Found an ldif user recipe for CentOS5.2.. Added the user "tactest" with the password "tactest". Dec 16 12:05:30 ldap sshd[11705]pam_unix(sshd:auth): check pass; user unknown Dec 16 12:05:30 ldap sshd[11705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ldap Dec 16 12:05:30 ldap sshd[11705]: pam_succeed_if(sshd:auth): error retrieving information about user tactest auth still fails. Peter On Wed, Dec 16, 2009 at 11:49 AM, Peter Serwe <peter.serwe at gmail.com> wrote: > I was going to say no TLS on either side. > > Specifically because I wanted to make sure that I was doing it with basic > auth prior to using tls, but I found TLS lines in the /etc/ldap.conf. > > I commented those out, and guess what, no more nss_ldap messages in > /var/log/messages.. > > Now, I'm somewhat guessing that my directory doesn't have the right > information in it. Maybe I just need an ldif recipe for adding the users. > > Peter > > > On Wed, Dec 16, 2009 at 11:33 AM, <m.roth at 5-cent.us> wrote: > >> >> First question: do you have tls enabled on the client, and not the server, >> or vice versa? >> >> Second question: on the server, can you do a search? >> >> Handy tool: webmin has a whole ldap section, and can give you a *lot* of >> clues as to what's going wrong. >> >> mark >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > > > > -- > Peter Serwe > http://truthlightway.blogspot.com/ > -- Peter Serwe http://truthlightway.blogspot.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20091216/f6ad3cca/attachment-0005.html>