<div dir="ltr">Hi, Can you check What happens if you specify ssl start_tls instead of "ssl on" Regards Niranjan <div class="gmail_quote">On Thu, Jul 24, 2008 at 9:29 PM, Dharmin Mandalia <<a href="mailto:dharmin98@hotmail.com">dharmin98@hotmail.com</a>> wrote: <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> Hello Nalin and all I just added "ssl on" to below /etc/ldap.conf file and get below error msg in var/log/secure file :- sshd[6212]: pam_unix(sshd:session): session closed for user test1 sshd[6248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<a href="http://192.168.1.1" target="_blank">192.168.1.1</a> user=test1 sshd[6248]: Accepted password for test1 from <a href="http://192.168.1.1" target="_blank">192.168.1.1</a> port 47171 ssh2 sshd[6248]: pam_unix(sshd:session): session opened for user test1 by (uid=0) sshd[6248]: pam_unix(sshd:session): session closed for user test1 sshd[6284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<a href="http://192.168.1.1" target="_blank">192.168.1.1</a> user=test1 sshd[6284]: pam_ldap: ldap_simple_bind Can't contact LDAP server shd[6284]: pam_ldap: reconnecting to LDAP server... sshd[6284]: pam_ldap: ldap_simple_bind Can't contact LDAP server sshd[6284]: Failed password for test1 from <a href="http://192.168.1.1" target="_blank">192.168.1.1</a> port 47172 ssh2 With "ssl on" in ldap.conf, am unable to login via ssh any helpers please... <div class="Ih2E3d"> regards Dharmin ---------------------------------------- > Date: Thu, 24 Jul 2008 11:26:46 -0400 > From: <a href="mailto:nalin@redhat.com">nalin@redhat.com</a> > To: <a href="mailto:dharmin98@hotmail.com">dharmin98@hotmail.com</a> > CC: <a href="mailto:fedora-directory-users@redhat.com">fedora-directory-users@redhat.com</a> > Subject: Re: [Fedora-directory-users] TLS Issue > </div><div class="Ih2E3d">> On Thu, Jul 24, 2008 at 03:11:59PM +0000, Dharmin Mandalia wrote: >> I've enabled TLS and am getting below error msg's in /var/log/secure file on Fedora 9, which is my newly configured FDS , if disable TLS , am able to ssh onto the FDS server and with TLS enabled unable to login via ssh. > [snip] >> sshd[5487]: nss_ldap: could not search LDAP server - Server is unavailable > [snip] >> /etc/ldap.conf file on Fedora 9, (FDS server ) shows as :- > [snip] >> ssl start_tls >> tls_checkpeer yes >> tls_cacertfile /etc/openldap/cacerts/cacert.asc >> pam_password md5 >> uri ldap://<a href="http://127.0.0.1/" target="_blank">127.0.0.1/</a> >> tls_cacertdir /etc/openldap/cacerts > > If you're using SSL or TLS, the LDAP client library is going to compare > the names in the certificate that the server uses against the value that > was given in the client's configuration (in this case "<a href="http://127.0.0.1" target="_blank">127.0.0.1</a>"), and > it looks like they're not matching up here. > > Typically the certificate uses an actual hostname as a "CN" value in its > subject, so you'd need to specify the server URI using a hostname rather > than an IP address to make sure that they match. > > If that's not what's going on here, please post a copy of the > certificate that the server's using so that we can have a look. > > HTH, > > Nalin </div>_________________________________________________________________ Use video conversation to talk face-to-face with Windows Live Messenger. <a href="http://www.windowslive.com/messenger/connect_your_way.html?ocid=TXT_TAGLM_WL_Refresh_messenger_video_072008" target="_blank">http://www.windowslive.com/messenger/connect_your_way.html?ocid=TXT_TAGLM_WL_Refresh_messenger_video_072008</a> <div><div></div><div class="Wj3C7c"> -- Fedora-directory-users mailing list <a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a> <a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a> </div></div></blockquote></div> </div>