Hakuna Matata a ?crit : > Jean > Thanks for a quick reply. > > Client IP address is 192.168.5.4 > yes these files are from client only. > all files seem correct , (in system-auth the interresting line are with pam_ldap.so) So may be, the base to search in the tree are misconfigured in the /etc/ldap.conf you previously show the /etc/ldap.conf : uri ldap://192.168.5.1 <http://192.168.5.1> ssl no tls_cacertdir /etc/openldap/cacerts pam_password md5 can you show the ouptut of the command : grep base /etc/ldap.conf with only the line that are uncommented , normaly this will show the distinguished name of the search base. and this must correspond with the tree in your FDS > > */etc/pam.d/system-auth * > ------------------------------------------------ > This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > auth required pam_env.so > auth sufficient pam_unix.so nullok try_first_pass > auth requisite pam_succeed_if.so uid >= 500 quiet > auth sufficient pam_ldap.so use_first_pass > auth required pam_deny.so > > account required pam_unix.so broken_shadow > account sufficient pam_succeed_if.so uid < 500 quiet > account [default=bad success=ok user_unknown=ignore] pam_ldap.so > account required pam_permit.so > > password requisite pam_cracklib.so try_first_pass retry=3 > password sufficient pam_unix.so md5 shadow nullok try_first_pass > use_authtok > password sufficient pam_ldap.so use_authtok > password required pam_deny.so > > session optional pam_keyinit.so revoke > session required pam_limits.so > session optional pam_keyinit.so revoke > session required pam_limits.so > session [success=1 default=ignore] pam_succeed_if.so service in > crond quiet use_uid > session required pam_unix.so > session optional pam_ldap.so > ----------------------------------------------------------------------- > > and* /etc/pam.d/login * > > #%PAM-1.0 > auth [user_unknown=ignore success=ok ignore=ignore default=bad] > pam_securetty.so > auth include system-auth > account required pam_nologin.so > account include system-auth > password include system-auth > # pam_selinux.so close should be the first session rule > session required pam_selinux.so close > session include system-auth > session required pam_loginuid.so > session optional pam_console.so > # pam_selinux.so open should only be followed by sessions to be > executed in the user context > session required pam_selinux.so open > session optional pam_keyinit.so force revoke > ~ > ---------------------------------------------------------------------------------- > > what is the *uid of the user test01 in the FDS* > > uid is t01 > > and under Posix user > > uid numbe =2223 (i manually gave this) > gid number=2223 > home dire = /home/test > login shell=/bin/test > > > and then i create a directory with name "test" under /home > ...........eg. mkdir /home/test > > > > > Best Regards > --H > > > > > > > On Wed, Jun 17, 2009 at 4:33 PM, jean-No?l Chardron > <Jean-Noel.Chardron at dr15.cnrs.fr > <mailto:Jean-Noel.Chardron at dr15.cnrs.fr>> wrote: > > hi, > > ok , I suppose the ip adress of the server is 192.168.5.1 (right ?) > and you have a client (a centos 5.3) with unknow to us ip address. > > I suppose the nsswitch.conf and /etc/ldap.conf below is on the > client so it is correct > > Then can you show the files /etc/pam.d/system-auth and > /etc/pam.d/login that are on the client please > > then can you tell us what is the uid of the user test01 in the FDS > > > > Hakuna Matata a ?crit : > > > yes, my nsswitch.conf file is as below. > passwd: files ldap > shadow: files ldap > group: files ldap > > ethers: files > netmasks: files > networks: files > protocols: files > rpc: files > services: files > > netgroup: files ldap > > publickey: nisplus > > automount: files ldap > aliases: files nisplus > > > and /etc/ldap.conf file contains > uri ldap://192.168.5.1 <http://192.168.5.1> <http://192.168.5.1> > > ssl no > tls_cacertdir /etc/openldap/cacerts > pam_password md5 > > > > > ----i am still not able to authenticate....... > > > -best Regards > --H > > On Wed, Jun 17, 2009 at 12:21 PM, Dmitry Amirov > <amirov at infinet.ru <mailto:amirov at infinet.ru> > <mailto:amirov at infinet.ru <mailto:amirov at infinet.ru>>> wrote: > > Hello > > Is it ldap://ldap.vfds.local correct? > Please, try this command: > > ping ldap.vfds.local > > If pinging then try to use command getent to check that > ldap users are > present in your system. > getent passwd > > If not pinging, then you need to use FQDN or ip-address, > like this: > > ldap://1.2.3.4 <http://1.2.3.4> <http://1.2.3.4> > ldap://example.com <http://example.com> <http://example.com> > > > > Hakuna Matata wrote: > > Hi, > > > > I am new to FDS, i have set this up as per the > documentation . It is > > working fine . > > Now want that linux client (CentOS 5.3) to authenticate > with FDS. > > > > hostname of FDS = ldap.fds.local > > > > i create a user test01 and fill the posix information > > > > on client machine i am using system-config-authentiation > > 1. check the LDAP box and filled the details as . > > LDAP search base dn = dc=vfds, > dc=local > > LDAP Server = > ldap://ldap.vfds.local > > > > then i rebooted the machine and trying to login via user > test01. now > > it is showing error as username or password incorrect. > > > > > > i would really appreciate if someone can give me some > pointer or > help > > where i am doing wrong. > > > > Many Thanks in advance > > Best regards > > --H > > > > -- > > 389 users mailing list > > 389-users at redhat.com <mailto:389-users at redhat.com> > <mailto:389-users at redhat.com <mailto:389-users at redhat.com>> > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -- > 389 users mailing list > 389-users at redhat.com <mailto:389-users at redhat.com> > <mailto:389-users at redhat.com <mailto:389-users at redhat.com>> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > ------------------------------------------------------------------------ > > -- > 389 users mailing list > 389-users at redhat.com <mailto:389-users at redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > -- > 389 users mailing list > 389-users at redhat.com <mailto:389-users at redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > ------------------------------------------------------------------------ > > -- > 389 users mailing list > 389-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Jean-Noel Chardron
