0 Replies Latest reply: Mar 8, 2013 5:58 PM by User513304-OC RSS

    openldap-2.4.32 PAM authentication on Solaris 10

    User513304-OC
      Hi,

      I configured two Solaris servers to be openldap client/server. They are connected, and I am able to add/modify/retrieve entries/user information from client machine.
      Executing ldapwhoami command from client is successful; server receives and processes request as expected.

      I am configuring PAM for rlogin from Client machine and expect that user credential will be authenticated from LDAP Server, but cannot rlogin.
      Could someone please show me how to verify PAM to see if it works?
      Please let me know if there is anything missing from my setup or anything that I can double-check.

      Any help is greatly appreciated.
      Regards,
      Joe



      Downloaded and installed packages from SunFreeWare.com:
      openldap-2.4.32-sol10-sparc-local.gz
      db-4.7.25.NC-sol10-sparc-local.gz
      gcc-3.3.2-sol10-sparc-local.gz
      libgcc-3.3-sol10-sparc-local.gz
      libtool-2.4.2-sol10-sparc-local.gz
      openssl-1.0.1c-sol10-sparc-local.gz
      sasl-2.1.25-sol10-sparc-local.gz

      From Client LDAP, I am able to add users to Server LDAP, and ldapwhoami execution is also successful.
      apggd04dev# ldapwhoami -H ldap://apggd06dev.pg.dtveng.net -x -W -D uid=jkly,ou=users,dc=pg,dc=dtveng,dc=net
      Enter LDAP Password:
      dn:uid=jkly,ou=users,dc=pg,dc=dtveng,dc=net

      Configuring for PAM:
      - /etc/pam.conf:
      #
      # rlogin service (explicit because of pam_rhost_auth)
      #
      rlogin auth sufficient pam_rhosts_auth.so.1
      rlogin auth requisite pam_authtok_get.so.1
      rlogin auth required pam_dhkeys.so.1
      rlogin auth required pam_unix_cred.so.1
      rlogin auth binding pam_unix_auth.so.1
      rlogin auth required pam_ldap.so.1 debug

      - /etc/nsswitch.conf:
      passwd: files ldap
      group: files ldap
      shadow: files ldap

      Errors from /var/log/pamlog:
      Mar 5 08:56:15 apggd04dev login: [ID 884769 auth.debug] PAM[3257]: pam_set_item(296b0:user)
      Mar 5 08:56:20 apggd04dev login: [ID 884769 auth.debug] PAM[3257]: pam_set_item(296b0:authtok)
      Mar 5 08:56:20 apggd04dev last message repeated 1 time
      Mar 5 08:56:20 apggd04dev login: [ID 110225 auth.debug] PAM[3257]: pam_authenticate(296b0, 0): error No account present for user
      Mar 5 08:56:20 apggd04dev login: [ID 219349 auth.debug] pam_unix_auth: user jkly not found
      Mar 5 08:56:20 apggd04dev login: [ID 110225 auth.debug] PAM[3257]: pam_authenticate(296b0, 0): error No account present for user
      Mar 5 08:56:20 apggd04dev login: [ID 285619 auth.debug] ldap pam_sm_authenticate(rlogin jkly), flags = 0
      Mar 5 08:56:20 apggd04dev login: [ID 293258 auth.warning] libsldap: Status: 2 Mesg: Unable to load configuration '/var/ldap/ldap_client_file' ('').
      Mar 5 08:56:20 apggd04dev login: [ID 110225 auth.debug] PAM[3257]: pam_authenticate(296b0, 0): error Error in underlying service module
      Mar 5 08:56:20 apggd04dev login: [ID 884769 auth.debug] PAM[3257]: pam_set_item(296b0:authtok)
      Mar 5 08:56:24 apggd04dev login: [ID 884769 auth.debug] PAM[3257]: pam_set_item(296b0:user)
      Mar 5 08:56:24 apggd04dev login: [ID 884769 auth.debug] PAM[3257]: pam_set_item(296b0:ruser)
      Mar 5 08:56:24 apggd04dev login: [ID 884769 auth.debug] PAM[3257]: pam_set_item(296b0:user_prompt)
      Mar 5 08:56:24 apggd04dev login: [ID 601877 auth.debug] PAM[3257]: pam_authenticate(296b0, 0)
      Mar 5 08:56:24 apggd04dev login: [ID 407395 auth.debug] PAM[3257]: load_modules(296b0, pam_sm_authenticate)=/usr/lib/security/pam_rhosts_auth.so.1
      Mar 5 08:56:24 apggd04dev login: [ID 110225 auth.debug] PAM[3257]: pam_authenticate(296b0, 0): error No account present for user
      Mar 5 08:56:24 apggd04dev login: [ID 386855 auth.debug] PAM[3257]: pam_get_user(296b0, 0, NULL)