Yea, I checked that, it was already set correctly: -bash-3.00# ls -l /var/ldap/*.db -rw-r--r-- 1 root root 65536 Feb 22 09:45 /var/ldap/cert8.db -rw-r--r-- 1 root root 32768 Feb 22 09:45 /var/ldap/key3.db -rw-r--r-- 1 root root 32768 Feb 22 09:38 /var/ldap/secmod.db -bash-3.00# ls -ld /var/ldap/ drwxr-xr-x 3 root sys 512 Feb 22 09:49 /var/ldap/ and ldapsearch -Z works fine, as non-root. The strange thing is that in the pam debug log, I see this: Feb 24 08:52:03 unknown passwd[1227]: [ID 293258 user.warning] libsldap: Status: 91 Mesg: openConnection: failed to initialize TLS security (An I/O error occurred during security authorization.) Feb 24 08:52:03 unknown passwd[1227]: [ID 292100 user.warning] libsldap: could not remove ldap-serv from servers list Feb 24 08:52:03 unknown passwd[1227]: [ID 293258 user.warning] libsldap: Status: 7 Mesg: Session error no available conn. Feb 24 08:52:03 unknown passwd[1227]: [ID 993883 user.debug] passwd_auth: __user_to_authenticate returned 13 Feb 24 08:52:03 unknown passwd[1227]: [ID 238438 auth.debug] PAM[1227]: pam_authenticate(29748, 0): error No account present for user Feb 24 08:52:03 unknown passwd[1227]: [ID 285619 auth.debug] ldap pam_sm_authenticate(passwd test), flags = 0 Feb 24 08:52:03 unknown passwd[1227]: [ID 647000 auth.debug] ldap pam_sm_authenticate(passwd test), AUTHTOK not set Feb 24 08:52:03 unknown passwd[1227]: [ID 238438 auth.debug] PAM[1227]: pam_authenticate(29748, 0): error Authentication failed Several things stand out. 1st, the TLS business. If root works, why wouldn't non-root users work also?? 2nd, what does it mean "error No account present for user"?? is it trying to change local password? Even though I explicitly say passwd -r ldap ? 3rd, why is it trying to remove my fds server from some list and what is that list? I'm thinking that before letting me change my password, it's trying to make me enter my current password and bombs immediately: passwd_auth: __user_to_authenticate returned 13 So... I'm kind of stuck here... Thank you, guys. --- George Holbert <gholbert@xxxxxxxxxxxx> wrote: > Ah yes, > > Check permission on /var/ldap/cert7.db and /var/ldap/key3.db. > > They should be mode 644. > > Pete Rowley wrote: > > Susan wrote: > > > >> Why would it fail to initialize TLS security? root works fine... Is > >> there an env var I'm > >> missing? > >> > >> > >> > > Permissions for local files? Try getting a TLS ldapsearch to work first. > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-directory-users > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
