8><---- I would start with the Fedora DS access log. See if ssh is making a connection to Fedora DS, if so, see what types of operations are being sent, and the responses to those operations. For searches, see what the base DN, filter, and attributes being requested are. This helped.....the ldapsearch was being logged but the pam search was not so.... I blew away /etc/ldap.conf and sym linked it to /etc/openldap/ldap.conf, then blindly added these lines to its somewhat short form, ======= scope sub suffix "dc=vuw,dc=ac,dc=nz" #TLS_CACERTDIR /etc/openldap/cacerts pam_password exop ldap_version 3 pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute memberuid nss_base_passwd ou=Computers,dc=cognifide,dc=pl nss_base_passwd ou=People,dc=cognifide,dc=pl nss_base_shadow ou=People,dc=cognifide,dc=pl nss_base_group ou=Group,dc=cognifide,dc=pl nss_base_hosts ou=Hosts,dc=cognifide,dc=pl =========== The log now shows, 8><----- PosixAccount)(uid=root))" attrs=ALL [11/Sep/2007:10:01:01 +1200] conn=200 op=2 RESULT err=32 tag=101 nentries=0 etime=0 [11/Sep/2007:10:01:01 +1200] conn=200 op=2 RESULT err=32 tag=101 nentries=0 etime=0 [11/Sep/2007:10:01:01 +1200] conn=200 op=3 SRCH base="ou=Group,dc=cognifide,dc=pl" scope=2 filter="(&(objectClass=posixGroup)(memberUid=root))" attrs="gidNumber" [11/Sep/2007:10:01:01 +1200] conn=200 op=3 RESULT err=32 tag=101 nentries=0 etime=0 [11/Sep/2007:10:01:01 +1200] conn=200 op=3 RESULT err=32 tag=101 nentries=0 etime=0 [11/Sep/2007:10:01:01 +1200] conn=200 op=-1 fd=67 closed error 104 (Connection reset by peer) - TCP connection reset by peer. So pam is now actually querying the LDAP server it seems, it is not getting it right but it's a small step. I would seem to need to do some config around this area, # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example, dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never HOST 130.195.87.249 BASE dc=vuw,dc=ac,dc=nz ssl no scope sub suffix "dc=vuw,dc=ac,dc=nz" #TLS_CACERTDIR /etc/openldap/cacerts pam_password exop ldap_version 3 pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute memberuid nss_base_passwd ou=Computers,dc=cognifide,dc=pl nss_base_passwd ou=People,dc=cognifide,dc=pl nss_base_shadow ou=People,dc=cognifide,dc=pl nss_base_group ou=Group,dc=cognifide,dc=pl nss_base_hosts ou=Hosts,dc=cognifide,dc=pl As I still get no reply/successful login. Regards Steven -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
