PAM_LDAP verbose logging?
I am trying to configure my Red Hat
AS 4.2 box to authenticate users
using LDAP. More specifically,
I only want to verify the user's
password using LDAP, the accounts are
local. As far as I can tell then
system is performing the LDAP bind during
the login process; using
tcpflow I can see the LDAP information
passed to the server.
Unfortunately, I cannot tell what is
really going on. Even though I
have 'debug' option enabled in the pam
config file, the logs do not
show any pam_ldap activity.
Below is a snippet from the sshd pam
config with LDAP:
#LDAP
auth sufficient
pam_ldap.so use_first_pass debug
auth required
pam_stack.so service=system-auth
auth required
pam_nologin.so
account required
pam_stack.so service=system-auth
...
Originally, I was getting a LDAP bind
error in /var/log/messages.
After fixing ldap.conf and verifying
the settings using ldapsearch, I no
longer see the error. However,
I don't see an specific pam_ldap errors
in any of my logs now.
I have done some searching and found
a few news group posts with
some sample logs. It looks like
there is a way to enable more verbose
logging:
Dec 8 10:04:43 linux29 login[2063]:
pam_ldap: error trying to bind as
user "cn=Linux29,ou=SER,ou=KLK,o=EK"
(Invalid credentials)
There is a debug option in ldap.conf,
but that just created a log file
with output similar to running ldapsearch
with the debugging option.
Hopefully someone can point me to the
debugging option so that my logs
are a bit more helpful in troubleshooting
this issue.
thanks,
John _______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
[Home]
[Kernel List]
[Red Hat Install]
[Linux for the blind]
[Red Hat Watch List]
[Gimp]
[Kerberos: The Definitive Guide]
