[ You are viewing a single post. The sidebar has been removed to give the article some room. ]

Solaris PAM and LDAP: No account present for user

Just so there’s some clear google-findable record of this in order to save other people the day I just wasted.

Solaris PAM (specifically pam_unix_account.so.1 I believe) requires all LDAP user entries to belong to objectClass: shadowAccount. If you have no need for user passwords in LDAP like we do, tough luck - you still need to have have this set for each user account.

If you don’t have objectClass: shadowAccount set for a user, he or she will be quietly rejected login to the host in question. Syslog will show No account present for user.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • digg
  • Furl
  • Reddit
  • Spurl
This entry was written by JB, posted on July 23, 2008 at 5:15 pm, filed under Sysadmin. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*