Thanks to the many who replied and helped. I finally managed to narrow down the problem and got a solution from the Sun Support forum. Turns out that I hadn't got proxyagent set up properly so the client was not binding to the server properly. I just ran idsconfig again and reconfigured the values for the proxy agent. Also my pam.conf was wrong. Here is the hacked version that worked. # # Authentication # login auth optional pam_authtok_get.so.1 login auth optional pam_dhkeys.so.1 login auth optional pam_dial_auth.so.1 login auth sufficient pam_unix.so.1 login auth required pam_ldap.so.1 try_first_pass sshd auth sufficient pam_unix.so.1 sshd auth required pam_ldap.so.1 try_first_pass other auth optional pam_authtok_get.so.1 other auth optional pam_dhkeys.so.1 other auth sufficient pam_unix_auth.so.1 other auth required pam_ldap.so.1 try_first_pass passwd auth sufficient pam_passwd_auth.so.1 passwd auth required pam_ldap.so.1 try_first_pass # # Account # cron account required pam_projects.so.1 cron account required pam_unix_account.so.1 other account requisite pam_roles.so.1 other account required pam_projects.so.1 other account sufficient pam_unix_account.so.1 other account required pam_ldap.so.1 try_first_pass # # Session # other session required pam_unix_session.so.1 # # Passwd # other password required pam_dhkeys.so.1 other password required pam_authtok_get.so.1 other password required pam_authtok_check.so.1 other password sufficient pam_authtok_store.so.1 other password required pam_ldap.so.1 Again thanks to everyone that replied! Original Question > > hey folks, > Hope you guys can help me. > I've got Sun One Directory Server 5.2 installed under > Solaris 9. > I have the server configured fine and all and clients are > initialised. > getent passwd user works fine, > ldaplist -l passwd works fine, > But when I try to su to the user it asks for a password > and then an ldap password. When I enter the password I set > on the directory server startconsole it says: > > bash-2.05$ su jdoe > Password: > LDAP Password: > su: Unknown id: jdoe > bash-2.05$ > > also if I try to change the password it doesn't work : > > # passwd -r ldap jdoe > Enter jdoe's password: > New Password: > Re-enter new Password: > passwd: System error: no ldap password for jdoe. > passwd(LDAP): jdoe does not exist > Permission denied > # > > Yet I can finger user and id user and brings me back all > the appropriate info. Is this a pam.conf problem or do I > not have the password configured correctly. I see some > examples with crypt{} in their output but I specified that > the DS would use crypt. I presume it would store them in > crypt automatically when I add a user via the > startconsole. here is ldaplist -l passwd output : > > dn: uid=jdoe,ou=People, dc=example,dc=com > uid: jdoe > givenName: john > sn: doe > cn: john doe > uidNumber: 104 > gidNumber: 10 > homeDirectory: /export/home/jdoe > loginShell: /bin/sh > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: inetorgperson > objectClass: posixAccount > > and here is my pam.conf : > > login auth requisite pam_authtok_get.so.1 > login auth required pam_dhkeys.so.1 > login auth sufficient pam_unix_auth.so.1 > #login auth required pam_dial_auth.so.1 > login auth required pam_ldap.so.1 > # > # rlogin service (explicit because of pam_rhost_auth) > # > #rlogin auth sufficient pam_rhosts_auth.so.1 > rlogin auth requisite pam_authtok_get.so.1 > rlogin auth required pam_dhkeys.so.1 > rlogin auth required pam_unix_auth.so.1 > #rlogin auth required pam_ldap.so.1 try_first_pass > # > # rsh service (explicit because of pam_rhost_auth, > # and pam_unix_auth for meaningful pam_setcred) > # > #rsh auth sufficient pam_rhosts_auth.so.1 > rsh auth required pam_unix_auth.so.1 > #rsh auth required pam_ldap.so.1 try_first_pass > # > # PPP service (explicit because of pam_dial_auth) > # > ppp auth requisite pam_authtok_get.so.1 > ppp auth required pam_dhkeys.so.1 > ppp auth required pam_unix_auth.so.1 > #ppp auth required pam_dial_auth.so.1 > #ppp auth required pam_ldap.so.1 try_first_pass > # > # Default definitions for Authentication management > # Used when service name is not explicitly mentioned for > authenctication > # > other auth required pam_authtok_get.so.1 > other auth required pam_dhkeys.so.1 > other auth sufficient pam_unix_auth.so.1 > other auth required pam_ldap.so.1 > > passwd auth sufficient pam_passwd_auth.so.1 > passwd auth required pam_ldap.so.1 > # > # cron service (explicit because of non-usage of > pam_roles.so.1) > # > cron account required pam_projects.so.1 > cron account required pam_unix_account.so.1 > # > # Default definition for Account management > # Used when service name is not explicitly mentioned for > account management > # > other account requisite pam_roles.so.1 > other account required pam_projects.so.1 > other account required pam_unix_account.so.1 > # > # Default definition for Session management > # Used when service name is not explicitly mentioned for > session management > # > other session required pam_unix_session.so.1 > # > # Default definition for Password management > # Used when service name is not explicitly mentioned for > password management > # > other password required pam_dhkeys.so.1 > other password requisite pam_authtok_get.so.1 > other password requisite pam_authtok_check.so.1 > other password sufficient pam_authtok_store.so.1 > other password required pam_ldap.so.1 > > any help would be appreciated! > _______________________________________________ > sunmanagers mailing list > sunmanagers@sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Thu Mar 3 04:54:10 2005
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:43 EST