I really am too smart for my own good... "authconfig --enableldapauth --update" Problem solved, and I've modified the "auth" line in my kickstart file. That sound you hear in the background is me beating my head on my desk... Thanks for the hints! David On Tue, June 7, 2011 11:57, Colin Panisset wrote: > One useful method for tracking down oddness like this is to run a > test-mode sshd on a different port: > > server# /usr/sbin/sshd -ddd -p 28 > > and then, on the client: > > client$ ssh server -p 28 > > and watch what sshd is doing. It's unlikely that Oracle elements are in > the path prior though, since none of these are called directly on a > command-line by sshd; instead it's more likely to be a PAM configuration > oddness; check /etc/pam.d/* to see whether Oracle has put something > strange in there. > > -- C. > ________________________________________ > From: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx > [389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of David Barr > [dafydd@xxxxxxxxxx] > Sent: Wednesday, June 08, 2011 4:43 AM > To: General discussion list for the 389 Directory server project. > Subject: Re: [389-users] Does Oracle interfere with LDAP authentication? > > This is occurring at login, before the user-specific path is set. (At > least, I hope we're waiting for authentication before setting the user's > path!) So, the relevant path is the one built into sshd at compile time, > and reported in /etc/ssh/sshd_config, right?[1] That's just > /usr/local/bin:/bin:/usr/bin. > > I took at shot at "ps faux" to see if I could find any child processes > invoked by sshd to test the ldap authentication. I didn't catch anything. > > "getent passwd" as root on these hosts does return the LDAP based users. > So, I can see at least that much of the RHDS. So, I know the server is > visible and talking to these hosts. > > Thanks! > David > > [1] - > http://forums13.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1307470719578+28353475&threadId=686313 > > > On Tue, June 7, 2011 10:49, crashingdaily wrote: >> Oracle includes its own LDAP client and libs whose syntax is different >> from OpenLDAP's. Is $ORACLE_HOME/bin/ earlier in your $PATH than / >> usr/bin ? >> >> On Jun 7, 2011, at 1:38 PM, David Barr wrote: >> >>> Good Morning! >>> >>> Take 30 hosts, all with identical >>> >>> /etc/nsswitch.conf >>> /etc/ldap.conf >>> /etc/ssh/ssh_config >>> /etc/ssh/sshd_config >>> /etc/auto.master and subsidiary files >>> >>> The only two hosts where LDAP authentication fails are the two Oracle >>> servers. All are running on the same RHEL 5.4. >>> >>> Anyone seen anything like this, before? >>> >>> Thanks! >>> David -- David - Offbeat http://dafydd.livejournal.com dafydd - Online http://pgp.mit.edu/ Battalion 4 - Black Rock City Emergency Services Department Integrity*Commitment*Communication*Support -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
