[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pam_ldap error



Are you running linux? If so, which distribution. I run RedHat 9, so when I want LDAP authentication, I run authconfig, and that sets the correct parameters in /etc/pam.d/sysauth (You do have to edit it after though), then you restart sshd and things work. If you want TLS, you have to put the client certificate path in /usr/local/etc/openldap/ldap.conf or /etc/ldap.conf. Does regular login work with ldap, console login, or telnet?

Csillag Tamás wrote:
Hi,

On Mon, Dec 01, 2003 at 02:24:16PM -0500, Asif Iqbal wrote:
  
On Mon, 1 Dec 2003, Jeff Gamsby wrote:

    
 Does ldapsearch -x work? If on Linux, how about getent passwd?
      
ldapsearch -x works just fine. genent passwd works fine too
    
pam_ldap is independent from getent passwd (it uses libnss_ldap)
and it's config file is: /etc/nsswitch.conf and /etc/{.,ldap}/ldap.conf
(the second is debian specific I think)
(But it is good to test wheather your database is available)

pam_ldap's config file is: /etc/pam_ldap.conf

If the problem is not the pam_ldap.conf file, you can try to debug it
in the following way:
tcpdump
or
(backup first!!) cp /etc/pam.d/ssh /etc/pam.d/su
strace su someuser (do this as root but remove, rootok pam module from
the list, so it will ask for password)

  
Asif Iqbal wrote:

      
Hi All

I am trying to ssh auth against the ldap server using pam_ldap and getting the
following error

Dec  1 13:03:44 scrub sshd[11979]: [ID 280705 auth.error] pam_ldap:
ldap_simple_bind Can't contact LDAP server
Dec  1 13:03:44 scrub sshd[11977]: [ID 800047 auth.error] error: PAM: Can not
retrieve authentication info

sshd auth --> pam_ldap.so (in pam.conf)

Thanks