LDAP-UX asking for system password (42 Views)
Reply
Respected Contributor
Aussan
Posts: 233
Registered: ‎04-02-2007
Message 1 of 9 (42 Views)
Accepted Solution

LDAP-UX asking for system password

after running the ./setup and configuring the ldap-ux client, a user id was created on AD, and unix, the password is in the Active Directory

when i try to telnet as that user i get asked for system password

example
telnet
login:
Password:
System Password:

i tried entering the user password again, and i get the login prompt again

any ideas on why this is happening

The tongue weighs practically nothing, but so few people can hold it
Please use plain text.
Exalted Contributor
Steven E. Protter
Posts: 33,806
Registered: ‎08-15-2002
Message 2 of 9 (42 Views)

Re: LDAP-UX asking for system password

Shalom,

I would assume that some part of the configuration process was not completed.

Some suggestions:

1) was /etc/nsswtich.conf changed?
2) Did the machine use "net join" to join the domain (this requires an admin password on the windows PDC).

Any number of things could have gone wrong.

I'd check the logfiles like /var/adm/syslog/syslog.log and the event viewer on the windows system for clues as to what went wrong. Then you can post some meaningful data and get some real help.

I believe one of those scripts you ran has an error log that should also be checked.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Please use plain text.
Respected Contributor
Aussan
Posts: 233
Registered: ‎04-02-2007
Message 3 of 9 (42 Views)

Re: LDAP-UX asking for system password

hi Steve

i looked at syslog.log but no important data is in it,

the nsswitch.conf is as follow
passwd: files ldap
group: files ldap
hosts: dns [NOTFOUND=return] files ldap
networks: files ldap
protocols: files ldap
rpc: files ldap
publickey: files
netgroup: files ldap
automount: files
aliases: files
services: files ldap

i can query the AD with the proxy user we setup,

it's a single domain AD, right now this is the test server,


# more krb5.conf
ENTERPRISE.CORP = {
[libdefaults]
default_realm = ENTERPRISE.CORP
default_tgs_enctypes = DES-CBC-CRC
default_tkt_enctypes = DES-CBC-CRC
ccache_type = 2
[realms]
ENTERPRISE.CORP = {
kdc = SRVC.ENTERPRISE.CORP:88
kpasswd_server = SRVC.ENTERPRISE.CORP:761
}
[domain_realm]
.enterprise.corp = ENTERPRISE.CORP
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log

i went to /var/log but no logs are available

pam.conf looks at krb5 then local

login auth sufficient /usr/lib/security/libpam_krb5.1
login auth required /usr/lib/security/libpam_unix.1 try_first_pass

The tongue weighs practically nothing, but so few people can hold it
Please use plain text.
Honored Contributor
IT_2007
Posts: 1,069
Registered: ‎07-27-2006
Message 4 of 9 (42 Views)

Re: LDAP-UX asking for system password

seems to be pam.conf or pam_user.conf file not configured properly.

Check both files again.
Please use plain text.
Honored Contributor
IT_2007
Posts: 1,069
Registered: ‎07-27-2006
Message 5 of 9 (42 Views)

Re: LDAP-UX asking for system password

also please run pamkrbval -v command to see any errors.
Please use plain text.
Respected Contributor
Aussan
Posts: 233
Registered: ‎04-02-2007
Message 6 of 9 (42 Views)

Re: LDAP-UX asking for system password

pam_user.conf has no entry in it

just this
#
# This file defines PAM configuration for a user. The configuration
# here overrides pam.conf.
#
# The format for each entry is:
# user_name module_type module_path options
#
# For example:
#
# user_a auth /usr/lib/security/libpam_unix.1 debug
# user_a auth /usr/lib/security/libpam_dce.1 try_first_pass
# user_a password /usr/lib/security/libpam_unix.1 debug
#
# user_b auth /usr/lib/security/libpam_unix.1 debug use_psd
# user_b password /usr/lib/security/libpam_unix.1 debug use_psd
#
# See the pam_user.conf(4) manual page for more information
#
#



and pam.conf is

#
# Authentication management
#
login auth sufficient /usr/lib/security/libpam_krb5.1
login auth required /usr/lib/security/libpam_unix.1 try_first_pass
su auth sufficient /usr/lib/security/libpam_krb5.1
su auth required /usr/lib/security/libpam_unix.1 try_first_pass
dtlogin auth sufficient /usr/lib/security/libpam_krb5.1
dtlogin auth required /usr/lib/security/libpam_unix.1 try_first_pass
dtaction auth sufficient /usr/lib/security/libpam_krb5.1
dtaction auth required /usr/lib/security/libpam_unix.1 try_first_pass
ftp auth sufficient /usr/lib/security/libpam_krb5.1
ftp auth required /usr/lib/security/libpam_unix.1 try_first_pass
OTHER auth required /usr/lib/security/libpam_unix.1
#
# Account management
#
login account sufficient /usr/lib/security/libpam_krb5.1
login account required /usr/lib/security/libpam_unix.1
su account sufficient /usr/lib/security/libpam_krb5.1
su account required /usr/lib/security/libpam_unix.1
dtlogin account sufficient /usr/lib/security/libpam_krb5.1
dtlogin account required /usr/lib/security/libpam_unix.1
dtaction account sufficient /usr/lib/security/libpam_krb5.1
dtaction account required /usr/lib/security/libpam_unix.1
ftp account sufficient /usr/lib/security/libpam_krb5.1
ftp account required /usr/lib/security/libpam_unix.1
OTHER account required /usr/lib/security/libpam_unix.1
#
# Session management
#
login session sufficient /usr/lib/security/libpam_krb5.1
login session required /usr/lib/security/libpam_unix.1
dtlogin session sufficient /usr/lib/security/libpam_krb5.1
dtlogin session required /usr/lib/security/libpam_unix.1
dtaction session sufficient /usr/lib/security/libpam_krb5.1
dtaction session required /usr/lib/security/libpam_unix.1
OTHER session required /usr/lib/security/libpam_unix.1
#
# Password management
#
login password sufficient /usr/lib/security/libpam_krb5.1
login password required /usr/lib/security/libpam_unix.1
passwd password sufficient /usr/lib/security/libpam_krb5.1
passwd password required /usr/lib/security/libpam_unix.1
dtlogin password sufficient /usr/lib/security/libpam_krb5.1
dtlogin password required /usr/lib/security/libpam_unix.1
dtaction password sufficient /usr/lib/security/libpam_krb5.1
dtaction password required /usr/lib/security/libpam_unix.1
OTHER password required /usr/lib/security/libpam_unix.1
#
The tongue weighs practically nothing, but so few people can hold it
Please use plain text.
Respected Contributor
Aussan
Posts: 233
Registered: ‎04-02-2007
Message 7 of 9 (42 Views)

Re: LDAP-UX asking for system password

pamkrbval -v passed with no problems

# pamkrbval -v

Validating the pam configuration files
---------- --- --- ------------- -----

Validating the /etc/pam.conf file
[LOG] : The /etc/pam.conf files permissions are fine
[LOG] : Opened : /etc/pam.conf

[PASS] : The validation of config file: /etc/pam.conf passed

[NOTICE] : The validation of config file: /etc/pam_user.conf is not done
as libpam_updbe library is not configured

Validating the kerberos config file
---------- --- -------- ------ -----
[PASS] : Initialization of kerberos passed

Connecting to default Realm
---------- -- ------- -----
[LOG] : The default realm is : ENTERPRISE.CORP
[LOG] : KDC hosts for realm ENTERPRISE.CORP :SRVC.ENTERPRISE.CORP
[LOG] : Trying to contact KDC for realm ENTERPRISE.CORP...
[LOG] : Realm ENTERPRISE.CORP is answering ticket requests
[PASS] : Default Realm is issuing tickets

Validating the keytab entry for the host service principal
---------- --- ------ ----- --- --- ---- ------- ---------
[LOG] : Host HPUXLAB, aka HPUXLAB.
[LOG] : The default keytab name is : /etc/krb5.keytab
[LOG] : Keytab file /etc/krb5.keytab is present
[LOG] : Permissions on /etc/krb5.keytab are correct.
Keytab entry
Principal: host
Host : hpuxlab
Realm : ENTERPRISE.CORP
Version : 3
[LOG] : Pinging KDC to verify whether host/hpuxlab@ENTERPRISE.CORP exists
[LOG] : The keytab entry for the host service principal host/hpuxlab@ENTERPRISE.
CORP is valid
[PASS] : The keytab validation is successful

Validating the rc_host file for ownership
-------- ------ ---- -------- ------ -----
[PASS] : rc_host file /usr/tmp/rc_host_0 is owned by root, validation successful
The tongue weighs practically nothing, but so few people can hold it
Please use plain text.
Respected Contributor
Aussan
Posts: 233
Registered: ‎04-02-2007
Message 8 of 9 (42 Views)

Re: LDAP-UX asking for system password

Any ideas on why it's asking for system password?
The tongue weighs practically nothing, but so few people can hold it
Please use plain text.
Respected Contributor
Aussan
Posts: 233
Registered: ‎04-02-2007
Message 9 of 9 (42 Views)

Re: LDAP-UX asking for system password

it was the pam.conf it was checking the krb and not ldap
The tongue weighs practically nothing, but so few people can hold it
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation