This discussion is archived
0 Replies Latest reply: Mar 8, 2013 3:58 PM by user513304 RSS

openldap-2.4.32 PAM authentication on Solaris 10

user513304 Newbie
Currently Being Moderated
Hi,

I configured two Solaris servers to be openldap client/server. They are connected, and I am able to add/modify/retrieve entries/user information from client machine.
Executing ldapwhoami command from client is successful; server receives and processes request as expected.

I am configuring PAM for rlogin from Client machine and expect that user credential will be authenticated from LDAP Server, but cannot rlogin.
Could someone please show me how to verify PAM to see if it works?
Please let me know if there is anything missing from my setup or anything that I can double-check.

Any help is greatly appreciated.
Regards,
Joe



Downloaded and installed packages from SunFreeWare.com:
openldap-2.4.32-sol10-sparc-local.gz
db-4.7.25.NC-sol10-sparc-local.gz
gcc-3.3.2-sol10-sparc-local.gz
libgcc-3.3-sol10-sparc-local.gz
libtool-2.4.2-sol10-sparc-local.gz
openssl-1.0.1c-sol10-sparc-local.gz
sasl-2.1.25-sol10-sparc-local.gz

From Client LDAP, I am able to add users to Server LDAP, and ldapwhoami execution is also successful.
apggd04dev# ldapwhoami -H ldap://apggd06dev.pg.dtveng.net -x -W -D uid=jkly,ou=users,dc=pg,dc=dtveng,dc=net
Enter LDAP Password:
dn:uid=jkly,ou=users,dc=pg,dc=dtveng,dc=net

Configuring for PAM:
- /etc/pam.conf:
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_cred.so.1
rlogin auth binding pam_unix_auth.so.1
rlogin auth required pam_ldap.so.1 debug

- /etc/nsswitch.conf:
passwd: files ldap
group: files ldap
shadow: files ldap

Errors from /var/log/pamlog:
Mar 5 08:56:15 apggd04dev login: [ID 884769 auth.debug] PAM[3257]: pam_set_item(296b0:user)
Mar 5 08:56:20 apggd04dev login: [ID 884769 auth.debug] PAM[3257]: pam_set_item(296b0:authtok)
Mar 5 08:56:20 apggd04dev last message repeated 1 time
Mar 5 08:56:20 apggd04dev login: [ID 110225 auth.debug] PAM[3257]: pam_authenticate(296b0, 0): error No account present for user
Mar 5 08:56:20 apggd04dev login: [ID 219349 auth.debug] pam_unix_auth: user jkly not found
Mar 5 08:56:20 apggd04dev login: [ID 110225 auth.debug] PAM[3257]: pam_authenticate(296b0, 0): error No account present for user
Mar 5 08:56:20 apggd04dev login: [ID 285619 auth.debug] ldap pam_sm_authenticate(rlogin jkly), flags = 0
Mar 5 08:56:20 apggd04dev login: [ID 293258 auth.warning] libsldap: Status: 2 Mesg: Unable to load configuration '/var/ldap/ldap_client_file' ('').
Mar 5 08:56:20 apggd04dev login: [ID 110225 auth.debug] PAM[3257]: pam_authenticate(296b0, 0): error Error in underlying service module
Mar 5 08:56:20 apggd04dev login: [ID 884769 auth.debug] PAM[3257]: pam_set_item(296b0:authtok)
Mar 5 08:56:24 apggd04dev login: [ID 884769 auth.debug] PAM[3257]: pam_set_item(296b0:user)
Mar 5 08:56:24 apggd04dev login: [ID 884769 auth.debug] PAM[3257]: pam_set_item(296b0:ruser)
Mar 5 08:56:24 apggd04dev login: [ID 884769 auth.debug] PAM[3257]: pam_set_item(296b0:user_prompt)
Mar 5 08:56:24 apggd04dev login: [ID 601877 auth.debug] PAM[3257]: pam_authenticate(296b0, 0)
Mar 5 08:56:24 apggd04dev login: [ID 407395 auth.debug] PAM[3257]: load_modules(296b0, pam_sm_authenticate)=/usr/lib/security/pam_rhosts_auth.so.1
Mar 5 08:56:24 apggd04dev login: [ID 110225 auth.debug] PAM[3257]: pam_authenticate(296b0, 0): error No account present for user
Mar 5 08:56:24 apggd04dev login: [ID 386855 auth.debug] PAM[3257]: pam_get_user(296b0, 0, NULL)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points