Skip to Main Content
Forums

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Sunray LDAP authentication

807573Aug 8 2006 — edited Aug 8 2006
I'm trying to get sunrays to authenticate using LDAP. So far I can log in successfully using SSH on an LDAP account, but not sunray. When I try to log in using a sunray, it just says incorrect login immediately. When I purposely type in the wrong password it takes a while to come back with incorrect login instead of immediately, so I think something is happening.

Heres what the access log shows when I try to log in:

[08/Aug/2006:09:40:33 -0600] conn=11551 op=-1 msgId=-1 - fd=312 slot=312 LDAP connection from xx.xx.xx.xx to xx.xx.xx.xx
[08/Aug/2006:09:40:33 -0600] conn=11551 op=0 msgId=1 - BIND dn="cn=proxyagent,ou=profile,dc=server,dc=example,dc=com" method=128 version=3
[08/Aug/2006:09:40:33 -0600] conn=11551 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=proxyagent,ou=profile,dc=server,dc=example,dc=com"
[08/Aug/2006:09:40:33 -0600] conn=11551 op=1 msgId=2 - SRCH base="ou=people,dc=server,dc=example,dc=com" scope=1 filter="(&(objectClass=shadowAccount)(uid=user))" attrs="uid userPassword shadowFlag"
[08/Aug/2006:09:40:33 -0600] conn=11551 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0
[08/Aug/2006:09:40:33 -0600] conn=11551 op=2 msgId=3 - UNBIND
[08/Aug/2006:09:40:33 -0600] conn=11551 op=2 msgId=-1 - closing - U1
[08/Aug/2006:09:40:33 -0600] conn=11551 op=-1 msgId=-1 - closed.

And heres my pam.conf:

#
#ident "@(#)pam.conf 1.28 04/04/21 SMI"
#
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_dial_auth.so.1
login auth required pam_unix_cred.so.1
login auth sufficient pam_unix_auth.so.1
login auth required pam_ldap.so.1
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_cred.so.1
rlogin auth sufficient pam_unix_auth.so.1
rlogin auth required pam_ldap.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_cred.so.1
#
# Kerberized rlogin service
#
krlogin auth required pam_unix_cred.so.1
krlogin auth binding pam_krb5.so.1
krlogin auth required pam_unix_auth.so.1
#
# Kerberized rsh service
#
krsh auth required pam_unix_cred.so.1
krsh auth binding pam_krb5.so.1
krsh auth required pam_unix_auth.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_dial_auth.so.1
ppp auth sufficient pam_unix_auth.so.1
ppp auth required pam_ldap.so.1
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_cred.so.1
other auth sufficient pam_unix_auth.so.1
other auth required pam_ldap.so.1
#
# passwd command (explicit because of a different authentication module)
#
passwd auth sufficient pam_passwd_auth.so.1
passwd auth required pam_ldap.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron account required pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other account requisite pam_roles.so.1
other account required pam_unix_account.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other session required pam_unix_session.so.1
#
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
#
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1
#
# Support for Kerberos V5 authentication and example configurations can
# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
#
# added to xscreensaver by SunRay Server Software -- xscreensaver
xscreensaver auth sufficient /opt/SUNWut/lib/pam_sunray.so syncondisplay
xscreensaver auth requisite pam_authtok_get.so.1
xscreensaver auth required pam_dhkeys.so.1
xscreensaver auth required pam_unix_cred.so.1
xscreensaver auth sufficient pam_unix_auth.so.1 server_policy
xscreensaver auth required pam_ldap.so.1
xscreensaver account requisite pam_roles.so.1
xscreensaver account sufficient pam_unix_account.so.1 server_policy
xscreensaver account required pam_ldap.so.1
xscreensaver session required pam_unix_session.so.1
xscreensaver password required pam_dhkeys.so.1
xscreensaver password requisite pam_authtok_get.so.1
xscreensaver password requisite pam_authtok_check.so.1
xscreensaver password required pam_authtok_store.so.1 server_policy
# added to dtlogin-SunRay by SunRay Server Software -- dtlogin-SunRay
dtlogin-SunRay session required pam_unix_session.so.1
dtlogin-SunRay password required pam_dhkeys.so.1
dtlogin-SunRay password requisite pam_authtok_get.so.1
dtlogin-SunRay password requisite pam_authtok_check.so.1
dtlogin-SunRay password required pam_authtok_store.so.1 server_policy
dtlogin-SunRay auth sufficient /opt/SUNWut/lib/pam_sunray.so
dtlogin-SunRay auth requisite /opt/SUNWut/lib/sunray_get_user.so.1 property=username
dtlogin-SunRay auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1
dtlogin-SunRay auth requisite /opt/SUNWut/lib/sunray_get_user.so.1 prompt
dtlogin-SunRay auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1 clearuser
dtlogin-SunRay auth requisite pam_authtok_get.so.1
dtlogin-SunRay auth required pam_dhkeys.so.1
dtlogin-SunRay auth required pam_unix_cred.so.1
dtlogin-SunRay auth sufficient pam_unix_auth.so.1 server_policy
dtlogin-SunRay auth required pam_ldap.so.1
dtlogin-SunRay account sufficient /opt/SUNWut/lib/pam_sunray.so
dtlogin-SunRay account requisite pam_roles.so.1
dtlogin-SunRay account sufficient pam_unix_account.so.1 server_policy
dtlogin-SunRay account required pam_ldap.so.1
# added to dtsession-SunRay by SunRay Server Software -- dtsession-SunRay
dtsession-SunRay auth sufficient /opt/SUNWut/lib/pam_sunray.so syncondisplay
dtsession-SunRay auth requisite pam_authtok_get.so.1
dtsession-SunRay auth required pam_dhkeys.so.1
dtsession-SunRay auth required pam_unix_cred.so.1
dtsession-SunRay auth sufficient pam_unix_auth.so.1 server_policy
dtsession-SunRay auth required pam_ldap.so.1
dtsession-SunRay account requisite pam_roles.so.1
dtsession-SunRay account sufficient pam_unix_account.so.1 server_policy
dtsession-SunRay account required pam_ldap.so.1
dtsession-SunRay session required pam_unix_session.so.1
dtsession-SunRay password required pam_dhkeys.so.1
dtsession-SunRay password requisite pam_authtok_get.so.1
dtsession-SunRay password requisite pam_authtok_check.so.1
dtsession-SunRay password required pam_authtok_store.so.1 server_policy
# added to utnsclogin by SunRay Server Software -- utnsclogin
utnsclogin account requisite pam_roles.so.1
utnsclogin account sufficient pam_unix_account.so.1 server_policy
utnsclogin account required pam_ldap.so.1
utnsclogin session required pam_unix_session.so.1
utnsclogin password required pam_dhkeys.so.1
utnsclogin password requisite pam_authtok_get.so.1
utnsclogin password requisite pam_authtok_check.so.1
utnsclogin password required pam_authtok_store.so.1 server_policy
utnsclogin auth requisite /opt/SUNWut/lib/sunray_get_user.so.1 property=username
utnsclogin auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1
utnsclogin auth requisite pam_authtok_get.so.1
utnsclogin auth required pam_dhkeys.so.1
utnsclogin auth required pam_unix_cred.so.1
utnsclogin auth sufficient pam_unix_auth.so.1 server_policy
utnsclogin auth required pam_ldap.so.1
# added to utadmingui by SunRay Server Software -- utadmingui
utadmingui auth sufficient /opt/SUNWut/lib/pam_sunray_admingui.so.1
# added to utgulogin by SunRay Server Software -- utgulogin
utgulogin auth requisite /opt/SUNWut/lib/sunray_get_user.so.1 property=username
utgulogin auth requisite /opt/SUNWut/lib/sunray_get_user.so.1 token=auth,JavaBadge
utgulogin auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1
utgulogin auth requisite /opt/SUNWut/lib/sunray_get_user.so.1 prompt
utgulogin auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Sep 5 2006
Added on Aug 8 2006
#identity-management, #oracle-unified-directory-oud-oracle-directory-server-enterprise-edition-sun-dsee
1 comment
530 views