More progress! New AD users work fine - they can login under FC5. Unfortunately with over 400 users I need to ensure that old users work. There is an error message that flashes up on login on tty1, however it is gone before I can read any of it. Hwere would this error be viewable? I've looked in /var/log/messages and /var/log/secure and cannot see it. Here is some of the /var/log/secure file: ----------------------------- Apr 26 10:59:19 linuxclient2 login: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost= user=testuser12 Apr 26 10:59:19 linuxclient2 login: pam_krb5[3446]: authentication succeeds for 'testuser12' (testuser12@xxxxxxxxxxxxxx) Apr 26 10:59:20 linuxclient2 login: pam_unix(login:session): session opened for user testuser12 by LOGIN(uid=0) Apr 26 10:59:21 linuxclient2 login: LOGIN ON tty1 BY testuser12 Apr 26 11:00:16 linuxclient2 login: pam_unix(login:session): session closed for user testuser12 Apr 26 11:00:23 linuxclient2 login: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost= user=chrisbradford Apr 26 11:00:24 linuxclient2 login: pam_krb5[3515]: authentication succeeds for 'chrisbradford' (chrisbradford@xxxxxxxxxxxxxx) Apr 26 11:00:35 linuxclient2 login: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost= user=chrisbradford Apr 26 11:00:35 linuxclient2 login: pam_krb5[3531]: authentication succeeds for 'chrisbradford' (chrisbradford@xxxxxxxxxxxxxx) Apr 26 11:01:59 linuxclient2 login: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost= user=pat hills Apr 26 11:02:00 linuxclient2 login: pam_krb5[3549]: authentication succeeds for 'pat hills' (pat hills@xxxxxxxxxxxxxx) ------------------------------ As you can see testuser12, a new AD account works fine. But chrisbradford and pat hills do not. What would cause this? Cheers, Chris -----Original Message----- From: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Chris Bradford Sent: 26 April 2006 09:30 To: For users of Fedora Core releases Subject: RE: FC5 LDAP Authentication Problem[Scanned] I have made some progress with this. Looking at the var/log/secure file a found that kerberos was not loading. I have fixed this using authconfig --enablekrb5 --updateall and configured /etc/krb5.conf with kdc information for our domain. I also found in the /var/log/secure file: Apr 26 09:25:04 linuxclient2 login: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost= user=chrisbradford Apr 26 09:25:04 linuxclient2 login: pam_krb5[2309]: authentication succeeds for 'chrisbradford' (chrisbradford@xxxxxxxxxxxxxx) It seems like pam_ldap is not being called, instead pam_unix is. I have enabled ldap using authconfig --enableldap --enableldapauth --updateall and configured /etc/openldap/ldap.conf and /etc/ldap.conf. Any ideas? Thanks, Chris -----Original Message----- From: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Chris Bradford Sent: 25 April 2006 22:18 To: For users of Fedora Core releases Subject: RE: FC5 LDAP Authentication Problem[Scanned] Milos, I'm putting together a guide at the moment on my web site. A collection of all the material I have found to date. Up until recently I was about to publish it as I had FC4 working. Now with these FC5 problems it'll be a week or so until its complete. Check it out at http://cb-net.co.uk. I'll announce it on the front page when its done. Cheers, Chris Bradford Systems Administrator Cambridge Newspapers -----Original Message----- From: fedora-list-bounces@xxxxxxxxxx on behalf of Safe Life Sent: Tue 4/25/2006 7:12 PM To: For users of Fedora Core releases Subject: Re: FC5 LDAP Authentication Problem[Scanned] Chris, is there any comprehensive description of FC binding to the W2K3 AD? I know the AD side, but being "newbie" in the FC environment. Regards, Milos -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list This message has been scanned for viruses by BlackSpider MailControl - www.blackspider.com -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
