Hi there guys, I'm asking here cuz in openldap mailing list I was banned cuz they say that PAM is off-topic and not LDAP related. My goal is to get rid of /etc/passwd file and autenticate my users via LDAP database, So, here is what I've done, System opensuse 10.1 commmon-auth auth required pam_env.so auth required pam_unix2.so auth sufficient pam_ldap.so common-account account required pam_unix2.so account sufficient pam_ldap.so login auth required pam_securetty.so auth include common-auth auth required pam_nologin.so auth sufficient pam_ldap.so auth required pam_mail.so account include common-account password include common-password session include common-session session required pam_resmgr.so common-session session required pam_limits.so session required pam_unix2.so session sufficient pam_ldap.so ssh #%PAM-1.0 auth include common-auth auth required pam_nologin.so account include common-account password include common-password session include common-session The user netwarrior is not part of the passwd unix system, cuz I wanna get rid of it, I wanna all my users reside in the LDAP dtabase. netwarrior was added like this : smbldap-useradd netwarrior Then: linux:/usr/local/sbin # ./smbldap-usershow netwarrior dn: uid=netwarrior,ou=Users,dc=netwarrior,dc=com objectClass: top,inetOrgPerson,posixAccount,shadowAccount cn: netwarrior sn: netwarrior uid: netwarrior uidNumber: 1005 gidNumber: 513 homeDirectory: /home/netwarrior loginShell: /bin/bash gecos: System User description: System User userPassword: {SSHA}wcM+uu6ExMHrxWOebO2wVQ/rwMpmWDNI linux:/usr/local/sbin # linux:/usr/local/sbin # ./smbldap-passwd netwarrior and gave it a password When trying , for example ssh netwarrior@suse from a remote machine using ssh I get: NOTE This remote machine does not authenticate to the LDAP server or whatever, PDC and so on, just try to make an ssh connection using a known user. tail -f /var/log/messages Oct 9 22:05:32 linux sshd[7005]: Invalid user netwarrior from <a href="http://172.16.4.100">172.16.4.100</a> Oct 9 22:06:16 linux slapd[6910]: conn=10 op=2 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(uid=netwarrior)" Oct 9 22:06:16 linux slapd[6910]: send_ldap_result: conn=10 op=2 p=3 Oct 9 22:06:16 linux slapd[6910]: send_ldap_result: err=10 matched="" text="" Oct 9 22:06:16 linux slapd[6910]: send_ldap_response: msgid=3 tag=101 err=32 Oct 9 22:06:16 linux sshd[7010]: pam_ldap: ldap_search_s No such object Oct 9 22:06:16 linux sshd[7008]: error: PAM: User not known to the underlying authentication module for illegal user netwarrior from freebsd Oct 9 22:06:16 linux slapd[6910]: conn=10 op=2 SEARCH RESULT tag=101 err=32 nentries=0 text= Oct 9 22:06:16 linux slapd[6910]: daemon: activity on 1 descriptors Oct 9 22:06:16 linux slapd[6910]: daemon: activity on: Oct 9 22:06:16 linux slapd[6910]: 12r Oct 9 22:06:16 linux slapd[6910]: Oct 9 22:06:16 linux slapd[6910]: daemon: read activity on 12 Oct 9 22:06:16 linux slapd[6910]: connection_get(12) Oct 9 22:06:16 linux slapd[6910]: connection_get(12): got connid=10 Oct 9 22:06:16 linux slapd[6910]: connection_read(12): checking for input on id=10 Oct 9 22:06:16 linux slapd[6910]: ber_get_next on fd 12 failed errno=0 (Success) Oct 9 22:06:16 linux slapd[6910]: connection_read(12): input error=-2 id=10, closing. Oct 9 22:06:16 linux sshd[7008]: Failed keyboard-interactive/pam for invalid user netwarrior from <a href="http://172.16.4.100">172.16.4.100</a> port 57885 ssh2 example??? -> the base dn is netwarrior, where did it take "dc=example,dc=com", what I am missing ldap.conf in the server machine is like this #BASE dc=netwarrior,dc=com #URI ldap://127.0.0.1 #HOST <a href="http://127.0.0.1">127.0.0.1</a> #TLS_CACERT /etc/ssl/server.crt #TLS_REQCERT demand #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never TLS_REQCERT allow #nss_base_passwd ou=Users,dc=netwarrior,dc=com?one #nss_base_shadow ou=Users,dc=netwarrior,dc=com?one #nss_base_group ou=Groups,dc=netwarrior,dc=com?one BASE, URI, HOST and nss* uncommented make no difference. slapd.conf reads like this: TLSCipherSuite HIGH:MEDIUM:+SSLv3 #TLSCACertificateFile /etc/ssl/server.csr TLSCertificateFile /etc/ssl/server.crt TLSCertificateKeyFile /etc/ssl/server.key TLSVerifyClient try In sshd_conf I've got. UsePAM yes Thanks in advance, sorry for the noise.