HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=4)
-   -   CentOS PAM+LDAP authentication and profile's host attribute (http://www.howtoforge.com/forums/showthread.php?t=58892)

pianist 27th September 2012 17:04
CentOS PAM+LDAP authentication and profile's host attribute
 
I have a system with CentOS 6.3, openldap + PAM-auth installed. Everything works well.

But after turning pam_check_host_attr to yes, all LDAP-auths fail with message "Access denied for this host".

1. hostname on the server returns correct value, the same value is listed in user's profile.
2. "pam_check_host_attr no" works fine and allows everyone with correct uid/password
3. a piece of /var/log/secure:

Code:
Sep 26 05:33:01 ldap sshd[1588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=my-host user=my-username
Sep 26 05:33:01 ldap sshd[1588]: Failed password for my-username from 77.AA.BB.CC port 58528 ssh2
Sep 26 05:33:01 ldap sshd[1589]: fatal: Access denied for user my-username by PAM account configuration
4. Another two servers (CentOS 5.7 Debian) authorizes on this LDAP server correctly. Even with pam_check_host_attr yes!
5. I didn't edit /etc/security/access.conf, it is empty, only default comments.

I don't know what to do! How to fix this?


All times are GMT +2. The time now is 17:57.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.