On Tue, Sep 9, 2014 at 2:21 PM, Nikos Mavrogiannopoulos <n.mavrogiannopoulos at gmail.com> wrote: > Thanks for reporting that. I cannot reproduce your environment, so I > may have to ask you to use ocserv from the master branch. > I assume here that /etc/pam.d/ocserv is a working configuration for > pam (e.g., the same used for ssh). In that case could you send me the > debugging information from ocserv in the git repository? That would > clarify whether the is some issue in the pam conversation with > pam_ldap. I made a quick installation of openldap in a rhel7 server based on [0], and I was able to login using the created users. So the issue should be in the pam configuration for ocserv, or something that depends on local policy. The log trace I get is: ocserv[4834]: sec-mod: cmd [size=28] sm: auth init ocserv[4834]: sec-mod: auth init for user 'test2' (group: 'test2') from '192.168.100.1' [...] ocserv[4836]: worker: 192.168.100.1:55272 sending message 'sm: auth cont' to secmod ocserv[4834]: sec-mod: received request from pid 4836 and uid 992 ocserv[4834]: sec-mod: cmd [size=23] sm: auth cont ocserv[4834]: sec-mod: auth cont for user 'test2' ocserv[4834]: sec-mod: auth deinit for user 'test2' ocserv[4836]: worker: 192.168.100.1:55272 received auth reply message (value: 1) ocserv[4836]: worker: 192.168.100.1:55272 user 'test2' obtained cookie [0]. http://www.certdepot.net/rhel7-configure-ldap-directory-service-user-connection/ regards, Nikos
