> not really, have you run system-config-authentication ? That also > configures pam & nss which are necessary items. Yes, I have and unfortunately when the 'ldap' tags are added to /etc/nsswitch.conf the system won't allow me to authenticate, su or sudo at all! > > If each user shows only once AND they are in /etc/passwd and LDAP, then > it would be a clear indication that the underlying system isn't > configured to find users/groups/passwords in LDAP at all. If each user > has been removed from /etc/passwd, then it may very well be working. I'm hesitant to remove users from /etc/passwd and rely on LDAP for authentication before I'm sure it is working. Can you not have the system attempt first to authenticate users via LDAP, then fall back to pam_unix if that doesn't work? > Configuring Webmin's LDAP Users and Groups is only possible when you > have configured the underlying system first, can actually do command > line add/remove/delete ldap users and can authenticate as an LDAP user > to various systems such as ssh. At that point, Webmin's configuration > becomes obvious. It is not reasonable to expect Webmin to supply the > understanding of LDAP that the administrator cannot accomplish without > Webmin. This is where I'm stuck. As soon as I try to turn on the system authentication by editing /etc/pam.d/system_auth and /etc/nsswitch.conf the system becomes unusable. Try to run "su -" and it just sits there and hangs. I know it's my own fault for not configuring it right, I just wish the available documentation gave some detailed examples. There is so much incorrect and incomplete information out there on the web that I'm not sure what to try.