Le 17/02/2011 17:31, Marti, Robert a écrit :
That doesn't seem like SELinux is interfering, it seems like an
issue contacting the ldap server. If it was an SELinux issue
there would be avc denials in /var/log/messages and Permissive
mode would not block anything.
As I said in my first message : "pam_ldap is correctly configured :
I can perform an authentication on a ssh connection".
So there is absolutely no problem contacting the LDAP server : I
have a user account with no password and I can open a ssh session
on this server using my LDAP credentials...
SELinux is good about one thing - it logs excessive amounts of
information when it "interferes" with something. If you don't have
any SELinux errors logged in /var/log/messages (or
/var/log/audit/audit.log) SELinux isn't interfering, at all. If
you're still convinced it's SELinux, disable it and see (requires a
reboot). If it magically works, I'd love to see ls -lZ /etc/pam.d/s*
and any AVCs in /var/log/messages.
I finally made the pam_ldap authentication work. I didn't know that
SElinux was logging into /var/log/audit/audit.log so my assumption that
it was to blame was based and the fact that my settings works on all
other SELinux-free servers.
I still don't understand how it wasn't functioning as far as this server
as the same /etc/ldap.conf and /etc/openldap/ldap.onf files, the same
certificate and was on the same network as the others (!).
Regards,
Nicolas
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
