Jean Thanks for a quick reply. Client IP address is 192.168.5.4 yes these files are from client only. */etc/pam.d/system-auth * ------------------------------------------------ This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so ----------------------------------------------------------------------- and* /etc/pam.d/login * #%PAM-1.0 auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so auth include system-auth account required pam_nologin.so account include system-auth password include system-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session include system-auth session required pam_loginuid.so session optional pam_console.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open session optional pam_keyinit.so force revoke ~ ---------------------------------------------------------------------------------- what is the *uid of the user test01 in the FDS* uid is t01 and under Posix user uid numbe =2223 (i manually gave this) gid number=2223 home dire = /home/test login shell=/bin/test and then i create a directory with name "test" under /home ...........eg. mkdir /home/test Best Regards --H On Wed, Jun 17, 2009 at 4:33 PM, jean-No?l Chardron < Jean-Noel.Chardron at dr15.cnrs.fr> wrote: > hi, > > ok , I suppose the ip adress of the server is 192.168.5.1 (right ?) > and you have a client (a centos 5.3) with unknow to us ip address. > > I suppose the nsswitch.conf and /etc/ldap.conf below is on the client so it > is correct > > Then can you show the files /etc/pam.d/system-auth and /etc/pam.d/login > that are on the client please > > then can you tell us what is the uid of the user test01 in the FDS > > > > Hakuna Matata a ?crit : > >> >> yes, my nsswitch.conf file is as below. >> passwd: files ldap >> shadow: files ldap >> group: files ldap >> >> ethers: files >> netmasks: files >> networks: files >> protocols: files >> rpc: files >> services: files >> >> netgroup: files ldap >> >> publickey: nisplus >> >> automount: files ldap >> aliases: files nisplus >> >> >> and /etc/ldap.conf file contains >> uri ldap://192.168.5.1 <http://192.168.5.1> >> ssl no >> tls_cacertdir /etc/openldap/cacerts >> pam_password md5 >> >> >> >> >> ----i am still not able to authenticate....... >> >> >> -best Regards >> --H >> >> On Wed, Jun 17, 2009 at 12:21 PM, Dmitry Amirov <amirov at infinet.ru<mailto: >> amirov at infinet.ru>> wrote: >> >> Hello >> >> Is it ldap://ldap.vfds.local correct? >> Please, try this command: >> >> ping ldap.vfds.local >> >> If pinging then try to use command getent to check that ldap users are >> present in your system. >> getent passwd >> >> If not pinging, then you need to use FQDN or ip-address, like this: >> >> ldap://1.2.3.4 <http://1.2.3.4> >> ldap://example.com <http://example.com> >> >> >> Hakuna Matata wrote: >> > Hi, >> > >> > I am new to FDS, i have set this up as per the documentation . It is >> > working fine . >> > Now want that linux client (CentOS 5.3) to authenticate with FDS. >> > >> > hostname of FDS = ldap.fds.local >> > >> > i create a user test01 and fill the posix information >> > >> > on client machine i am using system-config-authentiation >> > 1. check the LDAP box and filled the details as . >> > LDAP search base dn = dc=vfds, dc=local >> > LDAP Server = >> ldap://ldap.vfds.local >> > >> > then i rebooted the machine and trying to login via user test01. now >> > it is showing error as username or password incorrect. >> > >> > >> > i would really appreciate if someone can give me some pointer or >> help >> > where i am doing wrong. >> > >> > Many Thanks in advance >> > Best regards >> > --H >> > >> > -- >> > 389 users mailing list >> > 389-users at redhat.com <mailto:389-users at redhat.com> >> > https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > >> >> -- >> 389 users mailing list >> 389-users at redhat.com <mailto:389-users at redhat.com> >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> ------------------------------------------------------------------------ >> >> -- >> 389 users mailing list >> 389-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > > -- > 389 users mailing list > 389-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20090617/335a801f/attachment.html
