Issues configuring ldap authentication using pam on Centos 4 client

Installing, Configuring, Troubleshooting server daemons such as Web and Mail
dchrist
Posts: 5
Joined: 2011/12/02 22:44:15

Issues configuring ldap authentication using pam on Centos 4 client

Postby dchrist » 2012/02/22 22:51:13

I am trying to enable ldap authentication for my unix accounts on an old centos 4.7 server. I am running an ldap server on centos 5.7 runing openldap-servers-2.3.43-12.el5_7.10. My current centos 5.7 servers can authenticate to my ldap server with out issue. When I enable ldap authentication on my centos 4 server I get the following error in my message log.

Feb 22 12:57:06 cent4dev sshd(pam_unix)[2376]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.20.224
Feb 22 12:57:06 cent4dev sshd[2376]: pam_ldap: error trying to bind as user "uid=dchristensen,ou=People,dc=example,dc=com" (Invalid credentials)



If I execute ldapsearch -x -D uid=dchristensen,ou=People,dc=example,dc=com -W -H ldap://ldap-test01.example.com -b ou=People,dc=example,dc=com uid=dchristensen from my centos 4 server I am able to pull my userPassword information. The problem appears to be an with matching the password against the password hash stored in my ldap server.

Has anyone seen this issue or have any ideas on how to troubleshoot this issue?

Thanks,

Duain Christensen

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Issues configuring ldap authentication using pam on Centos 4

Postby pschaff » 2012/02/23 02:43:53

I don't do LDAP, but forum member scottro provides this LDAP reference.

I hope you are aware of the fast-approaching CentOS-4 EOL and have a plan for the after-life. You should at least "yum update" to 4.9 + subsequent errata.

User avatar
TrevorH
Forum Moderator
Posts: 20339
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Issues configuring ldap authentication using pam on Centos 4 client

Postby TrevorH » 2012/02/23 03:34:05

A long time ago I remember an update came out that stopped my CentOS 4 boxes using LDAP for authentication and the solution was to edit /etc/ldap.conf and comment out any "host x.x.x.x" line and make sure that it used "uri ldap://x.x.x.x/" instead. Before the update it worked with both in the file, after it, it broke.