On Fri, 2005-12-16 at 13:07 +0100, Enrico Valsecchi wrote: > Hi All, > > I have a problem. > My Users, stored correctly into Fedora-DS, > can't login into my Linux System. > (With OpenLdap did not have this problem) > I don't understand where is MY error! > :( > > There are my system settings.... > > Many Thanks! > > Bye, > > Enrico > > /etc/pam.d/system-auth > auth required /lib/security/$ISA/pam_env.so > auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok > auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass > auth required /lib/security/$ISA/pam_deny.so > > account required /lib/security/$ISA/pam_unix.so broken_shadow > account sufficient /lib/security/$ISA/pam_localuser.so > account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet > account [default=bad success=ok > user_unknown=ignore] /lib/security/$ISA/pam_ldap.so > account required /lib/security/$ISA/pam_permit.so > > password requisite /lib/security/$ISA/pam_cracklib.so retry=3 > password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok > md5 shadow > password sufficient /lib/security/$ISA/pam_ldap.so use_authtok > password required /lib/security/$ISA/pam_deny.so > > session required /lib/security/$ISA/pam_limits.so > session required /lib/security/$ISA/pam_unix.so > session optional /lib/security/$ISA/pam_ldap.so > > /etc/nsswitch.conf > passwd: files ldap > shadow: files ldap > group: files ldap > > /etc/ldap.conf AND /etc/openldap.conf > suffix "dc=chiccomara,dc=org" ---- should have /etc/openldap/ldap.conf with at least... BASE: dc=chiccomara,dc=org HOST: 127.0.0.1 ---- > > uri ldap://centos.chiccomara.org/ > ldap_version 3 > pam_filter objectclass=posixAccount > pam_login_attribute uid > pam_member_attribute memberuid > pam_password ssha > nss_base_passwd ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org > nss_base_shadow ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org > nss_base_group ou=Groups,ou=Mizar Solutions,dc=chiccomara,dc=org > # nss_base_hosts ou=Host,ou=Mizar Solutions,dc=chiccomara,dc=org > scope one ----- probably need here... base: dc=chiccomara,dc=org host: 127.0.0.1 rootbinddn: cn=Directory Manager #or whatever bind dn you choose and I am not all knowing on PADL tools but I would have... nss_base_passwd ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org?one nss_base_shadow ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org?one nss_base_group ou=Groups,ou=Mizar Solutions,dc=chiccomara,dc=org?one and then /etc/ldap.secret with your rootbinddn password chmod 600 and you should be able to simply test it by doing... getent passwd getent group and get your users/groups listed Craig
