![](https://seccdn.libravatar.org/avatar/4c024f1b45e0866467853438afe5b15c.jpg?s=120&d=mm&r=g)
Hi ! I'm trying to change pam_login_attribute to cn in /etc/ldap.conf to authenticate users from common_name but don't works.... My /etc/ldap.conf is: <snip> ssl no nss_map_attribute uniqueMember member pam_filter objectclass=posixAccount pam_login_attribute cn nss_base_passwd dc=xxx,dc=com nss_base_shadow dc=xxx,dc=com nss_base_group dc=xxx,dc=com <snip> /etc/pam.d/login #%PAM-1.0 auth required pam_securetty.so auth include common-auth auth required pam_nologin.so auth required pam_mail.so account include common-account password include common-password session include common-session session required pam_resmgr.so When I try to login using cn like "John_Lennon" , I give this error: login[11170]: User not known to the underlying authentication module If "pam_login_attribute uid" is used, all works fine... What's wrong?
![](https://seccdn.libravatar.org/avatar/3fc7d50720d07e9a5b41177d39904308.jpg?s=120&d=mm&r=g)
On Monday 25 September 2006 21:06, rejaine@bhz.jamef.com.br wrote:
Hi !
I'm trying to change pam_login_attribute to cn in /etc/ldap.conf to authenticate users from common_name but don't works.... [..]
When I try to login using cn like "John_Lennon" , I give this error: login[11170]: User not known to the underlying authentication module Is the user object returned if you search the LDAP Server with ldapsearch and a filter of "(&(objectclass=posixAccount)(cn=John_Lennon))"?
If "pam_login_attribute uid" is used, all works fine...
What's wrong? Just guessing, but you might need to add: nss_map_attribute uid cn to you ldap.conf as well to have this working completely.
-- Ralf Haferkamp SUSE LINUX Products GmbH, Maxfeldstrasse 5, D-90409 Nuernberg T: +49-911-74053-0 F: +49-911-74053575 - Ralf.Haferkamp@suse.com
![](https://seccdn.libravatar.org/avatar/4c024f1b45e0866467853438afe5b15c.jpg?s=120&d=mm&r=g)
2006-09-26 às 09:50 +0200, Ralf Haferkamp escreveu:
When I try to login using cn like "John_Lennon" , I give this error: login[11170]: User not known to the underlying authentication module Is the user object returned if you search the LDAP Server with ldapsearch and a filter of "(&(objectclass=posixAccount)(cn=John_Lennon))"?
yes, the search works fine: # ldapsearch -x "(&(objectclass=posixAccount)(cn=Zequinha_Silva))" uid cn # extended LDIF # # LDAPv3 # base <> with scope sub # filter: (&(objectclass=posixAccount)(cn=Zequinha_Silva)) # requesting: uid cn # # zsilva, people, xxx,com dn: uid=zsilva,ou=people,dc=xxx,dc=com uid: zsilva cn: Zequinha_Silva # search result search: 2 result: 0 Success
Just guessing, but you might need to add: nss_map_attribute uid cn to you ldap.conf as well to have this working completely.
I added: nss_map_attribute uid cn pam_filter objectclass=posixAccount pam_login_attribute cn nss_base_passwd dc=xxx,dc=com nss_base_shadow dc=xxx,dc=com nss_base_group dc=xxx,dc=com Same error: "User not known to the underlying authentication module"
![](https://seccdn.libravatar.org/avatar/4c024f1b45e0866467853438afe5b15c.jpg?s=120&d=mm&r=g)
The last configuration is OK... I disable ncsd daemon (cache) and all works fine, now thanks.... Em Ter, 2006-09-26 às 08:35 -0300, rejaine@bhz.jamef.com.br escreveu:
2006-09-26 às 09:50 +0200, Ralf Haferkamp escreveu:
When I try to login using cn like "John_Lennon" , I give this error: login[11170]: User not known to the underlying authentication module Is the user object returned if you search the LDAP Server with ldapsearch and a filter of "(&(objectclass=posixAccount)(cn=John_Lennon))"?
yes, the search works fine:
# ldapsearch -x "(&(objectclass=posixAccount)(cn=Zequinha_Silva))" uid cn
# extended LDIF # # LDAPv3 # base <> with scope sub # filter: (&(objectclass=posixAccount)(cn=Zequinha_Silva)) # requesting: uid cn #
# zsilva, people, xxx,com dn: uid=zsilva,ou=people,dc=xxx,dc=com uid: zsilva cn: Zequinha_Silva
# search result search: 2 result: 0 Success
Just guessing, but you might need to add: nss_map_attribute uid cn to you ldap.conf as well to have this working completely.
I added:
nss_map_attribute uid cn pam_filter objectclass=posixAccount pam_login_attribute cn nss_base_passwd dc=xxx,dc=com nss_base_shadow dc=xxx,dc=com nss_base_group dc=xxx,dc=com
Same error: "User not known to the underlying authentication module"
![](https://seccdn.libravatar.org/avatar/3fc7d50720d07e9a5b41177d39904308.jpg?s=120&d=mm&r=g)
The last configuration is OK... I disable ncsd daemon (cache) and all works fine, now thanks.... Invalidating nscd cache should have been sufficient (hint: "nscd -i passwd"). Disabling nscd completely might give you a huge
On Tuesday 26 September 2006 15:45, rejaine@bhz.jamef.com.br wrote: performance drop with LDAP users.
Em Ter, 2006-09-26 às 08:35 -0300, rejaine@bhz.jamef.com.br escreveu:
2006-09-26 às 09:50 +0200, Ralf Haferkamp escreveu:
When I try to login using cn like "John_Lennon" , I give this error: login[11170]: User not known to the underlying authentication module
Is the user object returned if you search the LDAP Server with
ldapsearch and
a filter of "(&(objectclass=posixAccount)(cn=John_Lennon))"?
yes, the search works fine:
# ldapsearch -x "(&(objectclass=posixAccount)(cn=Zequinha_Silva))" uid cn
# extended LDIF # # LDAPv3 # base <> with scope sub # filter: (&(objectclass=posixAccount)(cn=Zequinha_Silva)) # requesting: uid cn #
# zsilva, people, xxx,com dn: uid=zsilva,ou=people,dc=xxx,dc=com uid: zsilva cn: Zequinha_Silva
# search result search: 2 result: 0 Success
Just guessing, but you might need to add: nss_map_attribute uid cn to you ldap.conf as well to have this working completely.
I added:
nss_map_attribute uid cn pam_filter objectclass=posixAccount pam_login_attribute cn nss_base_passwd dc=xxx,dc=com nss_base_shadow dc=xxx,dc=com nss_base_group dc=xxx,dc=com
Same error: "User not known to the underlying authentication module"
-- Ralf Haferkamp SUSE LINUX Products GmbH, Maxfeldstrasse 5, D-90409 Nuernberg T: +49-911-74053-0 F: +49-911-74053575 - Ralf.Haferkamp@suse.com
participants (2)
-
Ralf Haferkamp
-
rejaine@bhz.jamef.com.br