Fedora Core 5 LDAP client authentication problem with Solaris 9 iPlanet LDAP Server
Nigel Wade
nmw at ion.le.ac.uk
Thu Jun 15 09:43:26 UTC 2006
ay0my wrote:
> Hi Gordon,
>
> I tried your suggestion the results looks OK.
>
> [root at sspxz100 ~]# id s39427
> uid=111(s39427) gid=14(sysadmin) groups=14(sysadmin)
> [root at sspxz100 ~]# ls -l ~s39427
> total 0
>
> I saw the following error in /var/log/secure when the "permission denied" error is encountered.
>
> Jun 15 17:19:38 sspxz100 sshd[13765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ci-nb39427-6.sf.sp.edu.sg user=s39427
> Jun 15 17:19:40 sspxz100 sshd[13765]: Failed password for s39427 from 164.78.20.60 port 2029 ssh2
> Jun 15 09:19:40 sspxz100 sshd[13766]: Failed password for s39427 from 164.78.20.60 port 2029 ssh2
>
> No error is recorded in /var/log/messages
>
> I also try connecting to the LDAP server at port 389 and it is OK.
>
> [root at sspxz100 ~]# telnet 165.70.35.12 389
> Trying 165.70.35.12...
> Connected to sspsm040.sf.sp.edu.sg (165.70.35.12).
> Escape character is '^]'.
>
> Any other help will be appreciated.
>
> Thanks
>
>
>
Is nsswitch setup correctly to obtain the password from the LDAP server?
Check in /etc/nsswitch.conf that passwd, shadow and group are all set to obtain
data from ldap:
passwd: files ldap
shadow: files ldap
group: files ldap
Verify that nss is looking up the data in LDAP by running the following commands
on sspxz100:
# getent passwd s39427
# getent shadow s39427
these should show the information retrieved from the LDAP directory for the user
in question.
Is host based access control in effect? If so, does the user in question have
permission to login to that host?
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw at ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
More information about the fedora-list
mailing list