I have not added any IP rules or firewalls for the clients. There is nothing in my system that would restrict an IP. I am sure that the ldap query is not blocked, because in that case 'ldapsearch' or 'getent passwd' would not have shown me the ldap users. What is the selinux difference that I need to check, is there any config files for that?

The /var/log/secure shows authentication failed for invalid user error when I try to ssh using the ldap users. There is no other errors in the logs.

On Fri, Nov 1, 2013 at 9:42 PM, Todd Lyons <tlyons@ivenue.com> wrote:
Look for selinux differences between the machines.

Make sure that something about your query isn't limiting logins to
specific IP addresses (and your non-working client is outside of that
IP address list).

Any errors in /var/log/secure or wherever complaints woudl be getting logged?


On Fri, Nov 1, 2013 at 7:00 AM, slacker lnx <lslacker2000@gmail.com> wrote:
> Hi
> I am using LDAP for authenticating users. I have some Fedora 8 servers which
> are setup as ldap clients. When I create users in LDAP it shows up on all
> clients. I can do an 'ldapsearch' or 'getent passwd' and all the clients
> shows up the ldap users. But on one of the client, I am unable to login
> (through ssh) using the ldap userids. When I login as root and try to switch
> user I get a message 'user does not exist' (getent passwd and ldapsearch
> shows the user). On all other clients it works fine. I compared the config
> files in /etc/pam.d/ and /etc/nsswitch.conf but I don't see any difference.
> What else can I check, which other config files do I need to look at? I had
> followed the same steps while configuring all ldap clients.
> Please help
> Thanks

The total budget at all receivers for solving senders' problems is $0.
 If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine