Cannot log into LDAP/eDirectory from a SLES 11 -machine

SUSE Product Topics SLES Configure-Administer
1

Hi!

I have set up a SLES 11-machine to be an LDAP-client.
Everything went fine installing it, and with the LDAP-browser
i can browse the whole LDAP-tree with users and attributes.
I have set up the LDAP-client to create new home directories
when a first-time user logs on.
However, when I try to log in with an LDAP-valid user name
I get the following error “User not known to underlying authentication
module”.
This (I believe) must be a PAM-related error, but I just cant figure
out how to configure
the PAM-related modules; common-auth,common-password and
common-session.
These file looks like this:

/etc/pam.d/common-auth:

This file is autogenerated by pam-config.

Authentication-related modules common to all services

This file is included from other service-specific PAM config files,

and should contain a list of the authentication modules that define

the central authentication scheme for use on the system

(e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the

traditional Unix authentication mechanisms.

auth required pam_env.so
auth sufficient pam_unix2.so
auth required pam_ldap.so use_first_pass

/etc/pam.d/common-passwd:

This file is included from other service-specific PAM config files,

and should contain a list of modules that define the services to be

used to change user passwords.

password requisite pam_pwcheck.so nullok cracklib
password sufficient pam_unix2.so use_authtok nullok
password required pam_ldap.so try_first_pass use_authtok

/etc/pam.d/common-session:

Session-related modules common to all services

This file is included from other service-specific PAM config files,

and should contain a list of modules that define tasks to be

performed

at the start and end of sessions of any kind (both interactive and

non-interactive

session optional pam_mkhomedir.so
session required pam_limits.so
session required pam_unix2.so
session optional pam_ldap.so
session optional pam_umask.so

/etc/pam.d/login:

#%PAM-1.0
auth requisite pam_nologin.so
auth [user_unknown=ignore success=ok ignore=ignore auth_err=die
default=bad] pam_securetty.so
auth include common-auth
account include common-account
password include common-password
session required pam_loginuid.so
session include common-session
session required pam_lastlog.so nowtmp
session optional pam_mail.so standard
session optional pam_ck_connector.so

I’m stuck with this so any help or hints is appreciated.


slacktom

slacktom’s Profile: http://forums.novell.com/member.php?userid=116945
View this thread: http://forums.novell.com/showthread.php?t=444975

2

Hi,
check, if you have in the /etc/nsswitch.conf these lines:
passwd: compat
group: files ldap
passwd_compat: ldap

you can check your configuration with “getent passwd”. This list all
users, witch are able to login. :wink:


Honzik

friedl_jan’s Profile: http://forums.novell.com/member.php?userid=56174
View this thread: http://forums.novell.com/showthread.php?t=444975

3

friedl_jan;2139330 Wrote:[color=blue]

Hi,
check, if you have in the /etc/nsswitch.conf these lines:
passwd: compat
group: files ldap
passwd_compat: ldap

you can check your configuration with “getent passwd”. This list all
users, witch are able to login. ;-)[/color]

Best Honzik
Thank you for your reply!
Unfortunately it doesnt work with adding “passwd_compat: ldap” to the
nsswitch.conf file.

My nsswitch.conf looks like this now :

/etc/nsswitch.conf

Example configuration of GNU Name Service Switch functionality.

If you have the glibc-doc-reference' and info’ packages installed,

try:

`info libc “Name Service Switch”’ for information about this file.

passwd: compat
passwd_compat: ldap
group: files ldap
shadow: files ldap

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 mdns
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: ldap

Still getting the same error when trying to login: “User not known to
the underlying authentication module”
By the way : The ‘getent passwd’ only return the local users in
/etc/passwd. No users on the LDAP-server
get listed.

Best Regards,
slacktom


slacktom

slacktom’s Profile: http://forums.novell.com/member.php?userid=116945
View this thread: http://forums.novell.com/showthread.php?t=444975

4

Hi slacktom,

here is my SLES 11 nsswitch.conf, witch is OK. :wink:

passwd: compat
group: files ldap

hosts: files dns
networks: files dns

services: files ldap
protocols: files
rpc: files
ethers: files
netmasks: files
netgroup: files ldap
publickey: files

bootparams: files
automount: files nis
aliases: files ldap
passwd_compat: ldap

slacktom;2140166 Wrote:[color=blue]

By the way : The ‘getent passwd’ only return the local users in
/etc/passwd. No users on the LDAP-server get listed.
[/color]

That is the problem, getent list all users, witch are able login. :wink:


Honzik

friedl_jan’s Profile: http://forums.novell.com/member.php?userid=56174
View this thread: http://forums.novell.com/showthread.php?t=444975