CentOS PAM+LDAP login and host attribute

Posted by pianisteg on Server Fault See other posts from Server Fault or by pianisteg
Published on 2012-09-27T14:58:33Z Indexed on 2012/09/27 15:39 UTC
Read the original article Hit count: 370

Filed under:
|
|
|

My system is CentOS 6.3, openldap is configured well, PAM authorization works fine.

But after turning pam_check_host_attr to yes, all LDAP-auths fail with message "Access denied for this host".

  1. hostname on the server returns correct value, the same value is listed in user's profile.
  2. "pam_check_host_attr no" works fine and allows everyone with correct uid/password
  3. a piece of /var/log/secure:

    Sep 26 05:33:01 ldap sshd[1588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=my-host user=my-username Sep 26 05:33:01 ldap sshd[1588]: Failed password for my-username from 77.AA.BB.CC port 58528 ssh2 Sep 26 05:33:01 ldap sshd[1589]: fatal: Access denied for user my-username by PAM account configuration

  4. Another two servers (CentOS 5.7 Debian) authorizes on this LDAP server correctly. Even with pam_check_host_attr yes!

  5. I didn't edit /etc/security/access.conf, it is empty, only default comments.

I don't know what to do! How to fix this?

© Server Fault or respective owner

Related posts about centos

Related posts about ldap