Auth failured with PAM_LDAP

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Tue Sep 9 07:25:57 PDT 2014


On Tue, Sep 9, 2014 at 2:21 PM, Nikos Mavrogiannopoulos
<n.mavrogiannopoulos at gmail.com> wrote:
> Thanks for reporting that. I cannot reproduce your environment, so I
> may have to ask you to  use ocserv from the master branch.
> I assume here that /etc/pam.d/ocserv is a working configuration for
> pam (e.g., the same used for ssh). In that case could you send me the
> debugging information from ocserv in the git repository? That would
> clarify whether the is some issue in the pam conversation with
> pam_ldap.

I made a quick installation of openldap in a rhel7 server based on
[0], and I was able to login using the created users. So the issue
should be in the pam configuration for ocserv, or something that
depends on local policy.

The log trace I get is:
ocserv[4834]: sec-mod: cmd [size=28] sm: auth init
ocserv[4834]: sec-mod: auth init for user 'test2' (group: 'test2')
from '192.168.100.1'
[...]
ocserv[4836]: worker: 192.168.100.1:55272 sending message 'sm: auth
cont' to secmod
ocserv[4834]: sec-mod: received request from pid 4836 and uid 992
ocserv[4834]: sec-mod: cmd [size=23] sm: auth cont
ocserv[4834]: sec-mod: auth cont for user 'test2'
ocserv[4834]: sec-mod: auth deinit for user 'test2'
ocserv[4836]: worker: 192.168.100.1:55272 received auth reply message (value: 1)
ocserv[4836]: worker: 192.168.100.1:55272 user 'test2' obtained cookie

[0]. http://www.certdepot.net/rhel7-configure-ldap-directory-service-user-connection/

regards,
Nikos



More information about the openconnect-devel mailing list