I have an LDAP problem. First to sketch the situation:
* The LDAP server is a Gentoo machine (recently updated, so should not be the problem).
* LDAP contains all account info for the users: passwd, login shell, ... and some Samba stuff (NTLM passwd hash etc.)
* The server is configured to allow both unix (/etc/passwd) and LDAP users to login.
* I checked this using "su - some-user" from a non-root account. su asks the password and authenticates me.
* My computer is also a Gentoo box, running inside a VMWare workstation, but that should be totally transparent
* Networking, DNS, and all that stuff works
* LDAP is contacted over (preferably) a (self-signed) SSL connection; but I tried a non-encrypted LDAP also
* I want to allow unix and LDAP logins.
Ok, now the problems:
* I think I set up all ldap-config files to (almost) the same values as the server (I changed the address, since unix-sockets won't do when working remote). These files include PAM settings
* on the server I can get a list of users with "getent passwd"; get the groups with "getent group". When I try to retrieve the shadow passwords (as root) with "getent shadow", it gives "x"-es instead of the desired hashed. This is not a problem, but it might add to the situation
* on the client machine, identical behavior: passwd and group works fine, shadow doesn't.
* the real problem: I can't log in on the client
I think the problem is the client, since when I sniff the traffic I don't see it trying to bind with the supplied username (it does search for it, and results are send back).
any ideas what might be wrong? or where I can get more info?
if you need any of my files, ask and I'll post them! (just too lazy to do it now )
PS: this message is also posted at http://forums.gentoo.org/viewtopic.php?t=166761