[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Configuring login via ldap
- To: openldap-software@OpenLDAP.org
- Subject: Configuring login via ldap
- From: Tony Hoyle <tmh@nothing-on.tv>
- Date: Wed, 12 Sep 2001 16:33:46 +0100
- Organization: Magenta netLogic
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2+) Gecko/20010802
I have configured a server to serve users via ldap, and it runs fine
running sambaTNG off it. I've tried to add the password lists to it and
failed to get it working properly.
It's taken me a couple of days to get this far... I still don't
understand much but it seems to be mostly OK, I'm just missing some
piece of magic I can't find anywhere on the HOWTOs etc.
I have a machine running pam_ldap and libnss_ldap which has no users on
it except root. libnss_ldap seems to be working (all the owners of the
files on 'ls -l' come up OK), but pam_ldap doesn't.
The only errors in the log are:
Sep 12 10:47:28 spock login[789]: pam_ldap: error trying to bind
(Invalid credentials)
Sep 12 10:47:28 spock PAM_unix[789]: check pass; user unknown
Sep 12 10:47:28 spock PAM_unix[789]: authentication failure; tmh(uid=0)
-> tmh for login service
However it must be configured mostly right because:
# su tmh
$ whoami
tmh
(I haven't yet put pam_ldap onto anything except the login service so I
guess it must be using libnss_ldap here).
I can't work out what credentials it thinks are invalid. Since
libnss_ldap seems to be able to connect I must have most of the
configuration correct (their configuration files are nearly identical).
pam_ldap doesn't seem to write any detailed errors to syslog so it's a
bit hard to track down.
Versions (from debian unstable):
slapd 2.0.11-2
libpam-ldap 118-1
libnss-ldap 172-1
Tony
--
tmh@magenta-netlogic.com
tmh@nothing-on.tv http://www.nothing-on.tv