System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

LDAP User could not access system

 
SOLVED
Go to solution
Highlighted
Super Advisor

LDAP User could not access system

Hi

We have two RedHat ES4U4 server, server2 is LDAP server, server1 use LDAP Brower Edit to access LDAP server and add/remove users.

But, currently, we met a problem: lots of LDAP users could not access server1.

1. I have tried to reset their password from LDAP sever via "lbe" on server1, but it doen't work.

2. I did the below command as root user, but got this error.
# su u367
su: incorrect password
correct users I could did # su comand

How to fix this kind of problem?
Any answers will be very appreciate

17 REPLIES 17
Highlighted
Super Advisor

Re: LDAP User could not access system

Sorry, two RH ES3 update 4 server.

server1 has set use LDAP and LDAP server is server2.
Highlighted
Honored Contributor
Solution

Re: LDAP User could not access system

what is the output of:

id u367
getent passwd |grep u367

Are these users in the same organizational unit?
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Highlighted
Super Advisor

Re: LDAP User could not access system

Hi Ivan

Thank you very much for your fast reply, below are the output:

#id j367
uid=10367(j367) gid=100(users) groups=100(users)

# getent passwd |grep j367
j367t:x:20011:100::/home/j367t:/bin/ksh
j367:x:10367:100:j367:/home/j367:/bin/ksh

There users are in the same unit.


Highlighted
Honored Contributor

Re: LDAP User could not access system

Can you please post what you receive when you do:

su - u367
ssh -l u367 localhost

Right after that:
tail /var/log/secure


Check the output of:

finger u367

Check the permissions of the users's home directory.

I would like to see the following files:

more /etc/pam.d/su
more /etc/pam.d/system-auth
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Highlighted
Super Advisor

Re: LDAP User could not access system

Thanks Ivan

I could not show the output right now, because probably, my boss solved this problem. he just ran command "faillog -p / -r", all failure LDAP user worked.

I have no idea why

Could you please explain this?
Highlighted
Honored Contributor

Re: LDAP User could not access system

The "faillog -r" maybe was the solution. This resets the failure count. Probably, the system has configure pam_tally, to deny the login if more than "N" authentication failures was intented. Resetting the login failure count will solve the problem.

You will see pam_tally relates messages to /var/log/messages denying the login.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Highlighted
Super Advisor

Re: LDAP User could not access system

Thanks Ivan

Have a good weekend.
Highlighted
Honored Contributor

Re: LDAP User could not access system

yes; failog fixed your problem


Following entry/file limits the account to be locked/disabled after five login failure.

# grep LOGIN_RETRIES /etc/login.defs
LOGIN_RETRIES 5

# pam_tally --user kumarts
User kumarts (19806) has 10

# faillog -r kumarts

# pam_tally --user kumarts
User kumarts (19806) has 0

Once it is reset to zero ; you would be able to login.


Highlighted
Super Advisor

Re: LDAP User could not access system

Hi Santhosh

Thank you very much for your suggestions

Have a great day

-Gary