pam_ldap help

Discuss the Scalix Server software

Moderators: ScalixSupport, admin

eyalm
Posts: 123
Joined: Mon Feb 27, 2006 12:15 am

pam_ldap help

Postby eyalm » Thu Apr 27, 2006 5:00 pm

I'm trying to use pam_ldap for authentication.
I'm reading the sxpampasswd and om_debug man files and I'm testing it with pamcheck but it's not working:

[root@scalix pam.d]# sxpampasswd "Eyal Marantenboim" -vvv
pam_start_om("pamcheck", "Eyal Marantenboim")
pam_start_om: User not known to the underlying authentication module

Password not changed: User not known to the underlying authentication module


pamcheck:
password required om_om2authid
password required om_debug file=stderr verbosity=3
password required pam_ldap
password required om_debug


any ideas?

florian
Scalix
Scalix
Posts: 3852
Joined: Fri Dec 24, 2004 8:16 am
Location: Frankfurt, Germany
Contact:

Postby florian » Fri Apr 28, 2006 12:27 pm

Let's start by checking for the user's existence...

can you post the output of

Code: Select all

omshowu -n "Eyal Marantenboim"
?

Thanks,
Florian.
Florian von Kurnatowski, Die Harder!

eyalm
Posts: 123
Joined: Mon Feb 27, 2006 12:15 am

Postby eyalm » Fri Apr 28, 2006 12:29 pm

[root@scalix ~]# omshowu -n "Eyal Marantenboim"
Authentication ID: eyalm
User Name : Eyal Marantenboim /CN=Eyal Marantenboim
MailNode : scalix,cardon
Internet Address : "Eyal Marantenboim" <eyalm@cardonhealthcare.com>="Eyal Marantenboim" <eyalm@10.1.1.25>
System Login : 60535
Password : set
Admin Capabilities : YES
Mailbox Admin Capabilities : NO
Language : AMERICAN
Virtual Vault : Enabled (default)
Mail Account: Unlocked
Last Signon : 04.28.06 11:17:38
Receipt of mail : ENABLED
Service level : 0
Excluded from Tidying : NO
User Class : Full

florian
Scalix
Scalix
Posts: 3852
Joined: Fri Dec 24, 2004 8:16 am
Location: Frankfurt, Germany
Contact:

Postby florian » Fri Apr 28, 2006 12:41 pm

did you try a similar setup for authentication? (i.e. with sxpamauth as a test). this is usually simpler than password change, to begin with.

-- f.
Florian von Kurnatowski, Die Harder!

eyalm
Posts: 123
Joined: Mon Feb 27, 2006 12:15 am

Postby eyalm » Fri Apr 28, 2006 12:53 pm

[root@scalix ~]# sxpamauth -vvv "Eyal Marantenboim"
pam_start_om("pamcheck", "Eyal Marantenboim")
pam_start_om: User not known to the underlying authentication module

Not authenticated: User not known to the underlying authentication module

florian
Scalix
Scalix
Posts: 3852
Joined: Fri Dec 24, 2004 8:16 am
Location: Frankfurt, Germany
Contact:

Postby florian » Fri Apr 28, 2006 1:06 pm

not sure - could it be that the pam_ldap module you're using requires the use of a option so that it doesn't look up the user in the /etc/passwd file. some linux-based pam modules (like pam_smb) do that. if that's the case, the error informatoin provided by the module would be correct.

if you just replace pam_ldap with om_auth and authenticate against the scalix-internal password - does this properly?

thx,
Florian.
Florian von Kurnatowski, Die Harder!

eyalm
Posts: 123
Joined: Mon Feb 27, 2006 12:15 am

Postby eyalm » Fri Apr 28, 2006 1:19 pm

changed pam_ldap with om_ldap so my pamcheck file looks like:

password required om_om2authid
password required om_debug file=stderr verbosity=3
password required om_auth
password required om_debug

[root@scalix pam.d]# sxpamauth -vvv "Eyal Marantenboim"
pam_start_om("pamcheck", "Eyal Marantenboim")
pam_start_om: User not known to the underlying authentication module

Not authenticated: User not known to the underlying authentication module



maybe my pamcheck file is bad?

florian
Scalix
Scalix
Posts: 3852
Joined: Fri Dec 24, 2004 8:16 am
Location: Frankfurt, Germany
Contact:

Postby florian » Fri Apr 28, 2006 1:29 pm

yes, if you want to test sxpamauth, then

auth required <blahblah>

entries in the pamcheck file are relevant. the password entries are relevant for password change and the sxpampasswd command.

-- f
Florian von Kurnatowski, Die Harder!

eyalm
Posts: 123
Joined: Mon Feb 27, 2006 12:15 am

Postby eyalm » Fri Apr 28, 2006 1:37 pm

added auth required om_auth to pamcheck
but still the same msg..

[root@scalix pam.d]# sxpamauth -vvv "Eyal Marantenboim"
pam_start_om("pamcheck", "Eyal Marantenboim")
pam_start_om: User not known to the underlying authentication module

Not authenticated: User not known to the underlying authentication module

florian
Scalix
Scalix
Posts: 3852
Joined: Fri Dec 24, 2004 8:16 am
Location: Frankfurt, Germany
Contact:

Postby florian » Fri Apr 28, 2006 1:38 pm

please post your full pamcheck file...

-- f.
Florian von Kurnatowski, Die Harder!

florian
Scalix
Scalix
Posts: 3852
Joined: Fri Dec 24, 2004 8:16 am
Location: Frankfurt, Germany
Contact:

Postby florian » Fri Apr 28, 2006 1:41 pm

actually, this might be a bug in sxpamauth, please try

sxpamauth -vvv Marantenboim

i.e. use only the lastname, provided it is unique...

-- F.
Florian von Kurnatowski, Die Harder!

eyalm
Posts: 123
Joined: Mon Feb 27, 2006 12:15 am

Postby eyalm » Fri Apr 28, 2006 1:43 pm

I have a user the I added with omaddu (nladmin).
that is the only user that seems to be working:

Code: Select all

[root@scalix pam.d]# sxpamauth -vvv nladmin

pam_start_om("pamcheck", "nladmin")
pam_authenticate()
Scalix password:
pam_acct_mgmt()
pam_acct_mgmt: User account has expired

Not authenticated: User account has expired


Code: Select all

[root@scalix pam.d]# omshowu nladmin
Authentication ID: nladmin@cardonhealthcare.com
User Name : nladmin /CN=nladmin
MailNode : scalix,cardon
Internet Address : "nladmin" <nladmin@cardonhealthcare.com>
System Login : 60591
Password : set
Admin Capabilities : NO
Mailbox Admin Capabilities : YES
Language : C
Virtual Vault : Enabled (default)
Mail Account: Unlocked
Last Signon : Never.
Receipt of mail : ENABLED
Service level : 0
Excluded from Tidying : NO
User Class : Full

[/code]

eyalm
Posts: 123
Joined: Mon Feb 27, 2006 12:15 am

Postby eyalm » Fri Apr 28, 2006 1:45 pm

Code: Select all

[root@scalix pam.d]# sxpamauth -vvv Marantenboim
pam_start_om("pamcheck", "Marantenboim")
pam_authenticate()
Scalix password:
pam_authenticate: Authentication failure

Not authenticated: Authentication failure


pamcheck:
auth required om_auth
password required om_om2authid
password required om_debug file=stderr verbosity=3
password required om_auth
password required om_debug

florian
Scalix
Scalix
Posts: 3852
Joined: Fri Dec 24, 2004 8:16 am
Location: Frankfurt, Germany
Contact:

Postby florian » Fri Apr 28, 2006 1:58 pm

does that user have a valid scalix password?

try setting it:

ommodu -n Marantenboim -p mypass

and try authenticating with mypass

-- f
Florian von Kurnatowski, Die Harder!

eyalm
Posts: 123
Joined: Mon Feb 27, 2006 12:15 am

Postby eyalm » Fri Apr 28, 2006 2:01 pm

Code: Select all

[root@scalix webmail]# ommodu -n Marantenboim -p password
ommodu: The user was modified successfully

[root@scalix webmail]# sxpamauth -vvv Marantenboim
pam_start_om("pamcheck", "Marantenboim")
pam_authenticate()
Scalix password:
pam_acct_mgmt()
pam_acct_mgmt: User account has expired

Not authenticated: User account has expired


Return to “Scalix Server”



Who is online

Users browsing this forum: No registered users and 12 guests