Hi, I'm trying to setup a environment where I want my users for main services, such as sshd, samba and so on to auth on a LDAP server. I installed pam_ldap and I have my LDAP up. After following some guides, I have a problem which I don't know how to solve. When I type on shell:
# getent passwd {the content of /etc/passwd file} after this... request done: ld 0x51cda0 msgid 1 request done: ld 0x5445e0 msgid 1 request done: ld 0x5445e0 msgid 1 request done: ld 0x5445e0 msgid 1 request done: ld 0x5445e0 msgid 1 request done: ld 0x5445e0 msgid 1 request done: ld 0x5445e0 msgid 1 When I check the syslogd file I can see: Jun 22 03:17:02 embedded slapd[23890]: conn=22 fd=12 ACCEPT from IP=150.165.63.1:57920 (IP=0.0.0.0:636) Jun 22 03:17:02 embedded slapd[23890]: conn=22 fd=12 TLS established tls_ssf=256 ssf=256 Jun 22 03:17:02 embedded slapd[23890]: conn=22 op=0 STARTTLS Jun 22 03:17:02 embedded slapd[23890]: conn=22 op=0 RESULT oid= err=1 text=TLS already started Jun 22 03:17:02 embedded getent: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)... Jun 22 03:17:02 embedded slapd[23890]: conn=22 op=1 UNBIND Jun 22 03:17:02 embedded slapd[23890]: conn=22 fd=12 closed Jun 22 03:17:02 embedded slapd[23890]: connection_read(12): no connection! I'm using TLS and everything seems to works fine by using phpldapadmin, lam and ldap command line, such as ldapsearch, ldapadd, when I use -x option, in this last case. Well, here are the main configuration: /etc/openldap/ldap.conf BASE dc=embedded,o=Embedded,c=BR URI ldaps://myhost.mydomain.com TLS_REQCERT allow PORT 636 /etc/ldap.conf host myhost.mydomain.com base o=Embedded,c=BR uri ldaps://myhost.mydomain.com/ binddn cn=Manager,o=Embedded,c=BR rootbinddn cn=Manager,o=Embedded,c=BR port 636 pam_filter objectclass=account pam_login_attribute uid pam_password md5 debug 256 logdir /var/log/nss_ldap nss_base_passwd ou=People,o=Embedded,c=BR nss_base_shadow ou=People,o=Embedded,c=BR nss_base_group ou=Group,o=Embedded,c=BR ssl start_tls tls_checkpeer yes tls_cacertfile /etc/ssl/ldap.pem tls_cacertdir /etc/ssl In which format should I enter the secret password in /etc/ldap.secret file? I'm putting something like: {MD5}md5-hash-here Is it correct? I also made proper chances in /etc/nsswitch.conf and /etc/pam.d/system-auth Does someone can help me. Any pointer/suggestion will be greatufully accepted. Thank you, Leandro. -- Leandro Melo de Sales. Computer Science Student Laboratório de Sistemas Distribuídos - www.lsd.ufcg.edu.br Laboratório de Sistemas Embarcados e Computação Pervasiva - www.embeddedacademy.org Universidade Federal de Campina Grande - UFCG Campina Grande - PB - Brasil -- gentoo-user@gentoo.org mailing list