4
3
1) I have a working LDAP server which I've confirmed can be used with LDAP clients, running on ec2 via jumpbox.
2) I've run authconfig to setup ldap based authentication, to point to the server:
authconfig --useshadow --enablesssd --enablesssdauth --enablesssdauth --passalgo=sha512 --enableldap --ldapserver=my.ldap.server --ldapbasedn='ou=users,o=Directory' --enablecachecreds --enablelocauthorize --update --enableldapauth
3) However, LDAP login fails:
[root@m2 ~]# su bsmith su: user bsmith does not exist
To debug, I've tried to validate as many components of ldap as possible. HEre is some data from my client machine:
1) My /etc/nsswitch.conf appears to have ldap on the list:
passwd: files sss ldap
shadow: files sss ldap
group: files sss ldap
2) Also, ive checked /etc/pam_ldap.conf, which appears to have the right contents at the end:
# SASL mechanism for PAM authentication - use is experimental
# at present and does not support password policy control
#pam_sasl_mech DIGEST-MD5
uri ldap://my.ldap.server/
ssl start_tls
tls_cacertdir /etc/openldap/cacerts
pam_password md5
How can I debug the login/authentication path in my client to figure out where the login is failing and why my client isnt able to log in?
1no one there to reply this ? same error facing here too using centos 6.5 – Babin Lonston – 2014-08-31T09:30:57.840
1Is this CentOS, Fedora or RedHat? Regardless of that, you most likely will find something related to your problem in
/var/log/secure
and/var/log/messages
. – Sami Laine – 2014-01-07T10:47:12.593This is on RHEL – jayunit100 – 2014-01-07T15:36:17.387