-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nigel Wade wrote: > Davis, Jared Scott wrote: >> In /var/log/messages: >> "sshd: pam_ldap: ldap_simple_bind Can't contact LDAP server" >> > > So PAM can't talk to the LDAP server. Double check the values in > /etc/ldap.conf. ldapsearch uses /etc/openldap/ldap.conf and PAM uses > /etc/ldap.conf so check the sym-link. just a point: these are not symbolic links. The two files have similar, but definitley different syntax. So the file you want to check is /etc/ldap.conf > Monitor the network traffic using wireshark/ethereal to see what is > happening between your client and the LDAP server. Is it setup correctly > to handle LDAPS? Since you mention certs. I presume you are required to > use LDAPS, it makes diagnosing problems harder because all the requests > are encrypted. How is your LDAP server specified in ldap.conf, host/port > or uri? whether it is LDAPS or LDAP/TLS will depend on the AD version. IIRC, AD in windows server 2003+ can use TLS these days. Windows 200 used LDAPS. Regards Stuart - -- Stuart Sears RHCA RHCSS PDF ODT DUI "The PM's claims on this subject are not exactly lies, so much as fact-free." http://www.no2id.net/news/pressRelease/release.php?name=Blair_Fact-Free -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFF4AmOamPtx1brPQ4RAqPaAJ0Sa8dN9ZrTdwkR4AYs5P98L/Ar0ACfUvdS 4BCet7uPpvL8ucBxd9SfNb4= =DADD -----END PGP SIGNATURE----- -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
