[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

PAM ldap login on woody

Greetings,

I am trying to use pam_ldap for logins from the console and ssh.  I have installed both libpam-ldap and libnss-ldap.  libnss-ldap is working as expected.  And libpam-ldap seems close.

When I login on the console or ssh, I get the MOTD and then I am sent back to the previous prompt, login or original host, respectively.  I have included log and configuration files.  If I missed something, let me know.  

Here is a log sample from an ssh attempt:
---
Apr  9 11:38:16 web1 sshd[506]: Accepted password for chanson from 10.1.1.110 port 3367 ssh2
Apr  9 11:38:16 web1 PAM_unix[508]: (ssh) session opened for user chanson by (uid=25000)
Apr  9 11:38:16 web1 PAM_unix[508]: (ssh) session closed for user chanson
Apr  9 11:38:16 web1 sshd[508]: PAM pam_putenv: delete non-existent entry; MAIL
---

Here is one from a console attempt:
---
Apr  9 11:38:51 web1 PAM_unix[479]: (login) session opened for user chanson by LOGIN(uid=0)
---

The following are the pam.d conf files:

------
login:
------
auth       requisite  pam_securetty.so
auth       requisite  pam_nologin.so
auth       required   pam_env.so
auth       sufficient pam_ldap.so
auth       required   pam_unix.so nullok try_first_pass

account    sufficient pam_ldap.so
account    required   pam_unix.so

session    required   pam_unix.so
session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022
session    optional   pam_lastlog.so
session    optional   pam_motd.so
session    optional   pam_mail.so standard noenv

password   sufficient pam_ldap.so
password   required   pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass

----
ssh:
----
auth       required     pam_nologin.so
auth       sufficient   pam_ldap.so debug
auth       required     pam_unix.so try_first_pass
auth       required     pam_env.so # [1] 

account    sufficient   pam_ldap.so
account    required     pam_unix.so

session    required     pam_unix.so
session    required     pam_mkhomedir.so skel=/etc/skel/ umask=0022
session    optional     pam_lastlog.so # [1]
session    optional     pam_motd.so # [1]
session    optional     pam_mail.so standard noenv # [1]
session    required     pam_limits.so

password   sufficient   pam_ldap.so
password   required     pam_unix.so use_first_pass

-------
passwd:
-------
password   sufficient pam_ldap.so
password   required   pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass


-- 
Carlos Hanson
Webmaster and Postmaster
Tigard-Tualatin School District

ph: 503.431.4053
Reply to: