LDAP client configuration

madhum210 · April 11, 2014, 9:10pm

I am trying to configure Active Directory authentication to SUSE Linux Enterprise Server 11 (x86_64) sever, but somehow we are not able to succeed. in warn file logs are showing error message “nss_ldap: could not search LDAP server - Server is unavailable”… and I am able to do the ldapsearch from SUSE server with same user.

I used yast to configure LDAP client… does anyone has any idea why we getting this?

below lines are from messages file…

suselx01 sshd[13631]: Invalid user from 14.x.x.x
suselx01 sshd[13633]: pam_ldap: ldap_search_s Operations error
suselx01 sshd[13631]: error: PAM: User not known to the underlying authentication module for illegal user from 14.x.x.x
suselx01 sshd[13631]: Failed keyboard-interactive/pam for invalid user from 14.x.x.x port 61072 ssh2
suselx01 sshd[13637]: Accepted keyboard-interactive/pam for root from 14.x.x.x port 61073 ssh2
suselx01 sshd[13635]: pam_unix2(sshd:auth): conversation failed
suselx01 sshd[13635]: pam_ldap: ldap_search_s Operations error
suselx01 sshd[13635]: error: ssh_msg_send: write

madhum210 · April 14, 2014, 8:46pm

Does anyone has experience or achieved in configured SUSE as AD client for authentication?

ab1 · April 14, 2014, 9:09pm

There have been threads in the past covering this. Did you find those?
Here’s one:

https://forums.suse.com/showthread.php?1260-control-access-from-active-directory

–
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

madhum210 · April 14, 2014, 10:02pm

Hi AB,

thanks for the reply…

I did lot of research on net to figure out why it is not working… I didn’t find any helpful data. I even opened case with IBM to see why it is not working … not much help from them as well.
I am using nss_ldap and pam_ldap … and I just need to login to box using AD credentials… not sure where the issue is… it is simply throwing below error it doesn’t matter what changes I done on configuration.

Invalid user xxx\xxxxx
error: PAM: User not known to the underlying authentication module for illegal user xxx/xxxx
Failed keyboard-interactive/pam for invalid user xxx/xxx port 54163 ssh2

I think Linux is sending one format and AD is configured another format… like Linux is sending posixaccount and AD is looking UID…

any help…

Jens-U · April 22, 2014, 4:32pm

Hi madhum210,

in your initial message you said that your ldapsearch worked fine using that same user - did you search for the user entry or did you specify the user DN as the bind DN?

While I have not had to bind against AD yet, if ldapsearch works, you can get nss_dap working, too

Have you enabled the settings in /etc/ldap.conf’s “# RFC 2307 (AD) mappings” section?

Regards,
Jens

Topic		Replies	Views
Sudo: PAM authentication error: User not known to the underlying authentication module	0	662	January 12, 2023
Can not login via LDAP authentication SLES Configure-Administer	2	202	April 22, 2014
SSH to use LDAP SLES Configure-Administer	3	172	October 31, 2014
Configuring LDAP user authentication SLES Configure-Administer	14	622	June 17, 2016
Unable to integrate SuSe with AD SLES Configure-Administer	4	239	August 6, 2017

LDAP client configuration

Related Topics