HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: user failed to login after LDAP-UX setup
Operating System - HP-UX
1833883
Members
1728
Online
110063
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-09-2009 02:44 AM
01-09-2009 02:44 AM
user failed to login after LDAP-UX setup
I setup the LDAP-UX with IBM Tivoli Directory Server.
Now I can su to an ldap user but the ldap user cannot login to the HP-UX by his own.
HP-UX tivhp12 B.11.11 U 9000/800 (te)
login: ldapuser
Password:
Your account has expired or has been locked.
Log infomations as follows:
Jan 9 16:35:41 tivhp12 login: pam_authenticate: error Authentication failed
Jan 9 16:35:41 tivhp12 login: PAM_LDAP Entering pam_sm_authenticate ...
Jan 9 16:35:41 tivhp12 login: PAM_LDAP pam_sm_authenticate(login, ldapuser), flags = 0
Jan 9 16:35:41 tivhp12 login: PAM_LDAP auth-bind authenticate passed!
Jan 9 16:35:41 tivhp12 login: PAM_LDAP pam_sm_authenticate: set bind status (0)
Jan 9 16:35:41 tivhp12 login: PAM_LDAP 1st auth_bind returns 0
Jan 9 16:35:41 tivhp12 login: PAM_LDAP pam_sm_authenticate: returning 0
Jan 9 16:35:41 tivhp12 login: PAM_LDAP Entering pam_sm_authenticate ...
Jan 9 16:35:41 tivhp12 login: PAM_LDAP pam_sm_authenticate(login, ldapuser), flags = 0
Jan 9 16:35:41 tivhp12 login: PAM_LDAP auth-bind authenticate passed!
Jan 9 16:35:41 tivhp12 login: PAM_LDAP pam_sm_authenticate: set bind status (0)
Jan 9 16:35:41 tivhp12 login: PAM_LDAP 1st auth_bind returns 0
Jan 9 16:35:41 tivhp12 login: PAM_LDAP pam_sm_authenticate: returning 0
Jan 9 16:35:41 tivhp12 login: pam_acct_mgmt: error User account has expired
Jan 9 16:35:41 tivhp12 login: exiting with return code 17
Jan 9 16:39:44 tivhp12 login: pam_authenticate: error Authentication failed
nsquery works fine:
bash-3.1# nsquery passwd ldapuser
Using "files ldap" for the passwd policy.
Searching /etc/passwd for ldapuser
ldapuser was NOTFOUND
Switch configuration: Allows fallback
Searching ldap for ldapuser
User name: ldapuser
User Id: 116
Group Id: 20
Gecos:
Home Directory: /home/ldapuser
Shell: /sbin/sh
Switch configuration: Terminates Search
It seems pam searched the expire attribute for the user which actually doens't exist.
Is there any way to disable the expiration check or anything I can change on the directory server to meet the requirements?
Thank you in advance!
Now I can su to an ldap user but the ldap user cannot login to the HP-UX by his own.
HP-UX tivhp12 B.11.11 U 9000/800 (te)
login: ldapuser
Password:
Your account has expired or has been locked.
Log infomations as follows:
Jan 9 16:35:41 tivhp12 login: pam_authenticate: error Authentication failed
Jan 9 16:35:41 tivhp12 login: PAM_LDAP Entering pam_sm_authenticate ...
Jan 9 16:35:41 tivhp12 login: PAM_LDAP pam_sm_authenticate(login, ldapuser), flags = 0
Jan 9 16:35:41 tivhp12 login: PAM_LDAP auth-bind authenticate passed!
Jan 9 16:35:41 tivhp12 login: PAM_LDAP pam_sm_authenticate: set bind status (0)
Jan 9 16:35:41 tivhp12 login: PAM_LDAP 1st auth_bind returns 0
Jan 9 16:35:41 tivhp12 login: PAM_LDAP pam_sm_authenticate: returning 0
Jan 9 16:35:41 tivhp12 login: PAM_LDAP Entering pam_sm_authenticate ...
Jan 9 16:35:41 tivhp12 login: PAM_LDAP pam_sm_authenticate(login, ldapuser), flags = 0
Jan 9 16:35:41 tivhp12 login: PAM_LDAP auth-bind authenticate passed!
Jan 9 16:35:41 tivhp12 login: PAM_LDAP pam_sm_authenticate: set bind status (0)
Jan 9 16:35:41 tivhp12 login: PAM_LDAP 1st auth_bind returns 0
Jan 9 16:35:41 tivhp12 login: PAM_LDAP pam_sm_authenticate: returning 0
Jan 9 16:35:41 tivhp12 login: pam_acct_mgmt: error User account has expired
Jan 9 16:35:41 tivhp12 login: exiting with return code 17
Jan 9 16:39:44 tivhp12 login: pam_authenticate: error Authentication failed
nsquery works fine:
bash-3.1# nsquery passwd ldapuser
Using "files ldap" for the passwd policy.
Searching /etc/passwd for ldapuser
ldapuser was NOTFOUND
Switch configuration: Allows fallback
Searching ldap for ldapuser
User name: ldapuser
User Id: 116
Group Id: 20
Gecos:
Home Directory: /home/ldapuser
Shell: /sbin/sh
Switch configuration: Terminates Search
It seems pam searched the expire attribute for the user which actually doens't exist.
Is there any way to disable the expiration check or anything I can change on the directory server to meet the requirements?
Thank you in advance!
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-09-2009 02:59 AM
01-09-2009 02:59 AM
Re: user failed to login after LDAP-UX setup
Hi,
Did you configure ldap in the /etc/nsswitch.conf?
http://docs.hp.com/en/J4269-90016/ch02s07.html
Regards,
Robert-Jan
Did you configure ldap in the /etc/nsswitch.conf?
http://docs.hp.com/en/J4269-90016/ch02s07.html
Regards,
Robert-Jan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-09-2009 03:03 AM
01-09-2009 03:03 AM
Re: user failed to login after LDAP-UX setup
Sure.
The currrent /etc/nsswitch.conf:
passwd: files ldap
group: files ldap
hosts: dns files ldap
networks: files ldap
protocols: files ldap
rpc: files ldap
publickey: ldap [NOTFOUND=return] files
netgroup: files ldap
automount: files ldap
aliases: files
services: files ldap
As you can see in my first post, the nsquery command works fine.
The currrent /etc/nsswitch.conf:
passwd: files ldap
group: files ldap
hosts: dns files ldap
networks: files ldap
protocols: files ldap
rpc: files ldap
publickey: ldap [NOTFOUND=return] files
netgroup: files ldap
automount: files ldap
aliases: files
services: files ldap
As you can see in my first post, the nsquery command works fine.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2009 11:15 PM
01-18-2009 11:15 PM
Re: user failed to login after LDAP-UX setup
Finally I found the root cause was the incorret pam.conf..
I did some copy&paste work in pam.conf and some lines were incorrect.
I did some copy&paste work in pam.conf and some lines were incorrect.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP