From: Will Dowling (william.m.dowling@nuim.ie)
Date: Wed Mar 02 2005 - 07:51:54 EST
hey folks,
Hope you guys can help me.
I've got Sun One Directory Server 5.2 installed under
Solaris 9.
I have the server configured fine and all and clients are
initialised.
getent passwd user works fine,
ldaplist -l passwd works fine,
But when I try to su to the user it asks for a password and
then an ldap password. When I enter the password I set on
the directory server startconsole it says:
bash-2.05$ su jdoe
Password:
LDAP Password:
su: Unknown id: jdoe
bash-2.05$
also if I try to change the password it doesn't work :
# passwd -r ldap jdoe
Enter jdoe's password:
New Password:
Re-enter new Password:
passwd: System error: no ldap password for jdoe.
passwd(LDAP): jdoe does not exist
Permission denied
#
Yet I can finger user and id user and brings me back all the
appropriate info. Is this a pam.conf problem or do I not
have the password configured correctly. I see some examples
with crypt{} in their output but I specified that
the DS would use crypt. I presume it would store them in
crypt automatically when I add a user via the startconsole.
here is ldaplist -l passwd output :
dn: uid=jdoe,ou=People, dc=example,dc=com
uid: jdoe
givenName: john
sn: doe
cn: john doe
uidNumber: 104
gidNumber: 10
homeDirectory: /export/home/jdoe
loginShell: /bin/sh
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
and here is my pam.conf :
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth sufficient pam_unix_auth.so.1
#login auth required pam_dial_auth.so.1
login auth required pam_ldap.so.1
#
# rlogin service (explicit because of pam_rhost_auth)
#
#rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_auth.so.1
#rlogin auth required pam_ldap.so.1 try_first_pass
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
#rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_auth.so.1
#rsh auth required pam_ldap.so.1 try_first_pass
#
# PPP service (explicit because of pam_dial_auth)
#
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_unix_auth.so.1
#ppp auth required pam_dial_auth.so.1
#ppp auth required pam_ldap.so.1 try_first_pass
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for
authenctication
#
other auth required pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth sufficient pam_unix_auth.so.1
other auth required pam_ldap.so.1
passwd auth sufficient pam_passwd_auth.so.1
passwd auth required pam_ldap.so.1
#
# cron service (explicit because of non-usage of
pam_roles.so.1)
#
cron account required pam_projects.so.1
cron account required pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for
account management
#
other account requisite pam_roles.so.1
other account required pam_projects.so.1
other account required pam_unix_account.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for
session management
#
other session required pam_unix_session.so.1
#
# Default definition for Password management
# Used when service name is not explicitly mentioned for
password management
#
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password sufficient pam_authtok_store.so.1
other password required pam_ldap.so.1
any help would be appreciated!
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:30:15 EDT