LDAP trouble: login on server OK, remote fails
Hi,
I have an LDAP problem. First to sketch the situation: * The LDAP server is a Gentoo machine (recently updated, so should not be the problem). * LDAP contains all account info for the users: passwd, login shell, ... and some Samba stuff (NTLM passwd hash etc.) * The server is configured to allow both unix (/etc/passwd) and LDAP users to login. * I checked this using "su - some-user" from a non-root account. su asks the password and authenticates me. * My computer is also a Gentoo box, running inside a VMWare workstation, but that should be totally transparent * Networking, DNS, and all that stuff works * LDAP is contacted over (preferably) a (self-signed) SSL connection; but I tried a non-encrypted LDAP also * I want to allow unix and LDAP logins. Ok, now the problems: * I think I set up all ldap-config files to (almost) the same values as the server (I changed the address, since unix-sockets won't do when working remote). These files include PAM settings * on the server I can get a list of users with "getent passwd"; get the groups with "getent group". When I try to retrieve the shadow passwords (as root) with "getent shadow", it gives "x"-es instead of the desired hashed. This is not a problem, but it might add to the situation * on the client machine, identical behavior: passwd and group works fine, shadow doesn't. * the real problem: I can't log in on the client I think the problem is the client, since when I sniff the traffic I don't see it trying to bind with the supplied username (it does search for it, and results are send back). any ideas what might be wrong? or where I can get more info? if you need any of my files, ask and I'll post them! (just too lazy to do it now ) PS: this message is also posted at http://forums.gentoo.org/viewtopic.php?t=166761 |
well if you think it is the client test the server by install a more complete client distro like suse or mandrake which can be configured on install to authenticate with ldap.
this way you rule out any server errors and have a working client to test. |
the server works... ( i think ) :
I can get my LDAP users with "getent passwd" just fine. The problem is loging in... So I think it must be a PAM or ldap.conf problem of some kind... Also when I sniff the network: every request made by the client is replied as I think it should; he just doesn't request the right things |
All times are GMT -5. The time now is 03:22 PM. |