[Fedora-directory-users] warnings in /var/log/secure
Stephen John Smoogen
smooge at gmail.com
Thu Apr 10 22:49:49 UTC 2008
On Thu, Apr 10, 2008 at 12:34 PM, Aaron Bliss <abliss at brockport.edu> wrote:
>
> Thanks for getting back to me. Here is /etc/pam.d/system-auth
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth required pam_env.so
> auth sufficient pam_unix.so nullok try_first_pass
Ok I see that we have hand changed the above line to:
auth sufficient pam_unix.so likeauth nullok nodelay
..... same lines deleted.
>
> session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
Don't have the above line
Our basic ldap.conf is the following.. I changed the o= and ou=
egrep -v '^$|^[[:space:]]*$|^\#' /etc/ldap.conf
base o=ZiaUniversity,c=US
uri ldaps://ldap.ziauniversity.edu/
binddn uid=l33tdude,ou=GodsPeeps,o=ZiaUniversity,c=US
bindpw XXXXXXXXXXXX
timelimit 120
bind_timelimit 10
bind_policy soft
idle_timelimit 3600
nss_base_netgroup ou=Dudes,o=University of New Mexico,c=US?one
pam_password md5
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon
ssl on
tls_cacertdir /etc/openldap/cacerts
If you have a 'host ldap.uni.edu' it may try to do a non SSL
connection first and fail and then a SSL one.
>
>
> Stephen John Smoogen wrote:
> On Thu, Apr 10, 2008 at 6:40 AM, Aaron Bliss <abliss at brockport.edu> wrote:
>
>
> Hi everyone,
> I have several redhat 4 and 5 machines authenticating successfully against
> our ldap servers. I used authconfig to configure the clients and everything
> works great, ssh, vsftp, etc. However, for some reason, I always see a log
> entry similar to the following in /var/log/secure, even though the login
> works;
> Apr 10 08:34:27 server1 sshd[30937]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.21.80.195
> user=user1
>
> Here is the contents of /etc/nsswitch.conf
> cat /etc/nsswitch.conf | grep -v \#
>
> passwd: files ldap
> shadow: files ldap
> group: files ldap
> hosts: files dns
> bootparams: nisplus [NOTFOUND=return] files
> ethers: files
> netmasks: files
> networks: files
> protocols: files ldap
> rpc: files
> services: files ldap
> netgroup: files ldap
> publickey: nisplus
> automount: files ldap
> aliases: files nisplus
>
>
> I think we will need the contents of /etc/pam.d/system-auth for anyone to
> help .
>
>
>
>
>
> --
> Aaron Bliss
> Systems Administrator
> SUNY Brockport
> (585) 395-2417
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
More information about the Fedora-directory-users
mailing list