Linux OpenLDAP server for LAN authentication

I have a server running openLDAP using bdb. I have the server running fine everything works fine like authenticating users that are in the openldap database...the problem is this only works when I am on the server locally. I have some other machines set up with the same ldap client configuration files and when they login (i.e- with gdm) it will list ALL of the users in the openldap server but  they cant login, only the users that are in the local /etc/passwd file are able to login. I dont get how it can get a list of users from the ldap server but not be able to authenticate them, so its communicating but for some reason the passwd doesnt work? Like I said it works fine on the server though I can login with these users. Here is my relevant client files.... THANKS

"system-auth" file
auth        required
auth        sufficient likeauth nullok
auth        required
account     required
password    required retry=3 minlen=2  dcredit=0  ucredit=0                                                                                
password    sufficient nullok use_authtok md5 shadow
password    required
session     required skel=/etc/skel/ umask=0022
session     required
session     required
session     optional

# of course this is my ldap server ip
# The distinguished name of the search base.
base dc=lab,dc=com
rootbinddn cn=manager,dc=lab,dc=com
# Filter to AND with uid=%s
pam_filter objectclass=posixaccount
# The user ID attribute (defaults to uid)
pam_login_attribute uid
pam_member_attribute gid
pam_password crypt
# RFC2307bis naming contexts
# Syntax:
# nss_base_XXX          base?scope?filter
# where scope is {base,one,sub}
# and filter is a filter to be &'d with the
# default filter.
# You can omit the suffix eg:
# nss_base_passwd       ou=People,
# to append the default base DN but this
# may incur a small performance impact.
nss_base_passwd ou=People,dc=lab,dc=com?one
nss_base_shadow ou=People,dc=lab,dc=com?one
nss_base_group          ou=Group,dc=lab,dc=com?one
ssl off

and then nsswitch .conf

passwd:     files ldap
shadow:     files ldap
group:      files ldap
hosts:     files ldap dns

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


   Is the clinet machine RedHat box?

   Check "/etc/sysconfig/authconfig"
for 2 entries:

   Or use
# authconfig
to config it.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
abatardiAuthor Commented:
They are Mandrake 10 boxes....not sure of any config utils to do that, i just edit manually.

abatardiAuthor Commented:
Well I am still having the same problem after rechecking stuff 100x. The only thing I find weird is on the workstations if I login as anyone else but the admin I can issue a "getent passwd" and it has all the right values, but if I log  in under root "getent passwd" only returns local accounts. BUT on the server all users have the local accounts and the openldap ones. There is no OpenLDAP guru's out there??

Thanks ahead of time!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.