Message: 11 Date: Tue, 25 May 2010 16:16:45 -0500 From: Andy Akins <andy at egovtn.org> Subject: [CentOS] Having trouble with LDAP Authentication... To: CentOS mailing list <centos at centos.org> Message-ID: <C821A86D.754B%andy at egovtn.org> Content-Type: text/plain; charset="iso-8859-1" I?ve google and searched, and have had very little luck... I have: 1. Installed all the packages. 2. Configured and have running OpenLDAP. 3. Migrated my passwd/shadow/group/hosts files into the directory 4. Tested the directory using ldapsearch 5. Installed LAM (web interface to LDAP authentication) 6. Added a user using LAM. 7. Confirmed user is in directory. 8. Confirmed user is not in /etc/passwd 9. Confirmed using ?getent passwd | grep username? that the user is listed. 10. Confirmed using ?getent passwd? shows two records for each user except ldap-only users (one for /etc/passwd, one for LDAP). However, ?id username? Returns unknown user <snip> Assuming you have set up both server and client, I would try the following: 1) Don't use nscd until you can confirm basic auth to the Ldap server is working. 2) Enable logging on the Ldap server. Afair, CentOS defaults to loglevel 0, which is no logs. Try something like loglevel 256. 3) Try to authenticate from a client while tailing the server logs. That should give you an idea of whether the client is even reaching the server, and if so what sort of error is occurring. Btw you didn't mention if you were doing Ldap over tls, but that adds another point of failure. See here for a step-by-step test procedure for ssl/tls: http://aput.net/~jheiss/krbldap/howto.html Cheers, -- Steve Glasser sgla9347 at gmail.com