[Spacewalk-list] Spacewalk & pam_ldap

[Wojtak, Greg]

I was having this issue (authentication failure, no messages logged to /var/log/messages) in our environment. LDAP auth was working for me but not for a co-worker it finally turns out the problem was that the spacewalk server was configured with the FQDN and he was browsing to spacewalk using the short name.  When he went to the FQDN, everything worked as we wanted it to.

-----Original Message-----
From: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Andy Speagle
Sent: Monday, August 24, 2009 4:56 PM
To: bperkins at redhat.com
Cc: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] Spacewalk & pam_ldap

> 1) Can you authenticate the user using LDAP for a different daemon, 
> like SSH successfully?  If not, take another look at your authconfig.

Yes, LDAP logins for SSH authentication works well... 

> 2) Paste your /etc/pam.d/rhn-satellite file so we can take a look at 
> it.

# cat /etc/pam.d/spacewalk
#%PAM-1.0
auth        required      pam_env.so
auth        sufficient    pam_ldap.so
auth        required      pam_deny.so
account     required      pam_ldap.so

>  Your LDAP configuration may also be useful, but I would understand if 
> you don't want to share it.

Probably not going to be able to include that...

> 3) Make sure 'pam_auth_service = rhn-satellite' is in 
> /etc/rhn/rhn.conf.
> 
> 4) If you did not use the rhn-satellite name, and instead did 
> something else, you made sure that the pam.d file and the rhn.conf 
> configuration match.

They do indeed match.

> 5) Make sure you restart Spacewalk for it to take effect.
> 
> Generally it is straight-forward, so we should be able to get you 
> moving.

After a restart, it still is a no-go for me... sadly.  In addition, I'm not getting ANY output in /var/log/messages regarding authentication.

> Thanks.
> Brandon

Looking forward to a resolution.

Thanks,
--
Andy Speagle

"THE Student" - UCATS
Wichita State University