All commands I try work on both OS's. On the Solaris server su or ssh test01@sol10-1 doesn't work. The user03 account works in just fine.
On sol10-1 in the log /var/adm/messages I get this error when I ssh: libsldap:Status: 49 Mesg: openConnection: simple bind failed - Invalid credentials keyboard-interactive (PAM) userauth failed[9] while authentication: Authentication failed. On sol10-1 in the log /var/adm/messages I get this error when I su: libsldap:Status: 49 Mesg: openConnection: simple bind failed - Invalid credentials 'su test01' failed for user03 on /dev/pts/3 On Wed, Dec 14, 2011 at 1:45 PM, Raffael Sahli <[email protected]> wrote: > On 14.12.2011 19:08, NetNinja wrote: >> >> Hello, >> I have a two different user accounts and one works the other not so >> much. The account user03 works on both Solaris 10 and RHEL clients. >> While test01 can do everything but login to the Solaris 10 client, I >> can use this account to login to the RHEL client though. Can someone >> look at my accounts below and tell me why user03 works and test01 >> doesn't? >> >> # user03, People, test.net >> dn: uid=user03,ou=People,dc=test,dc=net >> uid: user03 >> cn: user03 >> objectClass: account >> objectClass: posixAccount >> objectClass: top >> objectClass: shadowAccount >> shadowMax: 99999 >> shadowWarning: 7 >> loginShell: /bin/bash >> uidNumber: 603 >> gidNumber: 500 >> homeDirectory: /home/user03 >> gecos: user03 >> >> # test01, People, test.net >> dn: uid:test01,ou=People,dc=test,dc=net > > Wrong dn, but I guess thats a mistake with copy&paste ;) I hand typed all this. yes that was a typo. Also I made a typo with this shadowMax: 0 should be shadowMin: 0 > > >> uid: test01 >> cn: test01 >> objectClass: account >> objectClass: posixAccount >> objectClass: top >> objectClass: shadowAccount >> shadowMin: 0 >> shadowMax: 99999 >> shadowWarning: 7 >> loginShell: /bin/bash >> uidNumber: 701 >> gidNumber: 500 >> homeDirectory: /home/test01 >> >> # ldapclient list >> NS_LDAP_FILE_VERSION= 2.0 >> NS_LDAP_BINDDN= uid=proxyagent,ou=People,dc=test,dc=net >> NS_LDAP_BINDPASSWD= password >> NS_LDAP_SERVERS= X.X.X.X:389 >> NS_LDAP_SEARCH_BASEDN= dc=test,dc=net >> NS_LDAP_SERVER_PREF= X.X.X.X >> NS_LDAP_CACHETTL= 0 >> NS_LDAP_CREDENTIAL_LEVEL= proxy >> NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=test,dc=net >> NS_LDAP_SERVICE_SEARCH_DESC= group:ou=People,dc=test,dc=net >> NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=test,dc=net >> NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:simple >> >> I'm still testing so I ran ldapclient manual. When I feel that I have >> the the right setting, I will load the profile into LDAP. >> Any suggestions will be great. >> > Is there anything in the auth log file? You should see some pam errors. > Can you fetch both user with getent? > > > -- > Raffael Sahli > [email protected] >
