Access denied for this service

I get this message when logging in. It still drops me to a prompt but I want
this message to go away. Problem is, I cannot track it down. There is
nothing in syslog or messages or auth. I only get the message for ldap users
and not for local users. I get the message via ssh or gdm. Hushlogin
suppresses the message via ssh but not direct login. Googling "Access denied
for this service" returns nothing, if you can believe that. Any help would
be greatly appreciated.
--
View this message in context: http://www.nabble.com/Access-denied-for-this-service-tp15299608p15299608.html
Sent from the PAM LDAP mailing list archive at Nabble.com.

bdptcob skrev, on 05-02-2008 22:11:

> I get this message when logging in. It still drops me to a prompt but I want
> this message to go away. Problem is, I cannot track it down. There is
> nothing in syslog or messages or auth. I only get the message for ldap users
> and not for local users. I get the message via ssh or gdm. Hushlogin
> suppresses the message via ssh but not direct login. Googling "Access denied
> for this service" returns nothing, if you can believe that. Any help would
> be greatly appreciated.

The word "Access" doesn't occur in my Red Hat/Fedora
/lib/security/pam_ldap.so. You make no mention of your OS, perhaps you
have a wild selinux or apparmor genie loose?

--Tonni

--
Tony Earnshaw
Email: tonni at hetnet dot nl

Tony Earnshaw wrote: It's a wild Symas genie ;-) ... That's a message from the account module
in the pam_ldap library that's part of the CNS package. speedfc is not
one of our customers though.

The message is returned when pam_check_host_attr is set to 'yes', but
the user's object doesn't contain a host attribute with the host's DNS
name. The fact that logins are still possible points to a
misconfiguration in the account section of a file in pam.d, as was noted
in a later post.

Cheers,

-Matt

--

Matthew Hardin
Symas Corporation - The LDAP Guys
http://www.symas.com

> --Tonni
>