[CentOS] Problems with nss_ldap - where to start?

Peter Serwe peter.serwe at gmail.com
Wed Dec 16 20:07:47 UTC 2009


Found an ldif user recipe for CentOS5.2..

Added the user "tactest" with the password "tactest".

Dec 16 12:05:30 ldap sshd[11705]pam_unix(sshd:auth): check pass; user
unknown
Dec 16 12:05:30 ldap sshd[11705]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ldap
Dec 16 12:05:30 ldap sshd[11705]: pam_succeed_if(sshd:auth): error
retrieving information about user tactest

auth still fails.

Peter

On Wed, Dec 16, 2009 at 11:49 AM, Peter Serwe <peter.serwe at gmail.com> wrote:

> I was going to say no TLS on either side.
>
> Specifically because I wanted to make sure that I was doing it with basic
> auth prior to using tls, but I found TLS lines in the /etc/ldap.conf.
>
> I commented those out, and guess what, no more nss_ldap messages in
> /var/log/messages..
>
> Now, I'm somewhat guessing that my directory doesn't have the right
> information in it.  Maybe I just need an ldif recipe for adding the users.
>
> Peter
>
>
> On Wed, Dec 16, 2009 at 11:33 AM, <m.roth at 5-cent.us> wrote:
>
>>
>> First question: do you have tls enabled on the client, and not the server,
>> or vice versa?
>>
>> Second question: on the server, can you do a search?
>>
>> Handy tool: webmin has a whole ldap section, and can give you a *lot* of
>> clues as to what's going wrong.
>>
>>       mark
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>
>
>
> --
> Peter Serwe
> http://truthlightway.blogspot.com/
>



-- 
Peter Serwe
http://truthlightway.blogspot.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.centos.org/pipermail/centos/attachments/20091216/f6ad3cca/attachment.html 


More information about the CentOS mailing list