Mailing List
Home
Forum Home
Linux - General Red Hat Linux discussion list
Installation - Getting started with Red Hat Linux
Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)
Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)
Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)
Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)
Apache Web Server
Oracle database, Microsoft SQL server ...
Subjects
Subject: application/x mplayer2 plugin
RPM error: db4 error(16) from dbenv >remove: Device or resource
   busy
Command stream end of file while reading
Subject: X Windows problem (xauth)
Subject: Upgrading openoffice 1 1 rpm
Subject: FTP: connection refused
Subject: FTP: connection refused
mount: /dev/cdrom: is not a valid block device
Dell Precision 650, RedHat 9, no sound
how to trace the cause resulting in the crash of bind server
Virus on the list
UNINSTALL RPM MYSQL
usb pen drives: mounting as a user
Subject: broadcom network interface
make mrproper
Couldn 't open PID file /var/run/named/named pid Permission denied
sendmail configuration on redhat
kernel 2 6 and /dev/sound/mixer not found
Subject: Promise 378 controller
Subject: Problem using up2date
mrtg step by step howto/configuration for a newbie?
Compiling and Installing Kernel 2 6
Can 't locate module ppp0, can 't locate module ppp compress 21
Subject: Lotus Notes under Wine
HOW I CAN MAKE BOOTABLE FLOPPY DISKET
/etc/security/limits conf question
Intel E/1000 driver
rpm database corrupt
Command stream end of file while reading
qla2300 modules
 
Subject: RHEL 3.8 LDAP Auth Failure

Subject: RHEL 3.8 LDAP Auth Failure

2007-05-04       - By Joshua M. Miller

 Back
Reply:     1     2     3     4     5  

Hi John,

The issue here is that a RHEL 3.8 host is having trouble authenticating
and a CentOS 3.8 host with an identical configuration is authenticating
perfectly against the same LDAP server.  Both hosts have identical:

  /etc/ldap.conf
  /etc/openldap/ldap.conf
  /etc/pam.d/system-auth
  /etc/nsswitch.conf

It doesn't make any sense at all...  I'm comparing packages right now to
make sure that they have all of the same packages installed.

(I do have SSL/TLS enabled on the LDAP server as a requirement, I just
disabled it momentarily to make sure that wasn't the problem.)

Thanks, your help is much appreciated!
--
Joshua M. Miller - RHCE,VCP


John Haxby wrote:
> Joshua M. Miller wrote:
>> Turns out the problem is with the ACL on the ldap server.  For some
>> reason RHEL 3.8 attempts to bind to the LDAP server to retrieve the
>> password anonymously unlike the other Linux distros that we use
>> configured the exact same way.
>>
>> Anyone know why this might be?
>>
> I don't know why, but I know that you can configure an authenticated
> bind in /etc/ldap.conf (I think that's the file that pam_ldap uses, I
> don't have it installed here to check, sorry).
>
> I don't think pam_ldap retrieves the password though, I think it
> searches for the user according to the filter specified in
> /etc/ldap.conf and then does an authenticated bind with the resulting
> DN.  It then does an authenticated bind with the user's DN and if
> successful, you're in.  (This is all from reading the code from memory,
> sorry.)   pam_ldap also retrieves other information from the user's
> entry in the LDAP server and uses that to determine, for example,
> whether the account is locked in the account phase.
>
> Anyway, what's failing is the anonymous search and you can configure
> that in /etc/ldap.conf.  You might also want to turn on TLS because at
> some stage chances are its sending the user's password in cleartext
> across the net.  TLS might be enabled by default or it might be up to
> /etc/openldap/ldap.conf to enable it.
>
> If that's not enough I can be more definitve when I'm on my normal work
> machine, sorry.
>
> jch
>
> --
> Taroon-list mailing list
> Taroon-list@(protected)
> https://www.redhat.com/mailman/listinfo/taroon-list
>

--
Taroon-list mailing list
Taroon-list@(protected)
https://www.redhat.com/mailman/listinfo/taroon-list