Enterprise Management Agent Host Credentials for PAM and LDAP

We use LDAP users to install oracle software. In my humble opinion, it’s not a good approach because if the server can not communicate with LDAP service, Oracle gets errors when spawning new processes. We have already started to switch our oracle users from LDAP authentication to local users, but this is not the subject of this blog post. Using LDAP for authentication, also affects Enterprise Manager agents. When I try to create a named credential, EM agent can not verify the user/password, although I used the same user/password information to deploy the agents 🙂

pamerror

Here’s the log generated by the agent:

The solution is well documented on My Oracle Support: How to Configure the Enterprise Management Agent Host Credentials for PAM and LDAP (Doc ID 422073.1)

In short, you need to create a file under /etc/pam.d directory named emagent i.e /etc/pam.d/emagent, and enter the following configuration lines into it:

I know that My Oracle Support is the most reliable source, but I decided to go my way! So instead of creating a new file containing the above configuration rules, I copied a working pam.d configuration file (/etc/pam.d/sshd) to “/etc/pam.d/emagent”. After I copied the configuration file, LDAP authentication started to working fine (no agent restart required on “Red Hat Enterprise Linux Server release 5.7 (Tikanga)”.

Please share
  • 2
  •  
  •  
  •  
  •  
  •  

AWS Big Data Specialist. Oracle Certified Professional (OCP) for EBS R12, Oracle 10g and 11g. Co-author of "Expert Oracle Enterprise Manager 12c" book published by Apress. Awarded as Oracle ACE (in 2011) and Oracle ACE Director (in 2016) for the continuous contributions to the Oracle users community. Founding member, and vice president of Turkish Oracle User Group (TROUG). Presented at various international conferences including Oracle Open World.

5 Comments

  1. Matthew Garrett

    Instead of copying, we created a symlink.

    ln -s /etc/pam.d/sshd /etc/pam.d/emagent

    This worked for RHEL 6.6 (and Oracle Linux 6.6)

    # cat /etc/oracle-release
    Oracle Linux Server release 6.6

    • Srinivas

      Thanks Gokhan.

      Adding those 4 entries in /etc/pam.d/emagent didn’t helped but your workkaround of copying /etc/pam.d/sshd to /etc/pam.d/emagent worked in my case.

  2. Neha Agarwal

    Thanks for the workaround . cp /etc/pam.d/sshd /etc/pam.d/emagent works for me .
    I am also facing the similar issue oracle.sysman.emSDK.agent.client.exception.PerformOperationException:
    ERROR: Invalid username and/or password (request id 1) <<< for the OMA installed into the windows machine . Do you know how to resolve the same issue in windows machine.

  3. PRABHU RANGANATHAN

    ln -s /etc/pam.d/sshd /etc/pam.d/emagent…

    Thanks for the solution.

Leave Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.