From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1PFDI0-0001xX-Us for garchives@archives.gentoo.org; Sun, 07 Nov 2010 22:00:41 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6E8BBE0849; Sun, 7 Nov 2010 21:59:42 +0000 (UTC) Received: from mail-qy0-f174.google.com (mail-qy0-f174.google.com [209.85.216.174]) by pigeon.gentoo.org (Postfix) with ESMTP id 5135EE0849 for ; Sun, 7 Nov 2010 21:59:42 +0000 (UTC) Received: by qyk12 with SMTP id 12so1406298qyk.19 for ; Sun, 07 Nov 2010 13:59:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:sender:received :in-reply-to:references:from:date:x-google-sender-auth:message-id :subject:to:content-type; bh=IQoZ/g8EYydlVIVoC90iL7XntDzsxk5uF040Bc6BOEE=; b=q0Hm4LHo5JHEb2S9xZOCjgvWxPzM95Ga4SXzSyp6TQnZQ1RwzCFwAi1DSYOBNy//pf +cJBkWggVSEa7O9lBomQm0HV8LzdReRmbiT+Rn0/w4THmgPbbW0Gl3lBHRrMGAxGM/rD N0dQedKH0j7V4bP5szCwGkPnMAc1IvOu2uTro= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:content-type; b=GW4OlIrxzk4cFrAVR7o9JTLLWBnbGO+a6bx1w86j5hSL7+C9DUqXyAOac2yAnzc7Pm 0/zzN6IS433xxqlxH3kwrS05yhRzkk5GK6lGHJOQj2s0GhSwRjrj3xQdhbWZeZ3jh6Au b8wBPv03zopm6iBcEOzyXXF/Etr9ZtFFKH7+M= Received: by 10.224.202.200 with SMTP id ff8mr3187538qab.211.1289167181310; Sun, 07 Nov 2010 13:59:41 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Sender: jz.penguin@gmail.com Received: by 10.220.100.16 with HTTP; Sun, 7 Nov 2010 13:59:21 -0800 (PST) In-Reply-To: References: <640AF55A-91BB-4CA4-B63E-A23D34E9DA9F@stellar.eclipse.co.uk> From: James Date: Sun, 7 Nov 2010 21:59:21 +0000 X-Google-Sender-Auth: 5FrDTclP2RfJkHEqwX5iu8c0WsI Message-ID: Subject: Re: [gentoo-user] ldap client authentication To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 X-Archives-Salt: c5209fda-a8a2-4e9f-90d2-5c74e0b220f5 X-Archives-Hash: bedde5801f49532e1bc2c22a82ae0af3 I've enabled compile-time debug flags, to no avail. I did some troubleshooting for several hours last night and discovered something interesting -- the LDAP server is responding with a SUCCESS message to the bind request, but PAM (for whatever reason) is still denying my login request. Here's the output of a sniffer capture between the client and the LDAP server: bindResponse resultCode: success (0) The /var/log/auth.log file indicates the following: ==> auth.log <== Nov 3 06:24:00 s_dgram@auth.whatever.com sshd[11393]: error: PAM: Authentication failure for illegal user tb from 10.9.3.153 Nov 3 06:24:00 s_dgram@auth.whatever.com sshd[11393]: Failed keyboard-interactive/pam for invalid user tb from 10.9.3.153 port 56665 ssh2 Nov 3 06:24:00 s_dgram@auth.whatever.com sshd[11396]: pam_tally2(sshd:auth): pam_get_uid; no such user My /etc/pam.d/system-auth file is pretty much verbatim what is listed here: http://www.gentoo.org/doc/en/ldap-howto.xml Also, my /etc/nsswitch.conf file has "files" and "ldap" in the appropriate places. passwd: files ldap shadow: files ldap group: files ldap Thoughts would be greatly appreciated -- I'm almost there! I just need to figure out why PAM isn't playing nice with LDAP authentication. -james I'm so close I can taste it. :) Any thoughts or ideas on how to fix this would be greatly appreciated. On Fri, Nov 5, 2010 at 20:06, Ward Poelmans wrote: > On Fri, Nov 5, 2010 at 20:46, James wrote: >> The logdir is filled with empty files that, in the name of the file, >> has the pid of the pam process. However, these files are empty and >> they do not have anything in them. >> >> Thoughts? > > Try putting the compile time debugging options on? > > Ward