[SunRay-Users] FW: SunRay-Users ldap authentication failing

Propst, Clinton W CTR USAF AMC 375 CSPTS/SCO Thu, 18 Sep 2008 09:41:59 -0700

Hi All,


I have configured SRSS (4.0 patch 127553-02) for ldap using "ldapclient
init ...".  SSH and su work fine using ldap for authentication, but Sun
Ray users are unable to login.  Receive "Login incorrect".  Below is the
pam.conf and ldap log.  We are using Sun Java Directory Server 6.3.  

 

Another error (attached below) that is related to ldap occurs during
reboot.  The Sun Ray services cannot bind to the Sun Ray Data Store.
Can I configure the Sun Ray server as an ldap client or will it mess up
the Sun Ray Data Store connection?  

 

 

Any and all help greatly appreciated.  Thanks in advance.  

 

Clinton

 

 

 

Pam.conf

 

 

# added to dtlogin-SunRay by SunRay Server Software -- dtlogin-SunRay

dtlogin-SunRay auth sufficient /opt/SUNWut/lib/pam_sunray.so

dtlogin-SunRay auth requisite /opt/SUNWut/lib/sunray_get_user.so.1
property=username

dtlogin-SunRay auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1

dtlogin-SunRay auth requisite /opt/SUNWut/lib/sunray_get_user.so.1
prompt

dtlogin-SunRay auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1
clearuser

dtlogin-SunRay auth requisite pam_authtok_get.so.1 

dtlogin-SunRay auth required pam_dhkeys.so.1 

dtlogin-SunRay auth required pam_unix_cred.so.1 

dtlogin-SunRay auth binding pam_unix_auth.so.1 server_policy

dtlogin-SunRay auth required pam_ldap.so.1 

 

dtlogin-SunRay account sufficient /opt/SUNWut/lib/pam_sunray.so

dtlogin-SunRay account requisite pam_roles.so.1 

dtlogin-SunRay account binding pam_unix_account.so.1 server_policy 

dtlogin-SunRay account required pam_ldap.so.1 

 

dtlogin-SunRay session required pam_unix_session.so.1 

dtlogin-SunRay password required pam_dhkeys.so.1 

dtlogin-SunRay password requisite pam_authtok_get.so.1 

dtlogin-SunRay password requisite pam_authtok_check.so.1 

dtlogin-SunRay password required pam_authtok_store.so.1

# added to dtsession-SunRay by SunRay Server Software --
dtsession-SunRay

dtsession-SunRay auth sufficient /opt/SUNWut/lib/pam_sunray.so
syncondisplay

dtsession-SunRay auth requisite pam_authtok_get.so.1 

dtsession-SunRay auth required pam_dhkeys.so.1 

dtsession-SunRay auth required pam_unix_cred.so.1 

dtsession-SunRay auth sufficient pam_unix_auth.so.1 

 

dtsession-SunRay account requisite pam_roles.so.1 

dtsession-SunRay account sufficient pam_unix_account.so.1 

 

dtsession-SunRay session required pam_unix_session.so.1 

dtsession-SunRay password required pam_dhkeys.so.1 

dtsession-SunRay password requisite pam_authtok_get.so.1 

dtsession-SunRay password requisite pam_authtok_check.so.1 

dtsession-SunRay password required pam_authtok_store.so.1 

 

 

 

 

 

 

Sun Java Directory Server 6.3 log:

 

 

 

[11/Sep/2008:18:40:49 +0000] conn=1372 op=-1 msgId=-1 - fd=69 slot=69
LDAP connection from 134.221.19.22:33063 to 134.221.19.36

[11/Sep/2008:18:40:49 +0000] conn=1372 op=0 msgId=1 - BIND
dn="cn=proxyagent,ou=profile,dc=users,dc=market,dc=hr,dc=usda,dc=gov"
method=128 version=3

[11/Sep/2008:18:40:49 +0000] conn=1372 op=0 msgId=1 - RESULT err=0
tag=97 nentries=0 etime=0
dn="cn=proxyagent,ou=profile,dc=users,dc=market,dc=hr,dc=usda,dc=gov"

[11/Sep/2008:18:40:49 +0000] conn=1372 op=1 msgId=2 - SRCH
base="ou=people,dc=users,dc=market,dc=hr,dc=usda,dc=gov" scope=2
filter="(&(objectClass=posixAccount)(uid=clinton.propst))" attrs=ALL

[11/Sep/2008:18:40:49 +0000] conn=1372 op=1 msgId=2 - RESULT err=0
tag=101 nentries=1 etime=0

[11/Sep/2008:18:40:49 +0000] conn=1373 op=-1 msgId=-1 - fd=71 slot=71
LDAP connection from 134.221.19.22:33064 to 134.221.19.36

[11/Sep/2008:18:40:49 +0000] conn=1373 op=0 msgId=1 - BIND
dn="uid=clinton.propst,ou=People,dc=users,dc=market,dc=hr,dc=usda,dc=gov
" method=128 version=3

[11/Sep/2008:18:40:49 +0000] conn=1373 op=0 msgId=1 - RESULT err=0
tag=97 nentries=0 etime=0
dn="uid=clinton.propst,ou=people,dc=users,dc=market,dc=hr,dc=usda,dc=gov
"

[11/Sep/2008:18:40:52 +0000] conn=1020 op=507 msgId=508 - SRCH
base="ou=people,dc=users,dc=market,dc=hr,dc=usda,dc=gov" scope=2
filter="(&(objectClass=posixAccount)(uidNumber=1201))" attrs="cn uid
uidNumber gidNumber gecos description homeDirectory loginShell"

[11/Sep/2008:18:40:52 +0000] conn=1020 op=507 msgId=508 - RESULT err=0
tag=101 nentries=1 etime=0

[11/Sep/2008:18:40:53 +0000] conn=1372 op=2 msgId=3 - UNBIND

[11/Sep/2008:18:40:53 +0000] conn=1372 op=2 msgId=-1 - closing from
134.221.19.22:33063 - U1 - Connection closed by unbind client -

[11/Sep/2008:18:40:53 +0000] conn=1373 op=1 msgId=2 - UNBIND

[11/Sep/2008:18:40:53 +0000] conn=1373 op=1 msgId=-1 - closing from
134.221.19.22:33064 - U1 - Connection closed by unbind client -

[11/Sep/2008:18:40:53 +0000] conn=1372 op=-1 msgId=-1 - closed.

[11/Sep/2008:18:40:54 +0000] conn=1373 op=-1 msgId=-1 - closed.

 

 

 

 

 

 

 

 

Sun Ray Server /var/adm/messages during boot with ldap client
configured:

 

 

 

Sep 11 13:38:35 sraysvr rpcbind: [ID 564983 daemon.error] rpcbind
terminating on signal.

Sep 11 13:38:40 sraysvr utdevadm[19113]: [ID 702911 user.info]
open_connection(): Could not bind to DS server sraysvr - Can't connect
to the LDAP server

Sep 11 13:40:40 sraysvr utdevadm[1043]: [ID 702911 user.info]
open_connection(): Could not bind to DS server sraysvr - Can't contact
LDAP server

Sep 11 13:40:40 sraysvr utpulld[997]: [ID 224068 daemon.error] Error:
ldap_sasl_bind (host localhost, DN cn=admin,o=utdata) returned: Can't
contact LDAP server

Sep 11 13:40:40 sraysvr utpulld[997]: [ID 254794 daemon.error] Failed to
bind to cn=admin,o=utdata on local utdsd: Can't contact LDAP server

Sep 11 13:40:44 sraysvr utglpolicy[1151]: [ID 702911 user.info]
open_connection(): Could not bind to DS server sraysvr - Can't connect
to the LDAP server

Sep 11 13:40:49 sraysvr utauthd: [ID 702911 user.info]
open_connection(): Could not bind to DS server sraysvr - Can't connect
to the LDAP server

Sep 11 13:41:11 sraysvr dtlogin[1197]: [ID 293258 user.error] libsldap:
Status: 49  Mesg: openConnection: simple bind failed - Invalid
credentials

Sep 11 15:27:02 sraysvr ldapclient[9418]: [ID 293258 user.warning]
libsldap: Status: 0  Mesg: NULL or invalid proxy bind DN

Sep 11 15:28:07 sraysvr ldapclient[9496]: [ID 293258 user.warning]
libsldap: Status: 0  Mesg: NULL or invalid proxy bind DN

 

 

 

 

 

 

 

 


_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users

[SunRay-Users] FW: SunRay-Users ldap authentication failing

Reply via email to