So, today i found myself fighting with an ldap integration, getent passwd <user> was working fine but for some reason each time they logged in the users got no session, i.e. ldap authentication was fine authorization and session were failing;
Initial setup, this was done on RedHat 6.4
//Install RPMs
# yum install nss-pam-ldapd pam_ldap
Loaded plugins: product-id, subscription-manager
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package nss-pam-ldapd.x86_64 0:0.7.5-18.el6 will be installed
–> Processing Dependency: nscd for package: nss-pam-ldapd-0.7.5-18.el6.x86_64
—> Package pam_ldap.x86_64 0:185-11.el6 will be installed
–> Running transaction check
—> Package nscd.x86_64 0:2.12-1.107.el6 will be installed
–> Processing Dependency: glibc = 2.12-1.107.el6 for package: nscd-2.12-1.107.el6.x86_64
–> Finished Dependency Resolution
Error: Package: nscd-2.12-1.107.el6.x86_64 (RedHat64)
Requires: glibc = 2.12-1.107.el6
Installed: glibc-2.12-1.107.el6_4.5.i686 (@RhelEwpErrata)
glibc = 2.12-1.107.el6_4.5
Available: glibc-2.12-1.107.el6.i686 (RedHat64)
glibc = 2.12-1.107.el6
You could try using –skip-broken to work around the problem
You could try running: rpm -Va –nofiles –nodigest
[root@server ~]#
//Force install of dependency
#rpm -U nscd-2.12-1.47.el6.x86_64.rpm –nodeps
//Then installed failed rpm;
# yum install nss-pam-ldapd-0.7.5-14.el6.x86_64.rpm
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Install Process
Examining nss-pam-ldapd-0.7.5-14.el6.x86_64.rpm: nss-pam-ldapd-0.7.5-14.el6.x86_64
Marking nss-pam-ldapd-0.7.5-14.el6.x86_64.rpm to be installed
Resolving Dependencies
–> Running transaction check
—> Package nss-pam-ldapd.x86_64 0:0.7.5-14.el6 will be installed
–> Finished Dependency Resolution
Dependencies Resolved
===============================================================================================================================================================
Package Arch Version Repository Size
===============================================================================================================================================================
Installing:
nss-pam-ldapd x86_64 0.7.5-14.el6 /nss-pam-ldapd-0.7.5-14.el6.x86_64 454 k
Transaction Summary
===============================================================================================================================================================
Install 1 Package(s)
Total size: 454 k
Installed size: 454 k
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
** Found 1 pre-existing rpmdb problem(s), ‘yum check’ output follows:
nscd-2.12-1.107.el6.x86_64 has missing requires of glibc = (‘0’, ‘2.12’, ‘1.107.el6’)
Installing : nss-pam-ldapd-0.7.5-14.el6.x86_64 1/1
Verifying : nss-pam-ldapd-0.7.5-14.el6.x86_64 1/1
Installed:
nss-pam-ldapd.x86_64 0:0.7.5-14.el6
Complete!
//Update auth config
the domain in this case was test.com.ug and ldap IPs 172.16.12.13,172.16.12.14
authconfig –update –enableldap –enableldapauth –ldapserver=172.16.12.13,172.16.12.14 –ldapbasedn=”dc=test,dc=com,dc=ug” –enableforcelegacy
// Restart service and ensure it is persistent across reboot
service nscd restart
chkconfig nscd on
//Verify user access;
#getent passwd testuser
testuser:x:1233:13:test user, System Administration:/home/testuser:/bin/bash
It was observed after this that the user could authenticate successfully but couldn’t get a shell prompt, this was due to the /etc/pam.d/sshd, the following modules were added to get it working;
auth sufficient pam_ldap.so
account sufficient pam_permit.so
session required pam_mkhomedir.so skel=/etc/skel umask=0022
// SSH service was restarted
/etc/init.d/sshd restart
All worked well afterwards
// Simon Peter
clarsp@live.se