Hi,
I have a problem using LDAP on FC3 for authentication and login.
So far it worked on FC1 without problem, but the same ldap.conf, nsswitch.conf and system-auth won't work under FC3.
ldap.conf looks like this:
base dc=mydomain,dc=com host 192.168.1.20 pam_password md5 ssl yes
This gives me the following messages in /var/log/message: Jun 12 23:48:27 infra1 sshd(pam_unix)[2716]: check pass; user unknown Jun 12 23:48:27 infra1 sshd[2716]: pam_ldap: ldap_simple_bind Can't contact LDAP server Jun 12 23:48:27 infra1 sshd[2716]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Changing the host parameter in ldap.conf to URI ldaps://192.168.1.20
then gives me a different error message: Jun 12 23:54:37 infra1 sshd(pam_unix)[2732]: check pass; user unknown Jun 12 23:54:37 infra1 sshd(pam_unix)[2732]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.29
nscd is NOT running Also, I disabled SELINUX
At the same time, finger and groups commands work, I can also pull up the record using ldapsearch...
Any ideas what could be the problem?
Thanks,
MARK
Don't forget that ldapsearch and nss_ldap/pam_ldap use different copies of ldap.conf. One uses /etc/ldap.conf and the other uses /etc/openldap/ldap.conf (can't remember which offhand). Make sure both are updated correctly, or symlink them. Also, at some stage PAM attempts to bind as the rootbinddn using the password in /etc/ldap.secret. Is that setup?
I'd try getting the system working without SSL to begin with (if that's an option). At least then you can monitor the network traffic to see what's happening. Once LDAP works you can re-introduce the encryption.
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@xxxxxxxxxxxx
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555