RSS feed

Re: Authentication error using nss-pam-ldapd and openldap server

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Authentication error using nss-pam-ldapd and openldap server

On Sun, 2018-11-04 at 11:03 +0330, babak wrote:
> I am trying to configure OpenLdap authentication in centos 7. i have
> ldapserver already configured which is working and tested. but i get
> unexpected error when i try to login.

The logs show the user (passwd and shadow) lookups that you would
expect on login but no authentication attempt (authc lookups).

> password-auth
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth        required
> auth        required delay=2000000
> auth        [default=1 ignore=ignore success=ok] uid >= 
> 1000 quiet
> auth        [default=1 ignore=ignore success=ok]
> auth        sufficient nullok try_first_pass
> auth        requisite uid >= 1000 quiet_success
> auth        sufficient forward_pass
> auth        required      /lib/security/ use_first_pass debug
> auth        required

I suspect the error is in the above configuration but PAM stacks are
notoriously hard to read.

> Nov  4 10:27:38 minio sshd[2011]: pam_ldap(sshd:auth): failed to get 
> password: Authentication failure

This means that the pam_ldap module cannot get the password from the
PAM stack. Perhaps the use_first_pass option should be changed to

-- arthur - - --

To unsubscribe send an email to or see