[Bug 333460] [NEW] [Hardy][LDAP]client authentication broken

Launchpad Bug Tracker 333460 at bugs.launchpad.net
Fri Mar 6 14:31:59 GMT 2009 

You have been subscribed to a public bug:

System:
Ubuntu 8.04.2
Release:	8.04

Possible Packages causing the problem:
libpam-ldap, libnss-ldap

Situation:
The affected machine should connect to a ldap server:

/etc/ldap/ldap.conf:
BASE dc=hektor,dc=nigel
URI ldap://hektor.nigel
TLS_CACERT /etc/ldap/ssl/hektor.pem
TLS_REQCERT never

/etc/ldap.conf:
host 192.168.0.1
base dc=hektor,dc=nigel
uri ldap://hektor.nigel/
ldap_version 3
rootbindn cn=admin,dc=hektor,dc=nigel
port 389
bind_policy soft
pam_password crypt
ssl start_tls
tls_checkpeer no
tls_cacertfile /etc/ldap/ssl/hektor.pem
nss_base_passwd ou=People,dc=hektor,dc=nigel
nss_base_shadow ou=People,dc=hektor,dc=nigel
nss_base_group  ou=Group,dc=hektor,dc=nigel
nss_base_hosts  ou=Hosts,dc=hektor,dc=nigel
nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,daemon,dhcp,games,gdm,gnats,haldaemon,hplip,irc,klog,libuuid,list,lp,mail,man,messagebus,mysql,news,polkituser,proxy,pulse,root,sshd,statd,sync,sys,syslog,uucp,www-data

/etc/pam.d/common-account:
account sufficient	pam_ldap.so 
account	required	pam_unix.so 

/etc/pam.d/common-auth:
auth	sufficient	pam_ldap.so 
auth	required	pam_unix.so nullok_secure use_first_pass

/etc/pam.d/common-password:
password   sufficient pam_ldap.so 
password   required   pam_unix.so nullok obscure min=4 max=8 md5

/etc/pam.d/common-session:
session required          pam_unix.so 
session required          pam_mkhomedir.so skel=/etc/skel/
session optional          pam_ldap.so
session optional          pam_foreground.so

Problem: 
The mapped users / groups do not make sense, ldap authentication does not work:

$ id | grep users
uid=1001(mirjam) gid=1001(mirjam) Gruppen=4(adm),6(disk),10(wheel),11(floppy),18(audio),19(cdrom),20(dialout),24(cdrom),25(floppy),27(video),29(audio),30(dip),44(video),46(plugdev),60(mysql),80(cdrw),85(usb),100(users),107(fuse),109(lpadmin),115(admin),442(plugdev),1001(mirjam)
$ ls -lh | grep bilder
drwxrwx--- 21 fidel  users 4.0K 2008-10-22 12:50 bilder
$ ls bilder
... Permission denied

Reproducable: Always

** Affects: libpam-ldap (Ubuntu)
     Importance: Undecided
         Status: New

-- 
[Hardy][LDAP]client authentication broken
https://bugs.edge.launchpad.net/bugs/333460
You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libpam-ldap in ubuntu.

More information about the Ubuntu-server-bugs mailing list