On Thu, 2007-09-20 at 11:23 -0400, Von Landfried wrote:
Thank you for you response, but I might not have been clear in my original email.
All of the other servers (servers[1-9]) are working properly, i.e. the user 'testuser' is able to log in using the password I set, and is able to change the password using passwd, among other things of course. So because of this, I assume LDAP is working properly.
My question is why can't 'testuser' log into the actual LDAP server? There must be some configuration difference, but I just can't find it.
---- did you check /var/log/secure on that system? That should log authentication failures/successes.
remember, each machine must make it's own connection to ldap and each system has it's own /etc/ldap.conf, /etc/openldap/ldap.conf, /etc/nsswitch.com and /etc/pam.d/system-auth files ----
I obviously would not change /etc/pam.d/system-auth manually, I would use 'authconfig' to make any changes. I already turned off WINBIND and that did nothing to fix it. Unless something has to be restarted, (other than ldap, sshd) then this wasn't the cause.
---- winbindd would only slow things up - especially if improperly configured.
also, it's a good idea to make sure nscd is stopped - at the very least, stopped until everything is working properly. ----
The /etc/ldap.conf is configured properly, on all machines, which is why I assume the user is able to log into the other 9 servers.
These are CentOS 4.5 servers, so they are running openldap-2.2.13-7.4E
Running 'getend passwd' (didn't know that command, thanks for that one) shows the user, so I assume the password is correctly setup (kinda already knew that since he can log into all other machines)
---- getent passwd getent group
very important on systems with system users in /etc/passwd and network users in ldap since it gives you the hybrid.
very important also to not have a user in both /etc/passwd and ldap as that would surely cause confusion ----
I will keep trying, and will read through the documentation.
---- good luck