If I understand what you're saying: you can't telnet to a box with LDAP under RH 6.2. Try adding the attributes: objectclass: account host: box.name.com to the LDAP user you're trying to login as. Clear as mud? I ran across the same thing and that fixed it for me. I was going to do that anyway with the filter as in your subject line, but it appears that 6.2 is doing it for you somewhere. I never did pinpoint where or why. Good luck, Kelli -----Original Message----- From: pam-list-admin@redhat.com [mailto:pam-list-admin@redhat.com]On Behalf Of Edwin Whitelaw Sent: Wednesday, November 15, 2000 3:07 PM To: pam-list@redhat.com Subject: Filter to AND with uid=%s I believe my problem is related to this thread but the point of failure seems to be whether the host can reverse lookup the client. In a nutshell: I can telnet (logind) to the host as long as the client has a reverse lookup. The really odd thing here is I can rlogin using LDAP with OR without the reverse map. I'm using the pam.d from the nss_ldap package in RH6.2. The problem seems pretty consistent. I've played around a bit trying pam_pwdb vs pam_unix but confess that as of this point I have not delved into the details. Even when the login fails, the ldap logs show a successful lookup. Any help appreciated, -- <=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=++=+=+=> Edwin Whitelaw Principal Engineer - Networking General Dynamics Advanced Technology Systems Phone: (336) 698-8396
