[Date Prev][Date Next] [Chronological] [Thread] [Top]

linux-authentication via openldap



Hi there,

I have a BIG BIG BIG problem. I have a workstation and a server at home
- actually I have a couple of workstations, but that is of less concern
to me at the moment - both running RedHat Linux 7.2 on my server
Isuccesfully set up openldap and created a structure for holding
accountinformationen. It looks like this:


           dc=net
              |
        dc=blaue-elise
              |
          ou=Account
              |
    +---------+---------+
    |         |         |
 ou=User  ou=Group   ou=Aliases

I have a couple of groups and users and of course aliases in this
structure and I can change there passwords via ldappasswd. Then I set up
my workstation (the one I'm writing this mail from) to use ldap for
authentification AFTER looking in files like this:

/etc/nsswitch.conf
 passwd:     files ldap
 shadow:     files ldap
 group:      files ldap

I created the /etcldap.conf and it looks like this:
 host ldap.blaue-elise.net
 base dc=blaue-elise,dc=net
 binddn cn=proxyuser,dc=blaue-elise,dc=net
 bindpw secret
 pam_groupdn cn=PAM,ou=Group,ou=Account,dc=blaue-elise,dc=net
 pam_member_attribute uniquemember
 pam_password md5
 nss_base_passwd         ou=User,ou=Account,dc=blaue-elise,dc=net?one
 nss_base_shadow         ou=User,ou=Account,dc=blaue-elise,dc=net?one
 nss_base_group          ou=Group,ou=Account,dc=blaue-elise,dc=net?one
 nss_base_aliases        ou=Aliases,ou=Account,dc=blaue-elise,dc=net?one
 ssl start_tls

Now, whenever I try to do su on my workstation, or use a virtuel console
to log in, I get errors: su says I typed in the wrong password and when
trying to log in as a testuser (which I created on my ldap before) I can
see "syntax error" for a millisecond then the login-screen reappears. 

Can anyone help me with this??? I can't log out my current user from the
Xsession, because I'm afraid I won't be able to log in again.

Why does my system look for user-authentification only in ldap and not
first in files - I mean it schould find root there - and then in ldap???


PLEEEEASE help me,

        chris

        madram@wtal.de