Looking over your files, I see quite a few problems: 1) You need to configure nss_ldap.conf as well as pam_ldap.conf.
2) The lines in nsswitch.conf should really be "files ldap" not "ldap files", i.e. local data takes precedence. 3) You need to tell pam.d/login to use the same password for pam_unix that it tried to use for pam_ldap: auth sufficient pam_ldap.so auth required pam_unix.so nullok try_first_pass 4) In pam_ldap.conf, it's best not to bind as anyone. pam_ldap will attempt to bind with the given password and that will be the test. You'll need to use pam_password exop if you still want to change user passwords with this setup. If you are still having problems, watch what happens with a packet sniffer. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
