The task is to have the server using corporate ldap server for user authentication.
I have spend several days but unable to move any further except following:
1) I have installed....
------------------------------------------------------------------------------------------------------------
nss_ldap-253-3
openldap-2.3.27-5
openldap-clients-2.3.27-5
2) Configured ldap client and can hit the ldap server and get following response:
------------------------------------------------------------------------------------------------------------
[root@poc-mcs-004 etc]# ldapsearch -x -LLL uid=muhshaik
dn: uid=muhshaik,ou=active,ou=employees,ou=people,o=cisco.com
voicemail: XXX XXXX
telephoneNumber: +1 XXX XXX XXXX
ciscoITInternalPhoneNumber: XXXXXXX
state: CALIFORNIA
site: San Jose Site 4
roomNumber: G5-9
registeredAddress: 3550 Cisco Way
postOfficeBox: SJC19/4/4
postalCode: 95134
locationtype: TRADITIONAL
floor: 4
country: United States
city: San Jose
building: SJ-19
groupmembership: allusers
groupmembership: c2cusers
groupmembership: c2users
groupmembership: cdo_all
groupmembership: csg-codedrop
groupmembership: dpt21633
groupmembership: engall
groupmembership: engonly
groupmembership: fit-users
groupmembership: guido
groupmembership: ibsgit
groupmembership: owt370-r
groupmembership: owtallusers
groupmembership: relops-website
groupmembership: rlspreview-eng
groupmembership: solpmt
groupmembership: tsbu
manageruid: XXXXX
vendorname: XXX Software Services Inc
facsimileTelephoneNumber:
status: Active
acquisitionno:
mobile:
seeAlso:
publishpager: n
labeledUri:
title: System Engineer
employeeNumber: XXXXXX
utcoffset:
cn: Mxxxxxxx Sxxxxx
employeeType: Vendor
uid: muhshaik
epage: n
publishmobile: n
middleinitial:
description: TXBU Engineering
mail:
muhshaik@cisco.com
supportorganization: n
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: ciscoPerson
secondaryaddress:
nickname:
publishpicture: y
manager: Gxxxx Hxxx (gxxxxx)
directreports:
sn: Shaikh
givenName: Mxxxxxxx
departmentNumber: XXXXXXXXX
Also see the configuration for pam:
------------------------------------------------------------------------------------------------------------
[root@poc-mcs-004 pam.d]# cat system-auth-ac
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
But when I try to login as muhshaik, it fails as Access Denied, I grep for logs as:
------------------------------------------------------------------------------------------------------------
login as: muhshaik
muhshaik@poc-mcs-004's password:
Access denied
muhshaik@poc-mcs-004's password:
See messages in log files:
------------------------------------------------------------------------------------------------------------
tail -f /var/log/messages
Feb 26 22:54:01 poc-mcs-004 snmpd[12320]: error on subcontainer '' insert (-1)
Feb 26 22:54:22 poc-mcs-004 nscd: nss_ldap: reconnected to LDAP server ldap://171.70.150.78 after 1 attempt
Feb 26 22:54:31 poc-mcs-004 snmpd[12320]: error on subcontainer 'ia_addr' insert (-1)
Feb 26 22:54:31 poc-mcs-004 snmpd[12320]: error on subcontainer 'ia_addr' insert (-1)
Feb 26 22:54:31 poc-mcs-004 snmpd[12320]: error on subcontainer '' insert (-1)
tail -f /var/log/secure
Feb 26 22:54:22 poc-mcs-004 sshd[25721]: Invalid user muhshaik from 10.21.67.114
Feb 26 22:54:22 poc-mcs-004 sshd[25722]: input_userauth_request: invalid user muhshaik
Feb 26 22:54:27 poc-mcs-004 sshd[25721]: pam_unix(sshd:auth): check pass; user unknown
Feb 26 22:54:27 poc-mcs-004 sshd[25721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=sjc-vpn3-882.cisco.com
Feb 26 22:54:27 poc-mcs-004 sshd[25721]: pam_succeed_if(sshd:auth): error retrieving information about user muhshaik
Feb 26 22:54:28 poc-mcs-004 sshd[25721]: Failed password for invalid user muhshaik from 10.21.67.114 port 2718 ssh2
Could some please let me know what is wrong here, am I doing something missing here, why my login is not working.