[Fedora-directory-users] warnings in /var/log/secure

Thu Apr 10 22:49:49 UTC 2008

On Thu, Apr 10, 2008 at 12:34 PM, Aaron Bliss <abliss at brockport.edu> wrote:
>
>  Thanks for getting back to me.  Here is /etc/pam.d/system-auth
>  #%PAM-1.0
>  # This file is auto-generated.
>  # User changes will be destroyed the next time authconfig is run.
>  auth        required      pam_env.so
>  auth        sufficient    pam_unix.so nullok try_first_pass

Ok I see that we have hand changed the above line to:
auth        sufficient    pam_unix.so likeauth nullok nodelay

..... same lines deleted.
>
>  session     required      pam_mkhomedir.so skel=/etc/skel/ umask=0077

Don't have the above line

Our basic ldap.conf is the following.. I changed the o= and ou=
egrep -v '^$|^[[:space:]]*$|^\#' /etc/ldap.conf

base o=ZiaUniversity,c=US
uri ldaps://ldap.ziauniversity.edu/
binddn uid=l33tdude,ou=GodsPeeps,o=ZiaUniversity,c=US
bindpw XXXXXXXXXXXX
timelimit 120
bind_timelimit 10
bind_policy soft
idle_timelimit 3600
nss_base_netgroup          ou=Dudes,o=University of New Mexico,c=US?one
pam_password md5
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon
ssl on
tls_cacertdir /etc/openldap/cacerts

If you have a 'host ldap.uni.edu' it may try to do a non SSL
connection first and fail and then a SSL one.

>
>
>  Stephen John Smoogen wrote:
>  On Thu, Apr 10, 2008 at 6:40 AM, Aaron Bliss <abliss at brockport.edu> wrote:
>
>
>  Hi everyone,
>  I have several redhat 4 and 5 machines authenticating successfully against
> our ldap servers. I used authconfig to configure the clients and everything
> works great, ssh, vsftp, etc. However, for some reason, I always see a log
> entry similar to the following in /var/log/secure, even though the login
> works;
>  Apr 10 08:34:27 server1 sshd[30937]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.21.80.195
> user=user1
>
>  Here is the contents of /etc/nsswitch.conf
>  cat /etc/nsswitch.conf | grep -v \#
>
>  passwd: files ldap
>  shadow: files ldap
>  group: files ldap
>  hosts: files dns
>  bootparams: nisplus [NOTFOUND=return] files
>  ethers: files
>  netmasks: files
>  networks: files
>  protocols: files ldap
>  rpc: files
>  services: files ldap
>  netgroup: files ldap
>  publickey: nisplus
>  automount: files ldap
>  aliases: files nisplus
>
>
>  I think we will need the contents of /etc/pam.d/system-auth for anyone to
> help .
>
>
>
>
>
>  --
> Aaron Bliss
> Systems Administrator
> SUNY Brockport
> (585) 395-2417
>
> --
>  Fedora-directory-users mailing list
>  Fedora-directory-users at redhat.com
>  https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>

-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"