Authenticating via LDAP to Active Directory
Stuart Sears
stuart at sjsears.com
Sat Feb 24 09:46:54 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Nigel Wade wrote:
> Davis, Jared Scott wrote:
>> In /var/log/messages:
>> "sshd: pam_ldap: ldap_simple_bind Can't contact LDAP server"
>>
>
> So PAM can't talk to the LDAP server. Double check the values in
> /etc/ldap.conf. ldapsearch uses /etc/openldap/ldap.conf and PAM uses
> /etc/ldap.conf so check the sym-link.
just a point: these are not symbolic links. The two files have similar,
but definitley different syntax. So the file you want to check is
/etc/ldap.conf
> Monitor the network traffic using wireshark/ethereal to see what is
> happening between your client and the LDAP server. Is it setup correctly
> to handle LDAPS? Since you mention certs. I presume you are required to
> use LDAPS, it makes diagnosing problems harder because all the requests
> are encrypted. How is your LDAP server specified in ldap.conf, host/port
> or uri?
whether it is LDAPS or LDAP/TLS will depend on the AD version. IIRC, AD
in windows server 2003+ can use TLS these days. Windows 200 used LDAPS.
Regards
Stuart
- --
Stuart Sears RHCA RHCSS PDF ODT DUI
"The PM's claims on this subject are not exactly lies, so much as
fact-free."
http://www.no2id.net/news/pressRelease/release.php?name=Blair_Fact-Free
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFF4AmOamPtx1brPQ4RAqPaAJ0Sa8dN9ZrTdwkR4AYs5P98L/Ar0ACfUvdS
4BCet7uPpvL8ucBxd9SfNb4=
=DADD
-----END PGP SIGNATURE-----
More information about the redhat-list
mailing list