Mailing List
Home
Forum Home
Linux - General Red Hat Linux discussion list
Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)
Installation - Getting started with Red Hat Linux
Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)
Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)
Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)
Apache Web Server
Oracle database, Microsoft SQL server ...
Subjects
application/x mplayer2 plugin
RPM error: db4 error(16) from dbenv >remove: Device or resource
   busy
Command stream end of file while reading
X Windows problem (xauth)
Upgrading openoffice 1 1 rpm
FTP: connection refused
FTP: connection refused
mount: /dev/cdrom: is not a valid block device
Dell Precision 650, RedHat 9, no sound
how to trace the cause resulting in the crash of bind server
Virus on the list
UNINSTALL RPM MYSQL
usb pen drives: mounting as a user
broadcom network interface
make mrproper
sendmail configuration on redhat
Couldn 't open PID file /var/run/named/named pid Permission denied
Promise 378 controller
kernel 2 6 and /dev/sound/mixer not found
Problem using up2date
mrtg step by step howto/configuration for a newbie?
Compiling and Installing Kernel 2 6
Can 't locate module ppp0, can 't locate module ppp compress 21
HOW I CAN MAKE BOOTABLE FLOPPY DISKET
Lotus Notes under Wine
/etc/security/limits conf question
Intel E/1000 driver
Command stream end of file while reading
rpm database corrupt
qla2300 modules
 
Search:  
Power your search with and, or, +, -, or "some phrase" operators.
RedHat Linux 2.1 SSL and LDAP issue

RedHat Linux 2.1 SSL and LDAP issue

2005-04-19       - By Lam, Eric

 Back
Hi all

I am not sure which mailing list to use. Someone said this list has the
most Linux people, so I am trying my luck here. No one has reply me from
the redhat-sysadmin-list@(protected) mailing list ;-(

I am enabling the local user to perform password authentication with
some of our LDAP servers using the pam_ldap modules from nss_ldap
package. Users use telnet/ftp/ssh/scp to logon to this RH Linux 2.1
system. We have 4 LDAP servers. Every 2 LDAP servers has a BigIP device
in front of them. Two of the LDAP servers and one BigIP are for UAT, and
the other two LDAP and one BigIP are for production. I added the
pam_ldap entry into the /etc/pam.d/system-auth file, there is nothing
else changed on the system - beside the /etc/ldap.conf file. I did the
same on Linux 2.1 and 3.0. 3.0 has no issue at all, my problem is on
Linux 2.1. Here is my system-auth file:
    auth        required      /lib/security/pam_env.so
    auth        sufficient    /lib/security/pam_unix.so
likeauth nullok
    auth        sufficient    /lib/security/pam_ldauth.so
use_first_pass
    auth        required      /lib/security/pam_deny.so

    account     required      /lib/security/pam_unix.so

    password    required      /lib/security/pam_cracklib.so
retry=3 type     password    sufficient    /lib/security/pam_unix.so
nullok use_authtok md5 shadow
    password    required      /lib/security/pam_deny.so

    session     required      /lib/security/pam_limits.so
    session     required      /lib/security/pam_unix.so
    session     optional      /lib/security/pam_mkhomedir.so
skel=/etc/skel umask2
On Linux 2.1, when SSL is disabled in /etc/ldap.conf, the system has no
issue to use any LDAP servers and BigIP. The user can logon without any
issue.
When SSL is enabled (in /etc/ldap.conf) file, the system can only
utilize the two UAT LDAP servers, but it can not communicate properly
with the BigIP and also the two production servers. On the production
LDAP log, I see the following:
[07/Apr/2005:16:25:20 -0400] conn02833 fd8 slot8 SSL connection
from 172.26.30.52 to 172.26.30.13
[07/Apr/2005:16:25:20 -0400] conn02833 op fd8 closed error
-12195 (unknown) - B1
The other error that I captured is running "sshd -d". When a user ssh to
this Linux 2.1 system, the sshd show this error and disconnected.
    debug1: userauth_banner: sent
    Failed none for a232524 from 10.37.63.30 port 38517 ssh2

    debug1: userauth-request for user a232524 service
ssh-connection method password
    debug1: attempt 1 failures 1
    sshd: ../../../libraries/libldap/cyrus.c:418:
ldap_int_sasl_open: Assertion `lc->lconn_sasl_ctx == ((void *)0)'
failed.
    Aborted
Here is what I am using on the RH Linux 2.1 system:
- openldap-2.0.27-4.7
- openldap-clients-2.0.27-4.7
- nss_ldap-189-9
- openssl-0.9.6b-36
I have compiled the pam_ldap 176 from padl.com, but the result is the
same. I also tested and compiled it with my own SSL 097d and OpenLDAP
2217, but it did not change anything (but I am not sure if it is still
using local ldap libraries during compile).
All LDAP servers are SUN iPlanet 5.0. RH Linux 3.0 has no issue at all
to any LDAP servers and BigIP using SSL or non-SSL. All my Solaris 2.6
to 9 has no issue too. It is the RH Linux 2.1 that has this issue.
I am not sure what else I can capture. Please let me know if you need
more information from this Linux 2.1 system.
Thanks a in advance for any help.

Eric Lam

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@(protected)?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Earn $52 per hosting referral at Lunarpages.