Re: Strange LDAP problem

Stephen Gran Wed, 24 Mar 2004 19:17:10 -0600

This one time, at band camp, Theodore Knab said:
> If finger is not working, does chfn or the password change stuff work ?
> 
> I think this is a PAM issue. However, I could be wrong.
> 
> My '/etc/pam.d/login' file looks like this and fingers work with LDAP.
> 
> What does your look like ?
> 
> [EMAIL PROTECTED]:/etc/pam.d$ cat login | grep -v ^#
> 
> auth       requisite  pam_securetty.so
> auth       requisite  pam_nologin.so
> auth       required   pam_env.so
> auth       sufficient pam_ldap.so
> auth       required   pam_unix.so nullok
> account    sufficient pam_ldap.so
> account    required   pam_unix.so
> session    sufficient pam_ldap.so
> session    required   pam_unix.so
> session    optional   pam_lastlog.so
> session    optional   pam_motd.so
> session    optional   pam_mail.so standard noenv
> password   sufficient pam_ldap.so obscure min=4 max=50
> password   required   pam_unix.so nullok obscure min=4 max=50


auth       required     pam_securetty.so
auth       required     pam_nologin.so
auth       sufficient   pam_ldap.so
auth       required     pam_unix_auth.so try_first_pass
account    sufficient   pam_ldap.so
account    required     pam_unix_acct.so
password   sufficient   pam_ldap.so
password   required     pam_unix.so use_first_pass
session   sufficient    pam_ldap.so
session    required     pam_unix_session.so
#session    optional     pam_console.so

Not so strikingly different that I see the problem.  Remeber too, that
users can log in and that `id` works as expected.

> My LDAP entry looks like:
[...]
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> objectClass: account
> objectClass: qmailuser
> objectClass: couriermailaccount
> objectClass: Person
> objectClass: OrganizationalPerson
> objectClass: inetOrgPerson

This is where I see some differences.  We don't use inetOrgPerson, but
we use a locally extended one in our schema.  I don't see how this could
make a difference, though.

Thanks for the help,
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        [EMAIL PROTECTED] |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------

pgp0SXQ9UFLdq.pgp
Description: PGP signature

Re: Strange LDAP problem

Reply via email to