I've enabled compile-time debug flags, to no avail. I did some troubleshooting for several hours last night and discovered something interesting -- the LDAP server is responding with a SUCCESS message to the bind request, but PAM (for whatever reason) is still denying my login request.
Here's the output of a sniffer capture between the client and the LDAP server: bindResponse resultCode: success (0) The /var/log/auth.log file indicates the following: ==> auth.log <== Nov 3 06:24:00 s_dg...@auth.whatever.com sshd[11393]: error: PAM: Authentication failure for illegal user tb from 10.9.3.153 Nov 3 06:24:00 s_dg...@auth.whatever.com sshd[11393]: Failed keyboard-interactive/pam for invalid user tb from 10.9.3.153 port 56665 ssh2 Nov 3 06:24:00 s_dg...@auth.whatever.com sshd[11396]: pam_tally2(sshd:auth): pam_get_uid; no such user My /etc/pam.d/system-auth file is pretty much verbatim what is listed here: http://www.gentoo.org/doc/en/ldap-howto.xml Also, my /etc/nsswitch.conf file has "files" and "ldap" in the appropriate places. passwd: files ldap shadow: files ldap group: files ldap Thoughts would be greatly appreciated -- I'm almost there! I just need to figure out why PAM isn't playing nice with LDAP authentication. -james I'm so close I can taste it. :) Any thoughts or ideas on how to fix this would be greatly appreciated. On Fri, Nov 5, 2010 at 20:06, Ward Poelmans <wpoel...@gmail.com> wrote: > On Fri, Nov 5, 2010 at 20:46, James <j...@nc.rr.com> wrote: >> The logdir is filled with empty files that, in the name of the file, >> has the pid of the pam process. However, these files are empty and >> they do not have anything in them. >> >> Thoughts? > > Try putting the compile time debugging options on? > > Ward