Scalix Forums


http://www.scalix.com/forums/

pam_ldap help

http://www.scalix.com/forums/viewtopic.php?f=2&t=2215

Page 1 of 2

pam_ldap help

Posted: Thu Apr 27, 2006 5:00 pm
by eyalm
I'm trying to use pam_ldap for authentication.
I'm reading the sxpampasswd and om_debug man files and I'm testing it with pamcheck but it's not working:

[root@scalix pam.d]# sxpampasswd "Eyal Marantenboim" -vvv
pam_start_om("pamcheck", "Eyal Marantenboim")
pam_start_om: User not known to the underlying authentication module

Password not changed: User not known to the underlying authentication module


pamcheck:
password required om_om2authid
password required om_debug file=stderr verbosity=3
password required pam_ldap
password required om_debug


any ideas?

Posted: Fri Apr 28, 2006 12:27 pm
by florian
Let's start by checking for the user's existence...

can you post the output of

Code: Select all

omshowu -n "Eyal Marantenboim"
?

Thanks,
Florian.

Posted: Fri Apr 28, 2006 12:29 pm
by eyalm
[root@scalix ~]# omshowu -n "Eyal Marantenboim"
Authentication ID: eyalm
User Name : Eyal Marantenboim /CN=Eyal Marantenboim
MailNode : scalix,cardon
Internet Address : "Eyal Marantenboim" <eyalm@cardonhealthcare.com>="Eyal Marantenboim" <eyalm@10.1.1.25>
System Login : 60535
Password : set
Admin Capabilities : YES
Mailbox Admin Capabilities : NO
Language : AMERICAN
Virtual Vault : Enabled (default)
Mail Account: Unlocked
Last Signon : 04.28.06 11:17:38
Receipt of mail : ENABLED
Service level : 0
Excluded from Tidying : NO
User Class : Full

Posted: Fri Apr 28, 2006 12:41 pm
by florian
did you try a similar setup for authentication? (i.e. with sxpamauth as a test). this is usually simpler than password change, to begin with.

-- f.

Posted: Fri Apr 28, 2006 12:53 pm
by eyalm
[root@scalix ~]# sxpamauth -vvv "Eyal Marantenboim"
pam_start_om("pamcheck", "Eyal Marantenboim")
pam_start_om: User not known to the underlying authentication module

Not authenticated: User not known to the underlying authentication module

Posted: Fri Apr 28, 2006 1:06 pm
by florian
not sure - could it be that the pam_ldap module you're using requires the use of a option so that it doesn't look up the user in the /etc/passwd file. some linux-based pam modules (like pam_smb) do that. if that's the case, the error informatoin provided by the module would be correct.

if you just replace pam_ldap with om_auth and authenticate against the scalix-internal password - does this properly?

thx,
Florian.

Posted: Fri Apr 28, 2006 1:19 pm
by eyalm
changed pam_ldap with om_ldap so my pamcheck file looks like:

password required om_om2authid
password required om_debug file=stderr verbosity=3
password required om_auth
password required om_debug

[root@scalix pam.d]# sxpamauth -vvv "Eyal Marantenboim"
pam_start_om("pamcheck", "Eyal Marantenboim")
pam_start_om: User not known to the underlying authentication module

Not authenticated: User not known to the underlying authentication module



maybe my pamcheck file is bad?

Posted: Fri Apr 28, 2006 1:29 pm
by florian
yes, if you want to test sxpamauth, then

auth required <blahblah>

entries in the pamcheck file are relevant. the password entries are relevant for password change and the sxpampasswd command.

-- f

Posted: Fri Apr 28, 2006 1:37 pm
by eyalm
added auth required om_auth to pamcheck
but still the same msg..

[root@scalix pam.d]# sxpamauth -vvv "Eyal Marantenboim"
pam_start_om("pamcheck", "Eyal Marantenboim")
pam_start_om: User not known to the underlying authentication module

Not authenticated: User not known to the underlying authentication module

Posted: Fri Apr 28, 2006 1:38 pm
by florian
please post your full pamcheck file...

-- f.

Posted: Fri Apr 28, 2006 1:41 pm
by florian
actually, this might be a bug in sxpamauth, please try

sxpamauth -vvv Marantenboim

i.e. use only the lastname, provided it is unique...

-- F.

Posted: Fri Apr 28, 2006 1:43 pm
by eyalm
I have a user the I added with omaddu (nladmin).
that is the only user that seems to be working:

Code: Select all

[root@scalix pam.d]# sxpamauth -vvv nladmin

pam_start_om("pamcheck", "nladmin")
pam_authenticate()
Scalix password:
pam_acct_mgmt()
pam_acct_mgmt: User account has expired

Not authenticated: User account has expired


Code: Select all

[root@scalix pam.d]# omshowu nladmin
Authentication ID: nladmin@cardonhealthcare.com
User Name : nladmin /CN=nladmin
MailNode : scalix,cardon
Internet Address : "nladmin" <nladmin@cardonhealthcare.com>
System Login : 60591
Password : set
Admin Capabilities : NO
Mailbox Admin Capabilities : YES
Language : C
Virtual Vault : Enabled (default)
Mail Account: Unlocked
Last Signon : Never.
Receipt of mail : ENABLED
Service level : 0
Excluded from Tidying : NO
User Class : Full

[/code]

Posted: Fri Apr 28, 2006 1:45 pm
by eyalm

Code: Select all

[root@scalix pam.d]# sxpamauth -vvv Marantenboim
pam_start_om("pamcheck", "Marantenboim")
pam_authenticate()
Scalix password:
pam_authenticate: Authentication failure

Not authenticated: Authentication failure


pamcheck:
auth required om_auth
password required om_om2authid
password required om_debug file=stderr verbosity=3
password required om_auth
password required om_debug

Posted: Fri Apr 28, 2006 1:58 pm
by florian
does that user have a valid scalix password?

try setting it:

ommodu -n Marantenboim -p mypass

and try authenticating with mypass

-- f

Posted: Fri Apr 28, 2006 2:01 pm
by eyalm

Code: Select all

[root@scalix webmail]# ommodu -n Marantenboim -p password
ommodu: The user was modified successfully

[root@scalix webmail]# sxpamauth -vvv Marantenboim
pam_start_om("pamcheck", "Marantenboim")
pam_authenticate()
Scalix password:
pam_acct_mgmt()
pam_acct_mgmt: User account has expired

Not authenticated: User account has expired
All times are UTC-04:00
Page 1 of 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/