Hi, Fail2ban is logging false positive with authentication using pam ldap. What happen is a user login using his ldap password cause pam_unix to fail then pam_ldap log the user in. sshd filter for fail2ban read /var/log/secure see the pam_unix error, flag it even if the next line in the log says the login is successful. CentOS 7 with fail2ban 0.9.7 from EPEL. Any idea how to fix this? Thanks. Jimmy
Jimmy Morin wrote:> > Fail2ban is logging false positive with authentication using pam ldap. > > What happen is a user login using his ldap password cause pam_unix to > fail then pam_ldap log the user in. > > sshd filter for fail2ban read /var/log/secure see the pam_unix error, > flag it even if the next line in the log says the login is successful. > > CentOS 7 with fail2ban 0.9.7 from EPEL. > > Any idea how to fix this?My first thought would be to redo pam system-auth for login such that pam_ldap *precedes* pam_unix. Question: is pam_unix sufficient, or required? mark