Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 04-29-2004, 05:02 AM   #1
Registered: Feb 2004
Location: 50N 3E
Distribution: Gentoo
Posts: 64

Rep: Reputation: 15
LDAP trouble: login on server OK, remote fails


I have an LDAP problem. First to sketch the situation:

* The LDAP server is a Gentoo machine (recently updated, so should not be the problem).
* LDAP contains all account info for the users: passwd, login shell, ... and some Samba stuff (NTLM passwd hash etc.)
* The server is configured to allow both unix (/etc/passwd) and LDAP users to login.
* I checked this using "su - some-user" from a non-root account. su asks the password and authenticates me.
* My computer is also a Gentoo box, running inside a VMWare workstation, but that should be totally transparent
* Networking, DNS, and all that stuff works
* LDAP is contacted over (preferably) a (self-signed) SSL connection; but I tried a non-encrypted LDAP also
* I want to allow unix and LDAP logins.

Ok, now the problems:

* I think I set up all ldap-config files to (almost) the same values as the server (I changed the address, since unix-sockets won't do when working remote). These files include PAM settings
* on the server I can get a list of users with "getent passwd"; get the groups with "getent group". When I try to retrieve the shadow passwords (as root) with "getent shadow", it gives "x"-es instead of the desired hashed. This is not a problem, but it might add to the situation
* on the client machine, identical behavior: passwd and group works fine, shadow doesn't.
* the real problem: I can't log in on the client

I think the problem is the client, since when I sniff the traffic I don't see it trying to bind with the supplied username (it does search for it, and results are send back).

any ideas what might be wrong? or where I can get more info?

if you need any of my files, ask and I'll post them! (just too lazy to do it now )

PS: this message is also posted at
Old 04-29-2004, 07:07 AM   #2
Registered: Dec 2003
Location: Australia
Distribution: Mandrake 9.2
Posts: 151

Rep: Reputation: 30
well if you think it is the client test the server by install a more complete client distro like suse or mandrake which can be configured on install to authenticate with ldap.

this way you rule out any server errors and have a working client to test.
Old 04-29-2004, 07:47 AM   #3
Registered: Feb 2004
Location: 50N 3E
Distribution: Gentoo
Posts: 64

Original Poster
Rep: Reputation: 15
the server works... ( i think ) :
I can get my LDAP users with "getent passwd" just fine.
The problem is loging in... So I think it must be a PAM or ldap.conf problem of some kind...

Also when I sniff the network: every request made by the client is replied as I think it should; he just doesn't request the right things


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LDAP: Can't contact master ldap server rulirahm Linux - Networking 2 07-14-2014 03:02 AM
LDAP server not starting as user LDAP klnasveschuk Fedora 1 02-15-2007 05:49 AM
remote login to windows server Darkfalz Linux - Networking 1 09-22-2005 09:10 AM
Login fails - being taken back to login screen donhare Mandriva 3 11-11-2004 05:53 PM
Remote login to an intranet server behind firewall? J_Szucs Linux - Newbie 3 07-20-2002 12:49 PM

All times are GMT -5. The time now is 04:56 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration