Have you run authconfig? I don't know much about pam except that it's used in RedHat when you configure LDAP user authentication. At least that's how it works on my system. I use LDAP as a passdb backend for a Samba PDC, and to authenticate postfix and imap users. I do not use SASL, so I won't be much help. Good luck. Adam Denenberg wrote: redhat 8 is my OS. nsswitch.conf: passwd: files ldap shadow: files ldap group: files ldap here is some output, maybe you can shed some light. I do have openssh built with pam, but i am not using pam since I was hoping to just use nss libs and have the builtin nss libs query ldap using SASL which would in turn query RADIUS for authentication. Am i missing something? thanks adam [root@pgate1 root]# finger adenenberg Login: adenenberg Name: Adam Denenberg Directory: /home/adenenberg Shell: /bin/bash Last login Thu Dec 4 22:19 (EST) on pts/4 from nagate2.ops.domain.com No mail. No Plan. [root@pgate1 root]# su - adenenberg You are required to change your password immediately (root enforced) su: incorrect password [root@pgate1 root]# On Fri, 2003-12-05 at 14:22, Jeff Gamsby wrote:What OS are you running? What does your nsswitch.conf look like? I had a similar problem, and it was because on the new Openssh builds, you have to turn on PAM=yes in sshd_config. Is it only ssh logins that are giving you problems? Can you "su" to the ldap users? Just some ideas, hopefully this helps. Jeff Gamsby Adam Denenberg wrote:Hello, i have openldap using tls running and nss_ldap libs successfully installed. I can do a finger username and get all the info back so i know nss_ldap and openldap can communicate fine. However when i try to ssh in, i get the following error (from a tcpdump). Invalid LDAP message (Cant't parse sequence header: Wrong type for that item). Can anybody shed some light here? thanks adam here is my slapd logfile output.. Dec 6 02:13:04 pgate1 slapd[20498]: conn=18 fd=12 ACCEPT from IP=10.35.2.250:33501 (IP=0.0.0.0:389) Dec 6 02:13:04 pgate1 slapd[20505]: conn=18 op=1 BIND dn="" method=128 Dec 6 02:13:04 pgate1 slapd[20505]: conn=18 op=1 RESULT tag=97 err=0 text= Dec 6 02:13:04 pgate1 slapd[20500]: conn=18 op=2 SRCH base="dc=thepirtgroup,dc=com" scope=2 filter="(&(objectClass=posixAccount)(uid=adenenberg))" Dec 6 02:13:04 pgate1 slapd[20500]: conn=18 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Dec 6 02:13:04 pgate1 slapd[20500]: <= bdb_equality_candidates: (uid) index_param failed (18) Dec 6 02:13:04 pgate1 slapd[20500]: conn=18 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 6 02:13:04 pgate1 slapd[20505]: conn=18 op=3 SRCH base="dc=thepirtgroup,dc=com" scope=2 filter="(uid=adenenberg)" Dec 6 02:13:04 pgate1 slapd[20505]: <= bdb_equality_candidates: (uid) index_param failed (18) Dec 6 02:13:04 pgate1 slapd[20505]: conn=18 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 6 02:13:04 pgate1 slapd[20500]: conn=18 op=4 SRCH base="dc=thepirtgroup,dc=com" scope=2 filter="(&(objectClass=posixGroup)(|(memberUid=adenenberg)(uniqueMember=uid=adenenberg,ou=datacenter,o=pirt,dc=thepirtgroup,dc=com)))" Dec 6 02:13:04 pgate1 slapd[20500]: conn=18 op=4 SRCH attr=cn userPassword memberUid uniqueMember gidNumber Dec 6 02:13:04 pgate1 slapd[20500]: <= bdb_equality_candidates: (memberUid) index_param failed (18) Dec 6 02:13:04 pgate1 slapd[20500]: <= bdb_equality_candidates: (uniqueMember) index_param failed (18) Dec 6 02:13:04 pgate1 slapd[20500]: conn=18 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text= Dec 6 02:13:04 pgate1 slapd[20498]: conn=19 fd=14 ACCEPT from IP=10.35.2.250:33502 (IP=0.0.0.0:389) Dec 6 02:13:04 pgate1 slapd[20500]: conn=19 op=1 BIND dn="" method=128 Dec 6 02:13:04 pgate1 slapd[20500]: conn=19 op=1 RESULT tag=97 err=0 text= Dec 6 02:13:04 pgate1 slapd[20498]: deferring operation Dec 6 02:13:04 pgate1 slapd[20505]: conn=19 op=2 SRCH base="dc=thepirtgroup,dc=com" scope=2 filter="(&(objectClass=posixAccount)(uid=adenenberg))" Dec 6 02:13:04 pgate1 slapd[20505]: conn=19 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Dec 6 02:13:04 pgate1 slapd[20505]: <= bdb_equality_candidates: (uid) index_param failed (18) Dec 6 02:13:04 pgate1 slapd[20505]: conn=19 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 6 02:13:04 pgate1 slapd[20500]: conn=19 op=3 SRCH base="dc=thepirtgroup,dc=com" scope=2 filter="(&(objectClass=shadowAccount)(uid=adenenberg))" Dec 6 02:13:04 pgate1 slapd[20500]: conn=19 op=3 SRCH attr=uid userPassword shadowLastChange shadowMax shadowMin shadowWarning shadowInactive shadowExpire Dec 6 02:13:04 pgate1 slapd[20500]: <= bdb_equality_candidates: (uid) index_param failed (18) Dec 6 02:13:04 pgate1 slapd[20500]: conn=19 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 6 02:13:04 pgate1 slapd[20498]: conn=19 fd=14 closed Dec 6 02:13:05 pgate1 slapd[20505]: conn=18 op=5 SRCH base="dc=thepirtgroup,dc=com" scope=2 filter="(&(objectClass=shadowAccount)(uid=adenenberg))" Dec 6 02:13:05 pgate1 slapd[20505]: conn=18 op=5 SRCH attr=uid userPassword shadowLastChange shadowMax shadowMin shadowWarning shadowInactive shadowExpire Dec 6 02:13:05 pgate1 slapd[20505]: <= bdb_equality_candidates: (uid) index_param failed (18) Dec 6 02:13:05 pgate1 slapd[20505]: conn=18 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text= |