Hi Brad! On Tue, 09 Mar 2010, Brad Fuller wrote: > Thanks for the reply. See below On Tue, Mar 9, 2010 at 13:27, > <patrick.morris@xxxxxx> wrote: > > Hi Brad! > > > > On Tue, 09 Mar 2010, Brad Fuller wrote: > > > >> HI, > >> > >> I'm brand new to FDS/LDAP. I've set up the server, seems to run fine, > >> can log in to the admin/dir console and create people. > >> I've tried to set up a fedora 12 client so that I can log in accessing > >> the FDS server but I don't seem to be making any connection to it > >> . > >> I've edited /etc/ldap.conf to add the base dc= dc=com and added "host" keyword > >> > >> To /etc/nsswitch.conf I've added > >> passwd: files ldap > >> shadow: files ldap > >> group: files ldap > >> > >> that is all that I've changed > >> > >> /var/log/messages and /var/log/secure don't show any activity on > >> either the server or client. > >> I receive "authorization failure" when trying to log in. > >> > >> Are there any tools that I can use to see if my client is seeing the > >> ldap server? > >> Have I missed something in the configuration? > >> > >> BTW, I've looked and searched and read the 3 RH DS documents, but I > >> didn't see anything that I've missed. > > > > You'rei missing a lot of configuration, actually. > > > > I believe Fedora has the "authconfig" command. That's probably a good > > place to start getting things set up. > > I've actually used that. It seems to only set the ldap.conf file > settings of host and base > (and it screwed up host). > It also seems to set nsswitch.com passwd/shadow.group > > Perhaps I'm doing it wrong. In authconfig > I've checked" only LDAP. in User Informaton and Authentication tabs. > I've checked "use shadow passwords", "local authorization is > sufficient for local users" and "Authenticate system accounts by > network services" in the Options tab. > > is that sufficient? Authconfig also does stuff like configure PAM for you, etc, so you're probably set there, but it's a bit more involved than just the canges you mentioned. My guess now is that it's almost certainly expecting users to contain the posixAccount object class, which you may or may not have set on them currently. You mentioned that you were able to "create people," but didn't say how, so whether those were set up appropriately to work as Unix logins is hard for me to say. As far as being able to tell if your client is hitting the server or not, you should be able to look at the server's access logs. -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users