Fedora Core 5 LDAP client authentication problem with Solaris 9 iPlanet LDAP Server
nmw at ion.le.ac.uk
Thu Jun 15 09:43:26 UTC 2006
> Hi Gordon,
> I tried your suggestion the results looks OK.
> [root at sspxz100 ~]# id s39427
> uid=111(s39427) gid=14(sysadmin) groups=14(sysadmin)
> [root at sspxz100 ~]# ls -l ~s39427
> total 0
> I saw the following error in /var/log/secure when the "permission denied" error is encountered.
> Jun 15 17:19:38 sspxz100 sshd: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ci-nb39427-6.sf.sp.edu.sg user=s39427
> Jun 15 17:19:40 sspxz100 sshd: Failed password for s39427 from 126.96.36.199 port 2029 ssh2
> Jun 15 09:19:40 sspxz100 sshd: Failed password for s39427 from 188.8.131.52 port 2029 ssh2
> No error is recorded in /var/log/messages
> I also try connecting to the LDAP server at port 389 and it is OK.
> [root at sspxz100 ~]# telnet 184.108.40.206 389
> Trying 220.127.116.11...
> Connected to sspsm040.sf.sp.edu.sg (18.104.22.168).
> Escape character is '^]'.
> Any other help will be appreciated.
Is nsswitch setup correctly to obtain the password from the LDAP server?
Check in /etc/nsswitch.conf that passwd, shadow and group are all set to obtain
data from ldap:
passwd: files ldap
shadow: files ldap
group: files ldap
Verify that nss is looking up the data in LDAP by running the following commands
# getent passwd s39427
# getent shadow s39427
these should show the information retrieved from the LDAP directory for the user
Is host based access control in effect? If so, does the user in question have
permission to login to that host?
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw at ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
More information about the users