[CentOS] LDAP / PAM -- Invalid Credentials Error
Craig White
craig at tobyhouse.com
Thu Sep 20 18:14:22 UTC 2007
On Thu, 2007-09-20 at 11:23 -0400, Von Landfried wrote:
> Thank you for you response, but I might not have been clear in my
> original email.
>
> All of the other servers (servers[1-9]) are working properly, i.e.
> the user 'testuser' is able to log in using the password I set, and
> is able to change the password using passwd, among other things of
> course. So because of this, I assume LDAP is working properly.
>
> My question is why can't 'testuser' log into the actual LDAP server?
> There must be some configuration difference, but I just can't find it.
----
did you check /var/log/secure on that system? That should log
authentication failures/successes.
remember, each machine must make it's own connection to ldap and each
system has it's
own /etc/ldap.conf, /etc/openldap/ldap.conf, /etc/nsswitch.com
and /etc/pam.d/system-auth files
----
>
> I obviously would not change /etc/pam.d/system-auth manually, I would
> use 'authconfig' to make any changes. I already turned off WINBIND
> and that did nothing to fix it. Unless something has to be restarted,
> (other than ldap, sshd) then this wasn't the cause.
----
winbindd would only slow things up - especially if improperly
configured.
also, it's a good idea to make sure nscd is stopped - at the very least,
stopped until everything is working properly.
----
>
> The /etc/ldap.conf is configured properly, on all machines, which is
> why I assume the user is able to log into the other 9 servers.
>
> These are CentOS 4.5 servers, so they are running openldap-2.2.13-7.4E
>
> Running 'getend passwd' (didn't know that command, thanks for that
> one) shows the user, so I assume the password is correctly setup
> (kinda already knew that since he can log into all other machines)
----
getent passwd
getent group
very important on systems with system users in /etc/passwd and network
users in ldap since it gives you the hybrid.
very important also to not have a user in both /etc/passwd and ldap as
that would surely cause confusion
----
>
> I will keep trying, and will read through the documentation.
----
good luck
--
Craig White <craig at tobyhouse.com>
More information about the CentOS
mailing list