[Date Prev][Date Next] [Chronological] [Thread] [Top]

Configuring login via ldap



I have configured a server to serve users via ldap, and it runs fine running sambaTNG off it. I've tried to add the password lists to it and failed to get it working properly.

It's taken me a couple of days to get this far... I still don't understand much but it seems to be mostly OK, I'm just missing some piece of magic I can't find anywhere on the HOWTOs etc.

I have a machine running pam_ldap and libnss_ldap which has no users on it except root. libnss_ldap seems to be working (all the owners of the files on 'ls -l' come up OK), but pam_ldap doesn't.

The only errors in the log are:

Sep 12 10:47:28 spock login[789]: pam_ldap: error trying to bind (Invalid credentials)
Sep 12 10:47:28 spock PAM_unix[789]: check pass; user unknown
Sep 12 10:47:28 spock PAM_unix[789]: authentication failure; tmh(uid=0) -> tmh for login service


However it must be configured mostly right because:

# su tmh
$ whoami
tmh

(I haven't yet put pam_ldap onto anything except the login service so I guess it must be using libnss_ldap here).

I can't work out what credentials it thinks are invalid. Since libnss_ldap seems to be able to connect I must have most of the configuration correct (their configuration files are nearly identical). pam_ldap doesn't seem to write any detailed errors to syslog so it's a bit hard to track down.

Versions (from debian unstable):
slapd 2.0.11-2
libpam-ldap 118-1
libnss-ldap 172-1

Tony

--

tmh@magenta-netlogic.com
tmh@nothing-on.tv     http://www.nothing-on.tv