam.conf 1.28 04/04/21 SMI"
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# PAM configuration
#
# Unless explicitly defined, all services use the modules
# defined in the "other" section.
#
# Modules are defined with relative pathnames, i.e., they are
# relative to /usr/lib/security/$ISA. Absolute path names, as
# present in this file in previous releases are still acceptable.
#
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth sufficient pam_unix_auth.so.1
login auth required /lib/security/pam_ldap.so.1 try_first_pass
#login auth required pam_dial_auth.so.1
#
## OpenSSH
sshd auth requisite pam_authtok_get.so.1
sshd auth required pam_dhkeys.so.1
sshd auth sufficient pam_unix_auth.so.1
sshd auth required /lib/security/pam_ldap.so.1 try_first_pass
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth sufficient pam_unix_auth.so.1
other auth required /lib/security/pam_ldap.so.1 try_first_pass
#
# passwd command (explicit because of a different authentication module)
#
passwd auth required pam_passwd_auth.so.1
#
# OpenSSH
sshd account sufficient pam_unix_account.so.1
sshd account required /lib/security/pam_ldap.so.1 try_first_pass
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
#other account requisite pam_roles.so.1
#other account required pam_projects.so.1
other account sufficient pam_unix_account.so.1
other account required /lib/security/pam_ldap.so.1 try_first_pass
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
#other session required /pam_mkhomedir.so skel=/etc/skel umask=0022
other session required pam_unix_session.so.1
#
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
#
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1
#other password sufficient pam_unix.so.1
other password required /lib/security/pam_ldap.so.1
#
# Support for Kerberos V5 authentication and example configurations can
# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
#
#

thanks and regards
Marian
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: ert weerr: "SUMMARY: Online log file monitoring script?"
• Previous message: Craig Russell: "Summary:sed question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:30:04 EDT