[ale] OpenLDAP: So close and yet so far

Jerald Sheets questy at gmail.com
Wed Jun 3 12:06:35 EDT 2009 

Also, to let pam know about ldap, look for a line like so:

auth        sufficient    pam_ldap.so use_first_pass

in /etc/pam.d/system-auth

Also, if you want to have home directories automagically made for first-time
logins, you need:

session     required      pam_mkhomedir.so

as well.


--j

On Wed, Jun 3, 2009 at 11:16 AM, Jim Kinney <jim.kinney at gmail.com> wrote:

> is the ldap stuff in pam? It looks like user authentication is failing
> inside of pam. pam _knows_ how it's being called and all the bits must
> line up. You will need nss_ldap for pam to work properly.
>
> Also, use TLS and set up the server cert (bogus is OK if manually
> approved and added on client). This will allow even winders clients to
> auth over ldap.
>
> On Wed, Jun 3, 2009 at 10:12 AM, Jeff Hubbs<jeffrey.hubbs at gmail.com>
> wrote:
> > I've gotten an OpenLDAP server running and an OpenLDAP client configured
> > (same machine for now, but other clients will follow once I finally get
> this
> > working) to the point where if I try to log in to the client, I get
> > "sshd[3069]: pam_ldap: error trying to bind as user
> > "uid=jeffldap,ou=Users,dc=clacorp,dc=com" (Invalid credentials)" in
> > /var/log/messages.  I don't get that message if I use some random
> > known-not-good username, but I do get it if I use the right username but
> a
> > bad password.  I can use the right password to run ldapsearch for myself
> *as
> > myself* and get a good result and ldapwhoami also works.  Where might I
> have
> > gone wrong?
> >
> > - Jeff
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> >
> >
>
>
>
> --
> --
> James P. Kinney III
> Actively in pursuit of Life, Liberty and Happiness
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>



-- 
---
Jerald M. Sheets jr.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20090603/a8cc8011/attachment.html

More information about the Ale mailing list