Hi
I am using LDAP for authenticating users. I have some Fedora 8 servers which are setup as ldap clients. When I create users in LDAP it shows up on all clients. I can do an 'ldapsearch' or 'getent passwd' and all the clients shows up the ldap users. But on one of the client, I am unable to login (through ssh) using the ldap userids. When I login as root and try to switch user I get a message 'user does not exist' (getent passwd and ldapsearch shows the user). On all other clients it works fine. I compared the config files in /etc/pam.d/ and /etc/nsswitch.conf but I don't see any difference.
What else can I check, which other config files do I need to look at? I had followed the same steps while configuring all ldap clients.
Please help
Thanks
Look for selinux differences between the machines.
Make sure that something about your query isn't limiting logins to specific IP addresses (and your non-working client is outside of that IP address list).
Any errors in /var/log/secure or wherever complaints woudl be getting logged?
...Todd
On Fri, Nov 1, 2013 at 7:00 AM, slacker lnx lslacker2000@gmail.com wrote:
Hi
I am using LDAP for authenticating users. I have some Fedora 8 servers which are setup as ldap clients. When I create users in LDAP it shows up on all clients. I can do an 'ldapsearch' or 'getent passwd' and all the clients shows up the ldap users. But on one of the client, I am unable to login (through ssh) using the ldap userids. When I login as root and try to switch user I get a message 'user does not exist' (getent passwd and ldapsearch shows the user). On all other clients it works fine. I compared the config files in /etc/pam.d/ and /etc/nsswitch.conf but I don't see any difference.
What else can I check, which other config files do I need to look at? I had followed the same steps while configuring all ldap clients.
Please help
Thanks
I have not added any IP rules or firewalls for the clients. There is nothing in my system that would restrict an IP. I am sure that the ldap query is not blocked, because in that case 'ldapsearch' or 'getent passwd' would not have shown me the ldap users. What is the selinux difference that I need to check, is there any config files for that?
The /var/log/secure shows authentication failed for invalid user error when I try to ssh using the ldap users. There is no other errors in the logs.
On Fri, Nov 1, 2013 at 9:42 PM, Todd Lyons tlyons@ivenue.com wrote:
Look for selinux differences between the machines.
Make sure that something about your query isn't limiting logins to specific IP addresses (and your non-working client is outside of that IP address list).
Any errors in /var/log/secure or wherever complaints woudl be getting logged?
...Todd
On Fri, Nov 1, 2013 at 7:00 AM, slacker lnx lslacker2000@gmail.com wrote:
Hi
I am using LDAP for authenticating users. I have some Fedora 8 servers
which
are setup as ldap clients. When I create users in LDAP it shows up on all clients. I can do an 'ldapsearch' or 'getent passwd' and all the clients shows up the ldap users. But on one of the client, I am unable to login (through ssh) using the ldap userids. When I login as root and try to
switch
user I get a message 'user does not exist' (getent passwd and ldapsearch shows the user). On all other clients it works fine. I compared the
config
files in /etc/pam.d/ and /etc/nsswitch.conf but I don't see any
difference.
What else can I check, which other config files do I need to look at? I
had
followed the same steps while configuring all ldap clients.
Please help
Thanks
-- The total budget at all receivers for solving senders' problems is $0. If you want them to accept your mail and manage it the way you want, send it the way the spec says to. --John Levine
I solved this problem.
It was caused by nscd. I restarted the nscd daemon and everything was fine.
Thanks everyone.
On Sat, Nov 2, 2013 at 12:38 AM, slacker lnx lslacker2000@gmail.com wrote:
I have not added any IP rules or firewalls for the clients. There is nothing in my system that would restrict an IP. I am sure that the ldap query is not blocked, because in that case 'ldapsearch' or 'getent passwd' would not have shown me the ldap users. What is the selinux difference that I need to check, is there any config files for that?
The /var/log/secure shows authentication failed for invalid user error when I try to ssh using the ldap users. There is no other errors in the logs.
On Fri, Nov 1, 2013 at 9:42 PM, Todd Lyons tlyons@ivenue.com wrote:
Look for selinux differences between the machines.
Make sure that something about your query isn't limiting logins to specific IP addresses (and your non-working client is outside of that IP address list).
Any errors in /var/log/secure or wherever complaints woudl be getting logged?
...Todd
On Fri, Nov 1, 2013 at 7:00 AM, slacker lnx lslacker2000@gmail.com wrote:
Hi
I am using LDAP for authenticating users. I have some Fedora 8 servers
which
are setup as ldap clients. When I create users in LDAP it shows up on
all
clients. I can do an 'ldapsearch' or 'getent passwd' and all the clients shows up the ldap users. But on one of the client, I am unable to login (through ssh) using the ldap userids. When I login as root and try to
switch
user I get a message 'user does not exist' (getent passwd and ldapsearch shows the user). On all other clients it works fine. I compared the
config
files in /etc/pam.d/ and /etc/nsswitch.conf but I don't see any
difference.
What else can I check, which other config files do I need to look at? I
had
followed the same steps while configuring all ldap clients.
Please help
Thanks
-- The total budget at all receivers for solving senders' problems is $0. If you want them to accept your mail and manage it the way you want, send it the way the spec says to. --John Levine
On Fri, 2013-11-01 at 19:30 +0530, slacker lnx wrote:
But on one of the client, I am unable to login (through ssh) using the ldap userids. When I login as root and try to switch user I get a message 'user does not exist' (getent passwd and ldapsearch shows the user).
One thing that could affect this is whether 'getent shadow' also shows the user information. If 'getent passwd' show x as a password hash and no shadow entry is present pam_unix will block logins.
What else can I check, which other config files do I need to look at?
Any information from the logs as to which PAM module blocks the login would be helpful.
Another thing that could cause problems what LDAP data changes is nscd.
openldap-technical@openldap.org
-
Arthur de Jong -
slacker lnx -
Todd Lyons