Have you compiled it with PAM support?<div>Does the /lib64/security/pam_ldap.so and /lib64/security/pam_unix2.so files exists?</div><div><br></div><div>Thanks<br><br><div class="gmail_quote">2012/9/14 Javier Sánchez Romero <span dir="ltr"><<a href="mailto:javier.sanchezr@satec.es" target="_blank">javier.sanchezr@satec.es</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi there!<br>
<br>
I'm a newbie with PAM and I'm trying to integrate TACACS+ with a LDAP server. I've followed the great shrubbery tutorials for a Red Hat Installation but I need this integration in a Suse enviroment.<br>
<br>
When I check the /var/log/messages I can see several issues about PAM, but this issues are related with a libraries installed in the system. I don't know why the libraries are not found.<br>
<br>
/var/log/messages<br>
Sep 14 17:00:01 /usr/sbin/cron[30615]: PAM unable to dlopen(/lib64/security/pam_ldap.so): /lib64/libc.so.6: version `GLIBC_2.14' not found (required by /lib64/libnsl.so.1)<br>
Sep 14 17:00:01 /usr/sbin/cron[30615]: PAM adding faulty module: /lib64/security/pam_ldap.so<br>
Sep 14 17:00:01 /usr/sbin/cron[30615]: PAM unable to dlopen(/lib64/security/pam_unix2.so): /lib64/libc.so.6: version `GLIBC_2.14' not found (required by /lib64/libnsl.so.1)<br>
Sep 14 17:00:01 /usr/sbin/cron[30615]: PAM adding faulty module: /lib64/security/pam_unix2.so<br>
Sep 14 17:00:01 /usr/sbin/cron[30615]: Module is unknown<br>
<br>
<br>
This is my scenario:<br>
<br>
Suse 11 64 bits<br>
Modules installed: pam modules (devel, local, ldap, krb5 and 32 bits), nss_ldap, openldap, glibc and sasl. And the rest of the system packages<br>
<br>
/etc/pam.d/tac_plus<br>
----------------------------<br>
auth required pam_env.so debug<br>
auth sufficient pam_unix.so nullok try_first_pass debug<br>
auth requisite pam_succeed_if.so uid >= 500 quiet debug<br>
auth sufficient pam_ldap.so use_first_pass debug<br>
auth required pam_deny.so debug<br>
<br>
account required pam_unix.so broken_shadow<br>
account sufficient pam_localuser.so<br>
account sufficient pam_succeed_if.so uid < 500 quiet<br>
account [default=bad success=ok user_unknown=ignore] pam_ldap.so<br>
account required pam_permit.so<br>
<br>
password requisite pam_cracklib.so try_first_pass retry=3<br>
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok<br>
password sufficient pam_ldap.so use_authtok<br>
password required pam_deny.so<br>
<br>
session optional pam_keyinit.so revoke<br>
session required pam_limits.so<br>
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid<br>
session required pam_unix.so<br>
session optional pam_ldap.so<br>
<br>
<br>
/etc/nsswitch.conf<br>
--------------------------<br>
passwd: files ldap<br>
group: files ldap<br>
shadow: files ldap<br>
<br>
hosts: files dns<br>
networks: files<br>
<br>
services: db files<br>
protocols: db files<br>
rpc: db files<br>
ethers: db files<br>
netmasks: files<br>
netgroup: nis<br>
publickey: files<br>
<br>
bootparams: files<br>
automount: files nis<br>
aliases: files<br>
<br>
<br>
/etc/ldap.conf<br>
--------------------<br>
host x.x.x.x<br>
base dc=x,dc=x,dc=x<br>
ldap_version 3<br>
binddn xxxx@x.x<br>
bindpw xxx<br>
port 389<br>
<br>
nss_base_passwd OU=xx,?sub<br>
nss_base_shadow OU=xx,?sub<br>
<br>
nss_map_objectclass posixAccount User<br>
nss_map_objectclass shadowAccount User<br>
<br>
nss_map_attribute uid sAMAccountName<br>
nss_map_attribute userPassword msSFUPassword<br>
<br>
nss_map_attribute homeDirectory msSFUHomeDirectory<br>
nss_map_objectclass posixGroup Group<br>
nss_map_attribute uniqueMember member<br>
nss_map_attribute cn sAMAccountName<br>
pam_login_attribute sAMAccountName<br>
<br>
pam_filter objectclass=user<br>
pam_password ad<br>
<br>
<br>
/lib/security<br>
-----------------<br>
pam_access.so pam_exec.so pam_krb5 pam_mail.so pam_permit.so pam_shells.so pam_tty_audit.so pam_userdb.so<br>
pam_ck_connector.so pam_faildelay.so pam_krb5.so pam_make.so pam_pwcheck.so pam_smbpass.so pam_umask.so pam_warn.so<br>
pam_cracklib.so pam_filter.so pam_krb5afs.so pam_mkhomedir.so pam_pwhistory.so pam_stress.so pam_unix.so pam_wheel.so<br>
pam_cryptpass.so pam_ftp.so pam_lastlog.so pam_motd.so pam_rhosts.so pam_succeed_if.so pam_unix2.so pam_xauth.so<br>
pam_debug.so pam_group.so pam_limits.so pam_mount.so pam_rootok.so pam_tally.so pam_unix_acct.so<br>
pam_deny.so pam_homecheck.so pam_listfile.so pam_namespace.so pam_securetty.so pam_tally2.so pam_unix_auth.so<br>
pam_echo.so pam_issue.so pam_localuser.so pam_nologin.so pam_selinux.so pam_time.so pam_unix_passwd.so<br>
pam_env.so pam_keyinit.so pam_loginuid.so pam_opie.so pam_sepermit.so pam_timestamp.so pam_unix_session.so<br>
<br>
/lib64/security<br>
--------------------<br>
pam_access.so pam_exec.so pam_keyinit.so pam_localuser.so pam_nologin.so pam_securetty.so pam_tally2.so pam_unix_auth.so<br>
pam_ck_connector.so pam_faildelay.so pam_krb5 pam_loginuid.so pam_opie.so pam_selinux.so pam_time.so pam_unix_passwd.so<br>
pam_cracklib.so pam_filter pam_krb5.so pam_mail.so pam_permit.so pam_sepermit.so pam_timestamp.so pam_unix_session.so<br>
pam_cryptpass.so pam_filter.so pam_krb5afs.so pam_make.so pam_pwcheck.so pam_shells.so pam_tty_audit.so pam_userdb.so<br>
pam_debug.so pam_ftp.so pam_lastlog.so pam_mkhomedir.so pam_pwhistory.so pam_smbpass.so pam_umask.so pam_warn.so<br>
pam_deny.so pam_group.so pam_ldap.so pam_motd.so pam_rhosts.so pam_stress.so pam_unix.so pam_wheel.so<br>
pam_echo.so pam_homecheck.so pam_limits.so pam_mount.so pam_rootok.so pam_succeed_if.so pam_unix2.so pam_xauth.so<br>
pam_env.so pam_issue.so pam_listfile.so pam_namespace.so pam_rpasswd.so pam_tally.so pam_unix_acct.so<br>
<br>
Anybody have a solution for this?<br>
Thanks a lot in advance<br>
<br>
Kind regards<br>
Javi<br>
_______________________________________________<br>
tac_plus mailing list<br>
<a href="mailto:tac_plus@shrubbery.net">tac_plus@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus" target="_blank">http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus</a><br>
</blockquote></div><br></div>