I solved this problem. It was caused by nscd. I restarted the nscd daemon and everything was fine.
Thanks everyone. On Sat, Nov 2, 2013 at 12:38 AM, slacker lnx <[email protected]> wrote: > I have not added any IP rules or firewalls for the clients. There is > nothing in my system that would restrict an IP. I am sure that the ldap > query is not blocked, because in that case 'ldapsearch' or 'getent passwd' > would not have shown me the ldap users. What is the selinux difference that > I need to check, is there any config files for that? > > The /var/log/secure shows authentication failed for invalid user error > when I try to ssh using the ldap users. There is no other errors in the > logs. > > > On Fri, Nov 1, 2013 at 9:42 PM, Todd Lyons <[email protected]> wrote: > >> Look for selinux differences between the machines. >> >> Make sure that something about your query isn't limiting logins to >> specific IP addresses (and your non-working client is outside of that >> IP address list). >> >> Any errors in /var/log/secure or wherever complaints woudl be getting >> logged? >> >> ...Todd >> >> On Fri, Nov 1, 2013 at 7:00 AM, slacker lnx <[email protected]> >> wrote: >> > Hi >> > >> > I am using LDAP for authenticating users. I have some Fedora 8 servers >> which >> > are setup as ldap clients. When I create users in LDAP it shows up on >> all >> > clients. I can do an 'ldapsearch' or 'getent passwd' and all the clients >> > shows up the ldap users. But on one of the client, I am unable to login >> > (through ssh) using the ldap userids. When I login as root and try to >> switch >> > user I get a message 'user does not exist' (getent passwd and ldapsearch >> > shows the user). On all other clients it works fine. I compared the >> config >> > files in /etc/pam.d/ and /etc/nsswitch.conf but I don't see any >> difference. >> > >> > What else can I check, which other config files do I need to look at? I >> had >> > followed the same steps while configuring all ldap clients. >> > >> > Please help >> > >> > Thanks >> >> >> >> -- >> The total budget at all receivers for solving senders' problems is $0. >> If you want them to accept your mail and manage it the way you want, >> send it the way the spec says to. --John Levine >> > >
