HPE Community
Operating System - HP-UX
1828950 Members
2197 Online
109986 Solutions
New Discussion

Cannot authenticate local user accounts!

 
Tony Walker_2
Frequent Advisor

‎08-24-2005 07:54 PM

‎08-24-2005 07:54 PM

Cannot authenticate local user accounts!

Hi Guys,

Here's the situation:

I have an 11i machine which is linked into a SunOne directory server(LDAP) solution. This has been and is working fine. However, I added a local account and found that I cannot login using its details. I've confirmed and re-confirmed the password but each time I login- telnet/ftp/ssh/rlogin I type the correct password and it goes straight to prompting me for my LDAP password! I'm using the following for login (which is the same across all machines)

login auth sufficient /usr/lib/security/libpam_ldap.1 debug
login auth required /usr/lib/security/libpam_unix.1 try_first_pass debug

A debug shows the following:

Aug 25 03:32:58 bskyuat1 login: PAM_LDAP Entering pam_sm_authenticate ...
Aug 25 03:32:58 bskyuat1 login: PAM_LDAP pam_sm_authenticate(login, tonyw), flag
s = 0
Aug 25 03:33:01 bskyuat1 login: PAM_LDAP auth-bind failed!
Aug 25 03:33:01 bskyuat1 login: PAM_LDAP pam_sm_authenticate: set bind status (1
3)
Aug 25 03:33:01 bskyuat1 login: PAM_LDAP 2nd auth_bind returns 13
Aug 25 03:33:01 bskyuat1 login: PAM_LDAP pam_sm_authenticate: returning 13
Aug 25 03:33:01 bskyuat1 login: pam_authenticate: error No account present for u
ser
Aug 25 03:33:01 bskyuat1 login: unix pam_sm_authenticate(login tonyw), flags = 0

Aug 25 03:33:03 bskyuat1 login: pam_authenticate error
Aug 25 03:33:04 bskyuat1 login: exiting with return code 0

I can su - tonyw fine and it seems locally aware of the account but why can't I authenticate!? Recently we had to install Jave 1.3 (from hp site) and there were numerous patches to be installed. I'm hoping to back these out soon but I find it hard to believe that they have caused this problem.

Any insights greatly received.

Regards,

Tony
0 Kudos
Reply
7 REPLIES 7
Steven E. Protter
Exalted Contributor

‎08-24-2005 08:09 PM

‎08-24-2005 08:09 PM

Re: Cannot authenticate local user accounts!

Sounds to me like your default configuration is saying LDAP first on authentication.

That may have been done when you were integrating your server into LDAP.

There may be an account on the LDAP server with that user name and your system is going there first for authentication.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Gavin Clarke
Trusted Contributor

‎08-24-2005 08:19 PM

‎08-24-2005 08:19 PM

Re: Cannot authenticate local user accounts!

I take it this is not something that /etc/nsswitch.conf is doing?

I'll admit my LDAP experience is rather thin.
0 Kudos
Reply
Tony Walker_2
Frequent Advisor

‎08-24-2005 08:20 PM

‎08-24-2005 08:20 PM

Re: Cannot authenticate local user accounts!

Stephen,

Yes, all machines are set to authenticate LDAP first as we have very few local accounts. I've verified that the account does not exist in LDAP and I've tried various others - all with the same result.

Tony
0 Kudos
Reply
Tony Walker_2
Frequent Advisor

‎08-24-2005 08:24 PM

‎08-24-2005 08:24 PM

Re: Cannot authenticate local user accounts!

Gavin,

No, nsswitch.conf is set for files nis for passwd. This can be seen by the fact that I can su - tonyw locally on the machine.

Cheers
0 Kudos
Reply
Ermin Borovac
Honored Contributor

‎08-25-2005 05:47 PM

‎08-25-2005 05:47 PM

Re: Cannot authenticate local user accounts!

Does it work when you switch the order as follows?

login auth sufficient /usr/lib/security/libpam_unix.1 debug
login auth required /usr/lib/security/libpam_ldap.1 try_first_pass debug
0 Kudos
Reply
Tony Walker_2
Frequent Advisor

‎08-25-2005 07:10 PM

‎08-25-2005 07:10 PM

Re: Cannot authenticate local user accounts!

No, no luck with a change of lines in the pam.conf :(
0 Kudos
Reply
Tony Walker_2
Frequent Advisor

‎08-25-2005 07:11 PM

‎08-25-2005 07:11 PM

Re: Cannot authenticate local user accounts!

In fact, bizzarely - there is a local user logged in from yesterday!!?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.