'[pamldap] dtsession auth using PAM_LDAP doesn't work on solaris 8'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pamldap
Subject:    [pamldap] dtsession auth using PAM_LDAP doesn't work on solaris 8
From:       Lara Adianto <m1r4cle_26 () yahoo ! com>
Date:       2004-07-26 3:23:55
Message-ID: 20040726032356.10916.qmail () web50209 ! mail ! yahoo ! com
[Download RAW message or body]

Hello everyone,

I have a solaris 8 workstation being setup to use
pam_ldap for authentication. The ldap server is an
openldap installed in redhat linux. 

As I tested my setup, I notice that unlocking the
workstation can't be done using pam_ldap. I believe
dtsession is the one who's responsible for unlocking
DCE session

I've tried to turn off / on TLS (thought it might be
the problem), but both don't work.

Looking at the content of /var/adm/messages:
Jul 26 10:06:41 Sun1 dtlogin[941]: get_user_info
Jul 26 10:06:41 Sun1 dtlogin[941]: open_session
Jul 26 10:06:41 Sun1 dtlogin[941]: ldap_simple_bind
Jul 26 10:06:41 Sun1 last message repeated 1 time
Jul 26 10:06:59 Sun1 dtsession[1021]: get_user_info
Jul 26 10:06:59 Sun1 dtsession[1021]: open_session
Jul 26 10:06:59 Sun1 dtsession[1021]: ldap_simple_bind
Jul 26 10:06:59 Sun1 dtsession[1021]: [ID 280705
user.error] pam_ldap: ldap_simple_bind Can't contact
LDAP server

In case of using TLS, the error would be:
pam_ldap: ldap_starttls_s Can't contact LDAP server

I logged into the workstation using ldap account, and
dtlogin authentication using pam_ldap works perfectly
!
But when I locked then try to unlock the workstation,
I can only do so by using unix password. 

I've only 2 entries for dtsession in pam.conf:
dtsession  auth sufficient
/usr/lib/security/$ISA/pam_unix.so.1
dtsession  auth required  
/usr/lib/security/$ISA/pam_ldap.so.1 use_first_pass
which in my opinion should work

My observation shows that dtsession isn't even able to
contact the ldap server for unlocking the workstation
eventhough i have the pam_ldap for dtsession set to
required.

At first, I thought it's a file permission problem,
but seems not.

any ideas what could be the cause ?

Thanks,
lara

=====
------------------------------------------------------------------------------------ 
La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
                                                                        - Guy de Maupassant -
------------------------------------------------------------------------------------


		
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic