Login/authentication of users via external LDAP problem
We have an LDAP (OpenLDAP) server with user accounts. In Tiger we can get Mac OS X clients and servers to bind to this LDAP server to retrieve users details and authenticate them to login without problems.
This now does not work in Leopard. We set up Leopard client and server machines in exactly the same was as in Tiger (with the LDAP server details, etc) but users from this LDAP server can not SSH, or login using the Login Window or by using the su command on these machines.
Anyone got any idea why the password authentication is failing?
This is the secure.log:
Jan 24 14:11:28 MACSERVER com.apple.SecurityServer35: Succeeded authorizing right system.preferences by client /Applications/Utilities/Directory Utility.app for authorization created by /Applications/Utilities/Directory Utility.app.
Jan 24 14:11:28 MACSERVER com.apple.SecurityServer35: Succeeded authorizing right system.services.directory.configure by client /Applications/Utilities/Directory Utility.app for authorization created by /Applications/Utilities/Directory Utility.app.
Jan 24 14:16:28 MACSERVER com.apple.SecurityServer35: Succeeded authorizing right system.preferences by client /Applications/Utilities/Directory Utility.app for authorization created by /Applications/Utilities/Directory Utility.app.
Jan 24 14:16:58: --- last message repeated 1 time ---
Jan 24 14:21:28 MACSERVER com.apple.SecurityServer35: Succeeded authorizing right system.preferences by client /Applications/Utilities/Directory Utility.app for authorization created by /Applications/Utilities/Directory Utility.app.
Jan 24 14:23:09 MACSERVER com.apple.SecurityServer35: checkpw() returned -2; failed to authenticate user USER (uid 19619).
Jan 24 14:23:09: --- last message repeated 1 time ---
Jan 24 14:23:09 MACSERVER com.apple.SecurityServer35: Failed to authorize right system.login.tty by client /usr/bin/su for authorization created by /usr/bin/su.
Jan 24 14:23:09 MACSERVER su603: pam_authenticate: Authentication failure
Jan 24 14:58:53: --- last message repeated 1 time ---
Jan 24 14:58:53 MACSERVER com.apple.SecurityServer35: Failed to authorize right system.login.tty by client /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Jan 24 14:58:53 MACSERVER sshd761: error: PAM: Authentication failure for illegal user USER from lecheese
Jan 24 14:58:53 MACSERVER sshd761: Failed keyboard-interactive/pam for invalid user USER from X.X.X.X port 51284 ssh2
Jan 24 14:58:57 MACSERVER com.apple.SecurityServer35: checkpw() returned -2; failed to authenticate user USER (uid 19619).
Jan 24 14:58:57: --- last message repeated 1 time ---
Jan 24 14:58:57 MACSERVER com.apple.SecurityServer35: Failed to authorize right system.login.tty by client /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Jan 24 14:58:57 MACSERVER sshd761: error: PAM: Authentication failure for illegal user USER from lecheese
Jan 24 14:58:57 MACSERVER sshd761: Failed keyboard-interactive/pam for invalid user USER from X.X.X.X port 51284 ssh2
Jan 24 14:59:02 MACSERVER sshd761: fatal: initgroups: NOUSER: Bad file descriptor
This now does not work in Leopard. We set up Leopard client and server machines in exactly the same was as in Tiger (with the LDAP server details, etc) but users from this LDAP server can not SSH, or login using the Login Window or by using the su command on these machines.
Anyone got any idea why the password authentication is failing?
This is the secure.log:
Jan 24 14:11:28 MACSERVER com.apple.SecurityServer35: Succeeded authorizing right system.preferences by client /Applications/Utilities/Directory Utility.app for authorization created by /Applications/Utilities/Directory Utility.app.
Jan 24 14:11:28 MACSERVER com.apple.SecurityServer35: Succeeded authorizing right system.services.directory.configure by client /Applications/Utilities/Directory Utility.app for authorization created by /Applications/Utilities/Directory Utility.app.
Jan 24 14:16:28 MACSERVER com.apple.SecurityServer35: Succeeded authorizing right system.preferences by client /Applications/Utilities/Directory Utility.app for authorization created by /Applications/Utilities/Directory Utility.app.
Jan 24 14:16:58: --- last message repeated 1 time ---
Jan 24 14:21:28 MACSERVER com.apple.SecurityServer35: Succeeded authorizing right system.preferences by client /Applications/Utilities/Directory Utility.app for authorization created by /Applications/Utilities/Directory Utility.app.
Jan 24 14:23:09 MACSERVER com.apple.SecurityServer35: checkpw() returned -2; failed to authenticate user USER (uid 19619).
Jan 24 14:23:09: --- last message repeated 1 time ---
Jan 24 14:23:09 MACSERVER com.apple.SecurityServer35: Failed to authorize right system.login.tty by client /usr/bin/su for authorization created by /usr/bin/su.
Jan 24 14:23:09 MACSERVER su603: pam_authenticate: Authentication failure
Jan 24 14:58:53: --- last message repeated 1 time ---
Jan 24 14:58:53 MACSERVER com.apple.SecurityServer35: Failed to authorize right system.login.tty by client /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Jan 24 14:58:53 MACSERVER sshd761: error: PAM: Authentication failure for illegal user USER from lecheese
Jan 24 14:58:53 MACSERVER sshd761: Failed keyboard-interactive/pam for invalid user USER from X.X.X.X port 51284 ssh2
Jan 24 14:58:57 MACSERVER com.apple.SecurityServer35: checkpw() returned -2; failed to authenticate user USER (uid 19619).
Jan 24 14:58:57: --- last message repeated 1 time ---
Jan 24 14:58:57 MACSERVER com.apple.SecurityServer35: Failed to authorize right system.login.tty by client /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Jan 24 14:58:57 MACSERVER sshd761: error: PAM: Authentication failure for illegal user USER from lecheese
Jan 24 14:58:57 MACSERVER sshd761: Failed keyboard-interactive/pam for invalid user USER from X.X.X.X port 51284 ssh2
Jan 24 14:59:02 MACSERVER sshd761: fatal: initgroups: NOUSER: Bad file descriptor
Xserve