Watching this thread go bye, I was wondering about the more fundamental question. Does your LDAP server give the POSIX user information that the linux system requires for login? We have one of those Iplanet servers and user accounts do not have that information by default and the administrators act like their asses are starting on fire when we ask them to put in those user attributes. The symptom of the problem is that logins fail, but ldapsearch does turn up user information. pj On 6/16/06, Gordon Messmer <yinyang@xxxxxxxxx> wrote:
ay0my wrote: > I tried your suggestion the results looks OK. > > [root@sspxz100 ~]# id s39427 > uid=111(s39427) gid=14(sysadmin) groups=14(sysadmin) > [root@sspxz100 ~]# ls -l ~s39427 > total 0 Good, then NSS is set up right, and you just need to look at PAM. > I saw the following error in /var/log/secure when the "permission denied" error is encountered. > > Jun 15 17:19:38 sspxz100 sshd[13765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ci-nb39427-6.sf.sp.edu.sg user=s39427 So... what does /etc/pam.d/system-auth look like? Specifically, what do the lines that begin with "auth" look like? -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
-- Paul E. Johnson Professor, Political Science 1541 Lilac Lane, Room 504 University of Kansas -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list