Also, to let pam know about ldap, look for a line like so:<br><br>auth sufficient pam_ldap.so use_first_pass<br><br>in /etc/pam.d/system-auth<br><br>Also, if you want to have home directories automagically made for first-time logins, you need:<br>
<br>session required pam_mkhomedir.so<br><br>as well.<br><br><br>--j<br><br><div class="gmail_quote">On Wed, Jun 3, 2009 at 11:16 AM, Jim Kinney <span dir="ltr"><<a href="mailto:jim.kinney@gmail.com">jim.kinney@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">is the ldap stuff in pam? It looks like user authentication is failing<br>
inside of pam. pam _knows_ how it's being called and all the bits must<br>
line up. You will need nss_ldap for pam to work properly.<br>
<br>
Also, use TLS and set up the server cert (bogus is OK if manually<br>
approved and added on client). This will allow even winders clients to<br>
auth over ldap.<br>
<div><div></div><div class="h5"><br>
On Wed, Jun 3, 2009 at 10:12 AM, Jeff Hubbs<<a href="mailto:jeffrey.hubbs@gmail.com">jeffrey.hubbs@gmail.com</a>> wrote:<br>
> I've gotten an OpenLDAP server running and an OpenLDAP client configured<br>
> (same machine for now, but other clients will follow once I finally get this<br>
> working) to the point where if I try to log in to the client, I get<br>
> "sshd[3069]: pam_ldap: error trying to bind as user<br>
> "uid=jeffldap,ou=Users,dc=clacorp,dc=com" (Invalid credentials)" in<br>
> /var/log/messages. I don't get that message if I use some random<br>
> known-not-good username, but I do get it if I use the right username but a<br>
> bad password. I can use the right password to run ldapsearch for myself *as<br>
> myself* and get a good result and ldapwhoami also works. Where might I have<br>
> gone wrong?<br>
><br>
> - Jeff<br>
><br>
</div></div><div class="im">> _______________________________________________<br>
> Ale mailing list<br>
> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
><br>
><br>
<br>
<br>
<br>
</div>--<br>
<font color="#888888">--<br>
James P. Kinney III<br>
Actively in pursuit of Life, Liberty and Happiness<br>
</font><div><div></div><div class="h5"><br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>---<br>Jerald M. Sheets jr.<br><br>