I just finished an LDAP cofiguration successfully and found out, that the configuration is tricky - I had to be very careful. I had the same problem with double passwords - the order in the PAM config files was wrong.
Also I found out, that if PAM was not able to bind to the server anonyously, though I configured it in the slapd.conf. So I created a Manager with read only permission. For some reason my ldap.conf accepts _only_ an IP in the host entry, everywhere else the domainname works. my /etc/pam.d/login: auth required /lib/security/pam_securetty.so auth required /lib/security/pam_nologin.so auth sufficient /lib/security/pam_ldap.so auth required /lib/security/pam_unix_auth.so use_first_pass account sufficient /lib/security/pam_ldap.so account required /lib/security/pam_unix_acct.so password required /lib/security/pam_cracklib.so password sufficient /lib/security/pam_ldap.so password required /lib/security/pam_unix_passwd.so use_first_pass md5 shadow session required /lib/security/pam_unix_session.so /etc/pam.d/pop || imap || su auth sufficient pam_ldap.so auth required pam_unix_auth.so account required pam_unix_acct.so password required pam_unix_passwd.so session required pam_unix_session.so /etc/openldap/slapd.conf: <--- snip ---> access to attr=userPassword by self write by dn="cn=Manager,dc=domain,dc=com" write by dn="cn=pam,dc=domain,dc=com" read by anonymous auth by * none access to * by self write by dn="cn=Manager,dc=domain,dc=com" write by * read </--- snip ---> /etc/linnss-ldap.conf: <--- snip ---> binddn cn=pam,dc=domain,dc=com bindpw xxxxxxxxx <--- snip ---> This configuration works om my System: Potato AXP, LDAP 2.0.11 (compiled) martin Sergio Talens-Oliag wrote: > El Tue, Aug 28, 2001 at 09:23:47AM -0400, Sunny Dubey escribió: > >>Hey, >> >>I've got a slight problem, at school we run two major networks, one half is >>Novell Netware based, and the other half is unix based. We basically one >>centralized system of authentication, so that user don't have to remember two >>different passwords to use either system. We been trying to get linux to use >>ldap to authenticate with the novell ldap server, and have had no luck. We >>know the novell ldap server is fine, however something seems fishy with the >>linux side. The problem is that when using the PAM_LDAP modules, is that >>when a user tries to login, they are asked for a password twice, once the >>normal password, and the second one being the ldap based password. However, >>even if you type in the correct passwords, LDAP says permission denied, or >>authentication failed. What makes it really odd is how at the same time the >>novell netware server states it has seen the authenticated user, and even >>gives it an OK to login. >> >>Anyone have any clue as to how to make it work? Are there any docs about >>getting Netware+linux+ldap to work? thanks for any info that you might pass >>along. have a nice day. >> > > I think your problem is in your pam module configuration, I use something > like that for auth: > > --- > auth required pam_nologin.so > auth sufficient pam_unix.so > auth required pam_ldap.so use_first_pass > --- > > With this setup the user is only asked once; if 'pam_unix' succeds the user > is authorized and if it fails 'pam_ldap' tries to authenticate using the > same password entered. > > Hope this helps. > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]