7 a.m.
Hi
I am using LDAP for authenticating users. I have some Fedora 8 servers
which are setup as ldap clients. When I create users in LDAP it shows up on
all clients. I can do an 'ldapsearch' or 'getent passwd' and all the
clients shows up the ldap users. But on one of the client, I am unable to
login (through ssh) using the ldap userids. When I login as root and try to
switch user I get a message 'user does not exist' (getent passwd and
ldapsearch shows the user). On all other clients it works fine. I compared
the config files in /etc/pam.d/ and /etc/nsswitch.conf but I don't see any
difference.
What else can I check, which other config files do I need to look at? I had
followed the same steps while configuring all ldap clients.
Please help
Thanks
9:12 a.m.
Look for selinux differences between the machines.
Make sure that something about your query isn't limiting logins to
specific IP addresses (and your non-working client is outside of that
IP address list).
Any errors in /var/log/secure or wherever complaints woudl be getting logged?
...Todd
On Fri, Nov 1, 2013 at 7:00 AM, slacker lnx <lslacker2000(a)gmail.com> wrote:
Hi
I am using LDAP for authenticating users. I have some Fedora 8 servers which
are setup as ldap clients. When I create users in LDAP it shows up on all
clients. I can do an 'ldapsearch' or 'getent passwd' and all the clients
shows up the ldap users. But on one of the client, I am unable to login
(through ssh) using the ldap userids. When I login as root and try to switch
user I get a message 'user does not exist' (getent passwd and ldapsearch
shows the user). On all other clients it works fine. I compared the config
files in /etc/pam.d/ and /etc/nsswitch.conf but I don't see any difference.
What else can I check, which other config files do I need to look at? I had
followed the same steps while configuring all ldap clients.
Please help
Thanks
--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine
12:08 p.m.
I have not added any IP rules or firewalls for the clients. There is
nothing in my system that would restrict an IP. I am sure that the ldap
query is not blocked, because in that case 'ldapsearch' or 'getent
passwd'
would not have shown me the ldap users. What is the selinux difference that
I need to check, is there any config files for that?
The /var/log/secure shows authentication failed for invalid user error when
I try to ssh using the ldap users. There is no other errors in the logs.
On Fri, Nov 1, 2013 at 9:42 PM, Todd Lyons <tlyons(a)ivenue.com> wrote:
Look for selinux differences between the machines.
Make sure that something about your query isn't limiting logins to
specific IP addresses (and your non-working client is outside of that
IP address list).
Any errors in /var/log/secure or wherever complaints woudl be getting
logged?
...Todd
On Fri, Nov 1, 2013 at 7:00 AM, slacker lnx <lslacker2000(a)gmail.com>
wrote:
> Hi
>
> I am using LDAP for authenticating users. I have some Fedora 8 servers
which
> are setup as ldap clients. When I create users in LDAP it shows up on all
> clients. I can do an 'ldapsearch' or 'getent passwd' and all the
clients
> shows up the ldap users. But on one of the client, I am unable to login
> (through ssh) using the ldap userids. When I login as root and try to
switch
> user I get a message 'user does not exist' (getent passwd and ldapsearch
> shows the user). On all other clients it works fine. I compared the
config
> files in /etc/pam.d/ and /etc/nsswitch.conf but I don't see any
difference.
>
> What else can I check, which other config files do I need to look at? I
had
> followed the same steps while configuring all ldap clients.
>
> Please help
>
> Thanks
--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine
10:36 p.m.
I solved this problem.
It was caused by nscd. I restarted the nscd daemon and everything was fine.
Thanks everyone.
On Sat, Nov 2, 2013 at 12:38 AM, slacker lnx <lslacker2000(a)gmail.com> wrote:
I have not added any IP rules or firewalls for the clients. There is
nothing in my system that would restrict an IP. I am sure that the ldap
query is not blocked, because in that case 'ldapsearch' or 'getent
passwd'
would not have shown me the ldap users. What is the selinux difference that
I need to check, is there any config files for that?
The /var/log/secure shows authentication failed for invalid user error
when I try to ssh using the ldap users. There is no other errors in the
logs.
On Fri, Nov 1, 2013 at 9:42 PM, Todd Lyons <tlyons(a)ivenue.com> wrote:
> Look for selinux differences between the machines.
>
> Make sure that something about your query isn't limiting logins to
> specific IP addresses (and your non-working client is outside of that
> IP address list).
>
> Any errors in /var/log/secure or wherever complaints woudl be getting
> logged?
>
> ...Todd
>
> On Fri, Nov 1, 2013 at 7:00 AM, slacker lnx <lslacker2000(a)gmail.com>
> wrote:
> > Hi
> >
> > I am using LDAP for authenticating users. I have some Fedora 8 servers
> which
> > are setup as ldap clients. When I create users in LDAP it shows up on
> all
> > clients. I can do an 'ldapsearch' or 'getent passwd' and all the
clients
> > shows up the ldap users. But on one of the client, I am unable to login
> > (through ssh) using the ldap userids. When I login as root and try to
> switch
> > user I get a message 'user does not exist' (getent passwd and
ldapsearch
> > shows the user). On all other clients it works fine. I compared the
> config
> > files in /etc/pam.d/ and /etc/nsswitch.conf but I don't see any
> difference.
> >
> > What else can I check, which other config files do I need to look at? I
> had
> > followed the same steps while configuring all ldap clients.
> >
> > Please help
> >
> > Thanks
>
>
>
> --
> The total budget at all receivers for solving senders' problems is $0.
> If you want them to accept your mail and manage it the way you want,
> send it the way the spec says to. --John Levine
>
1:43 p.m.
On Fri, 2013-11-01 at 19:30 +0530, slacker lnx wrote:
But on one of the client, I am unable to login (through ssh) using
the
ldap userids. When I login as root and try to switch user I get a
message 'user does not exist' (getent passwd and ldapsearch shows the
user).
One thing that could affect this is whether 'getent shadow' also shows
the user information. If 'getent passwd' show x as a password hash and
no shadow entry is present pam_unix will block logins.
What else can I check, which other config files do I need to look at?
Any information from the logs as to which PAM module blocks the login
would be helpful.
Another thing that could cause problems what LDAP data changes is nscd.
--
-- arthur - arthur(a)arthurdejong.org - http://arthurdejong.org/ --
3619
days inactive
3623
days old
openldap-technical@openldap.org
4 comments
3 participants
participants (3)
-
Arthur de Jong -
slacker lnx -
Todd Lyons