PAM ldap login on woody
Greetings,
I am trying to use pam_ldap for logins from the console and ssh. I have installed both libpam-ldap and libnss-ldap. libnss-ldap is working as expected. And libpam-ldap seems close.
When I login on the console or ssh, I get the MOTD and then I am sent back to the previous prompt, login or original host, respectively. I have included log and configuration files. If I missed something, let me know.
Here is a log sample from an ssh attempt:
---
Apr 9 11:38:16 web1 sshd[506]: Accepted password for chanson from 10.1.1.110 port 3367 ssh2
Apr 9 11:38:16 web1 PAM_unix[508]: (ssh) session opened for user chanson by (uid=25000)
Apr 9 11:38:16 web1 PAM_unix[508]: (ssh) session closed for user chanson
Apr 9 11:38:16 web1 sshd[508]: PAM pam_putenv: delete non-existent entry; MAIL
---
Here is one from a console attempt:
---
Apr 9 11:38:51 web1 PAM_unix[479]: (login) session opened for user chanson by LOGIN(uid=0)
---
The following are the pam.d conf files:
------
login:
------
auth requisite pam_securetty.so
auth requisite pam_nologin.so
auth required pam_env.so
auth sufficient pam_ldap.so
auth required pam_unix.so nullok try_first_pass
account sufficient pam_ldap.so
account required pam_unix.so
session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session optional pam_lastlog.so
session optional pam_motd.so
session optional pam_mail.so standard noenv
password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass
----
ssh:
----
auth required pam_nologin.so
auth sufficient pam_ldap.so debug
auth required pam_unix.so try_first_pass
auth required pam_env.so # [1]
account sufficient pam_ldap.so
account required pam_unix.so
session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session optional pam_lastlog.so # [1]
session optional pam_motd.so # [1]
session optional pam_mail.so standard noenv # [1]
session required pam_limits.so
password sufficient pam_ldap.so
password required pam_unix.so use_first_pass
-------
passwd:
-------
password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass
--
Carlos Hanson
Webmaster and Postmaster
Tigard-Tualatin School District
ph: 503.431.4053
Reply to: