HPE Community
Operating System - HP-UX
1838458 Members
3093 Online
110126 Solutions
New Discussion

Re: LDAP/UX

 
Phil Daws_2
Regular Advisor

‎04-05-2002 01:28 AM

‎04-05-2002 01:28 AM

LDAP/UX

Hi all:

I have successfully built iPlanet 5 and have imported a test user into the database. I have configured /etc/pam.conf with the following options :

login auth sufficient /usr/lib/security/libpam_unix.1 debug
login auth required /usr/lib/security/libpam_ldap.1 try_first_pass debug

If I log in as 'root' I can successfully 'su' to the account. (The account is no longer in /etc/passwd). But when I try and login it always fails. In the debug file the following entries are there :

Apr 5 04:24:23 dcssymon login: PAM_LDAP Entering pam_sm_authenticate ...
Apr 5 04:24:23 dcssymon login: PAM_LDAP pam_sm_authenticate(login, utest), flag
s = 0
Apr 5 04:24:23 dcssymon login: PAM_LDAP auth-bind authenticate passed!
Apr 5 04:24:23 dcssymon login: PAM_LDAP 1st auth_bind returns 0
Apr 5 04:24:23 dcssymon login: PAM_LDAP pam_sm_authenticate: returning 0

What am I doing wrong? I believe that I have configured it okay. The entry in the LDAP server shows {crypt}.

One thing I have noticed is that if I try and change the password it always comes back saying failure.

Help?
0 Kudos
Reply
6 REPLIES 6
Steve Steel
Honored Contributor

‎04-05-2002 02:00 AM

‎04-05-2002 02:00 AM

Re: LDAP/UX

Hi


Make sure your patch level is good

For 11.00
Patch Name: PHCO_25527

Patch Description: s700_800 11.00 libpam and libpam_unix cumulative patch

Creation Date: 01/10/15

Post Date: 01/10/25


And dependencies.


Steve Steel
If you want truly to understand something, try to change it. (Kurt Lewin)
0 Kudos
Reply
Steven Gillard_2
Honored Contributor

‎04-05-2002 02:12 AM

‎04-05-2002 02:12 AM

Re: LDAP/UX

Have a look at:

http://docs.hp.com/hpux/onlinedocs/J4269-90013/J4269-90013.html

Especially the section on 'verifying the LDAP client services' in the installation chapter. Do all these tests work?

Regards,
Steve
0 Kudos
Reply
Rainer von Bongartz
Honored Contributor

‎04-05-2002 03:17 AM

‎04-05-2002 03:17 AM

Re: LDAP/UX

PHIL,

the messages

Apr 5 04:24:23 dcssymon login: PAM_LDAP pam_sm_authenticate: returning 0

means that the ldap server has authenticated the account( returning 0 means no error).


If you still can't log on there seems to be a problem with the posix parameters for this users in the LDAP scheme.

check there.

(you might take a loom at the LDAP access and error log files)


Regards
Rainer
He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
0 Kudos
Reply
Phil Daws_2
Regular Advisor

‎04-05-2002 06:35 AM

‎04-05-2002 06:35 AM

Re: LDAP/UX

Okay, I have applied PHNE_25779 and it still does not work :( How should I change the password for the account?
0 Kudos
Reply
Dan Elder
New Member

‎11-03-2004 11:44 AM

‎11-03-2004 11:44 AM

Re: LDAP/UX

I'm having the same problem with an HPUX box. su works perfectly via ldap but every other service fails mysteriously. Have you been able to resolve this with additional patches or configuration changes?
0 Kudos
Reply
Bhaskar Regmi
Occasional Advisor

‎12-02-2004 07:34 AM

‎12-02-2004 07:34 AM

Re: LDAP/UX

Are you using LDAP-UX or pam_ldap from PADL software?

I installed pam_ldap from PADL on all solaris and linux boxes. They are working perfectly. But on HP boxes I am also having problem. I want to authentication user via ldap and nothing else(no nss_ldap, etc).

Can you point me to the right document to achive the same thing using LDAP-UX Client Services. I went through the HP's document but did not help much.

Any help will be highly appreciated

Bhaskar Regmi
Motorola Canada
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.