Received message "XCOMU0287E Error setting remote user id: Verify login failed" using PAM

Document ID:  TEC1766355
Last Modified Date:  06/14/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA XCOM Data Transport

Releases

  • CA XCOM Data Transport:Release:11.6
  • CA XCOM Data Transport:Release:11.6 SP1

Components

  • CA XCOM Data Transport for Linux PC:XCLX86
Issue:

Implemented LDAP PAM on our Linux RHEL 7 to use with CA XCOM and we continue to receive message "XCOMU0287E Error setting remote user id: Verify login failed" when performing an incoming transfer.

Environment:
XCOM r11.6 for Linux, Red Hat v7
Resolution:

We provided a working sample version of the xcomauth file that solved their problem.

 

auth required /opt/CA/XCOM/redistrib/pam_userpass/pam_userpass.so

auth required pam_env.so

auth sufficient pam_sss.so user_first_pass

auth sufficient pam_unix.so nullok use_first_pass

auth required pam_deny.so

 

account required pam_access.so

account required pam_unix.so broken_shadow

account sufficient pam_localuser.so

account sufficient pam_succeed_if.so uid < 500 quiet

account [default=bad success=ok user_unknown=ignore] pam_sss.so

account required pam_permit.so

Additional Information:

The above sample xcomauth file may or may not work in your environment. It is the responsibility of the Security Admin of your system to review and modify the security for your sites specifications. 

To Debug the xcomauth file:

1. Check the syslog for any useful messages

2. Debug the system-auth file and xcomauth file.

PAM modules are expected to send messages to syslog(3) under facility type authpriv and the following logging levels: 

- LOG_ERR - errors found by the module 

- LOG_DEBUG - debugging information 

- LOG_ALERT - corrupted or unusable configuration files 

- LOG_CRIT - shortage of resources 

- LOG_NOTICE - regular authentication failures 

The debugging information is enabled by passing string 'debug' as the very first argument (right after the module name) in the PAM config file. For example: auth required /lib64/security/pam_userpass.so debug 

Expand the included entries from system-auth into xcomauth and plant the debug parameter into each line (and adjust syslogd.conf so that the messages are saved). This will hopefully explain why the authentication fails. 

Also check how these logging destinations are defined in syslogd.conf and see whether there are meaningful messages there.

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >