[LDAP-interop] Permission denied.

John Li john.li at mindspeed.com
Tue Jun 13 16:44:24 EDT 2006 

Hi All,

I'm trying to set up an openldap environment, but getting this 
'Permission denied.' when
trying to remotely login to a ldap client,  using ssh, telnet, rlogin.   
I'm having this problem only
when try to login to a RH openldap client.   I'm able to login, using 
ssh, telnet, to a solaris openldap
client, using the same ldap account.  

Please see detail below,

My openldap envirnoment,

openldap server,
   RHFC3
   openldap-servers-2.2.13-2
   nss_ldap-220-3
   openssh-3.9p1-7
   pam-0.77-65

openldap client #1
   solaris 5.8

openldap client #2
   RHFC3
   openldap-servers-2.2.13-2
   nss_ldap-220-3
   openssh-3.9p1-7
   pam-0.77-65

Below is the system-auth file on the RHFC3 ldap client,
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so
account     required      /lib/security/$ISA/pam_unix.so broken_shadow
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 
quiet
account     [default=bad success=ok user_unknown=ignore] 
/lib/security/$ISA/pam_ldap.so
account     required      /lib/security/$ISA/pam_permit.so
password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok
password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so
session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_ldap.so

Below is ldap.log file.

Jun 13 09:57:08 ldap1 slapd[15436]: conn=4123 op=6 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jun 13 09:57:08 ldap1 slapd[15436]: conn=4130 fd=23 ACCEPT from 
IP=10.1.4.51:33899 (IP=0.0.0.0:389)
Jun 13 09:57:09 ldap1 slapd[15436]: conn=4130 op=1 BIND 
dn="cn=Manager,dc=example,dc=com" method=128
Jun 13 09:57:09 ldap1 slapd[15436]: conn=4130 op=1 BIND 
dn="cn=Manager,dc=example,dc=com" mech=SIMPLE ssf=0
Jun 13 09:57:09 ldap1 slapd[15436]: conn=4130 op=1 RESULT tag=97 err=0 text=
Jun 13 09:57:09 ldap1 slapd[15436]: conn=4130 op=2 SRCH 
base="ou=People,dc=example,dc=com" scope=1 deref=0 filter="(&(
objectClass=posixAccount)(uid=sysmgr))"
Jun 13 09:57:09 ldap1 slapd[15436]: conn=4130 op=2 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jun 13 09:57:09 ldap1 slapd[15436]: conn=4130 op=3 BIND anonymous 
mech=implicit ssf=0
Jun 13 09:57:09 ldap1 slapd[15436]: conn=4130 op=3 BIND 
dn="uid=sysmgr,ou=People,dc=example,dc=com" method=128
Jun 13 09:57:09 ldap1 slapd[15436]: conn=4130 op=3 RESULT tag=97 err=49 
text=
Jun 13 09:57:09 ldap1 slapd[15436]: conn=4130 op=4 BIND 
dn="cn=Manager,dc=example,dc=com" method=128
Jun 13 09:57:09 ldap1 slapd[15436]: conn=4130 op=4 BIND 
dn="cn=Manager,dc=example,dc=com" mech=SIMPLE ssf=0
Jun 13 09:57:09 ldap1 slapd[15436]: conn=4130 op=4 RESULT tag=97 err=0 text=
Jun 13 09:57:11 ldap1 slapd[15436]: conn=4130 op=5 UNBIND
Jun 13 09:57:11 ldap1 slapd[15436]: conn=4130 fd=23 closed

I understand the err=49 is possibly related to a wrong passwd for the 
account, (sysmgr in this case).
But I know my password is correct, since I used the same account and 
passwd to successfully
login to the solaris ldap client which is also setup for PAM, ldap 
authentication.

I'm out of ideas on how to identify the problem,  any help would be 
greatly appreicated...

Best regards,

More information about the LDAP-interop mailing list