Hi All,

I've been trying to get authentication via ldap working on my home machine so that I can eventually migrate a computer science lab to handle authentication and automounts. So far I haven't had any problem getting slapd to work and populating the database and performing queries. I used the PADL migration tools to import group and passwd information, and I've browsed the database using ldapsearch, ldap-account-manager and luma, everything seems to be intact.

For testing I added a user "tony" to the ldap db, and no such user exists on the local machine. I've read a lot of links on ldap authentication and have setup the pam and nss conf files to handle this. I'm at the point where if I'm logged in as root, I can "su tony" and it works; my prompt reflects the user tony and there's a /home/tony directory created for the ldap account. Also, "getent passwd tony" shows up the ldap passwd entry, whether I'm logged in as root or not.

However, if I'm logged in with my own non-root account and try to login as tony, I get this:

----------
scott@benito:~$ su tony
Password:
su: Authentication failure
scott@benito:~$
----------

What's going on? I'm not doing any sort of encryption that I'm aware of, I'm trying to keep things as simple as possible just to get this thing off the ground. (Although, in the CS lab I'm likely to ramp up this aspect.)

Is there some way to verify the legitimacy of the "tony" password? Can anybody please give me list of things to check? I'm eager to get this working!

Oh, for what it's worth I'm running debian "lenny" with a 2.6.22 kernel.

Thanks very much!

Hi, are you trying to su from same machine where is ldap server or from some another machie over the net. I mean do you log as regular user on some machine and then on that machine do : su tony... if this is case take you should set up files related to ldap authentation ....and pam ,,, nice pam

With regards,
Link : http://www.debian-administration.org/articles/585

sarajevo, I have spent way too much time reading links regarding ldap authentication, but the one you provided is hands down the best one I've seen so far!

To answer your question, I've been testing with my ldap server and client on the same machine. I walked through the steps on the site you referenced (changing parameters to match my database) and now it's working! I tried to reproduce the failure by restoring my previous pam common-* files, but it works with the previous versions as well, so I'm afraid at this point I don't know what the problem was.

However, I was using libnss-ldapd and the website indicated using libnss-ldap instead. I purged libnss-ldapd (which removed slapd), then installed libnss-ldap and reinstalled slapd. So perhaps the fix is buried somewhere in the configuration of these two packages... At any rate, thanks a million for the response!