This may be silly, but can you "su" to the ldap user? If you can, then
you know it's an authentication problem. Change the password, see what
that does. I use {SSHA} for my passwords. Is crypt a default password
method? I think that I had to say --enable-crypt when I built openldap. Asif Iqbal wrote: I found the problem. I started as slapd -h ldap:/// ldaps:/// but port 636 was not open. I changed it and running as slapd -h ldaps:/// and now it does not complain about connection problem but now it says error: PAM: No account present for user I do have an account for the user. To check I searched for the user and found the user's password does not show {CRYPT} the ldif for userPassword was {CRYPT}IIGHcSnVKzrZA but when I search the user it shows userPassword:: e0NSWVBUfUlJR0hjU25WS3pyWkE= Any suggestion/explanation would be greatly appreciated On Mon, 1 Dec 2003, Csillag [iso-8859-2] Tam?s wrote:Hi, On Mon, Dec 01, 2003 at 02:24:16PM -0500, Asif Iqbal wrote:On Mon, 1 Dec 2003, Jeff Gamsby wrote:Does ldapsearch -x work? If on Linux, how about getent passwd?ldapsearch -x works just fine. genent passwd works fine toopam_ldap is independent from getent passwd (it uses libnss_ldap) and it's config file is: /etc/nsswitch.conf and /etc/{.,ldap}/ldap.conf (the second is debian specific I think) (But it is good to test wheather your database is available) pam_ldap's config file is: /etc/pam_ldap.conf If the problem is not the pam_ldap.conf file, you can try to debug it in the following way: tcpdump or (backup first!!) cp /etc/pam.d/ssh /etc/pam.d/su strace su someuser (do this as root but remove, rootok pam module from the list, so it will ask for password)Asif Iqbal wrote:Hi All I am trying to ssh auth against the ldap server using pam_ldap and getting the following error Dec 1 13:03:44 scrub sshd[11979]: [ID 280705 auth.error] pam_ldap: ldap_simple_bind Can't contact LDAP server Dec 1 13:03:44 scrub sshd[11977]: [ID 800047 auth.error] error: PAM: Can not retrieve authentication info sshd auth --> pam_ldap.so (in pam.conf) Thanks |