I think not as well. The tactest user has been blown back out. I can re-add it from ldif again. [root at ldap home]# getent passwd | grep example [root at ldap home]# [root at ldap home]# cat /etc/nsswitch.conf | grep -v \# passwd: files ldap shadow: files ldap group: files ldap hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: nisplus publickey: nisplus automount: files nisplus aliases: files nisplus [root at ldap home]# cat /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session optional pam_mkhomedir.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so [root at ldap home]# cat /etc/ldap.conf | grep -v \# BASE dc=tncionline, dc=net URI ldap://127.0.0.1 port 389 SIZELIMIT 12 TIMELIMIT 15 DEREF never timelimit 600 bind_timelimit 600 bind_policy soft idle_timelimit 3600 nss_initgroups_ignoreusers pserwe,dgates,root,ldap,named,avahi,haldaemon,dbus base dc=tncionline, dc=net pam_password md5 Peter On Wed, Dec 16, 2009 at 12:24 PM, Craig White <craigwhite at azapple.com>wrote: > On Wed, 2009-12-16 at 12:07 -0800, Peter Serwe wrote: > > Found an ldif user recipe for CentOS5.2.. > > > > Added the user "tactest" with the password "tactest". > > > > Dec 16 12:05:30 ldap sshd[11705]pam_unix(sshd:auth): check pass; user > > unknown > > Dec 16 12:05:30 ldap sshd[11705]: pam_unix(sshd:auth): authentication > > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ldap > > Dec 16 12:05:30 ldap sshd[11705]: pam_succeed_if(sshd:auth): error > > retrieving information about user tactest > > > > auth still fails. > ---- > before you get into authorizations... > > does the user show? I think not... > > getent passwd |grep tactest > > if that's the case, and you want help from the list... > > what is in files... > /etc/nsswitch.com > /etc/pam.d/system-auth > /etc/ldap.conf > > Craig > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Peter Serwe http://truthlightway.blogspot.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20091216/2b43b0ec/attachment-0005.html>