Fedora LDAP authentication failure

Wang, Yu ywang at unf.edu
Wed Nov 10 23:20:38 UTC 2004 

I didn't see you mention any configure files for nss_ldap and pam_ldap. Do you use separate conf files or single one? You can test nss_ldap to make sure it works and then move to pam_ldap/pam configure. You can turn on debug for nssldap to see if it contact ldap server or not. Command: "id userid" invokes getpw --> nss and is good to test nssldap.

--Yu Wang

Information Technology Services
University of North Florida
(904) 620-2820



-----Original Message-----
From: pam-list-bounces at redhat.com [mailto:pam-list-bounces at redhat.com]On
Behalf Of Greg Dotts
Sent: Wednesday, November 10, 2004 5:22 PM
To: pam-list at redhat.com
Subject: Fedora LDAP authentication failure


Greetings Guru's,

I'm at my wits end attempting to configure LDAP authentication on my Fedora
2 server.  I'm not new to Linux, but am new to directory management.
Running debugs on slapd returns positive information when GQ is used to
browse/change the directory, but when I attempt to login via console with
any user other than root results in no contact with the LDAP server.  Root
authenticates OK, but not via LDAP.

Synopsis:

OS=Fedora Core 2, fully updated via APT/Synaptic.
Running current updates of openldap et al, nss_ldap, pam, and openssl.

My LDAP server is working and searchable/writable locally using either GQ or
standard openldap tools.  I have used the tools 'authconfig' and
'system-config-authentication' to enable LDAP authentication and manually
modified 'nsswitch.conf', and '/etc/pam.d/login and /etc/pam.d/system-auth'.

It appears that PAM is not contacting the LDAP server for authentication.
Does anyone have a suggestion as to why this may be?  I know this is a very
open question, but I've struggled with this for about a week and spent
several days searching the internet for answers.  I have followed many
HOW-TO's and rebuilt my LDAP directory about a dozen times.  It appears the
LDAP server is working fine, but no requests are being made from login to
the LDAP server.

Best regards to all,
Greg


_______________________________________________
Pam-list mailing list
Pam-list at redhat.com
https://www.redhat.com/mailman/listinfo/pam-list

More information about the Pam-list mailing list