Linux OpenLDAP server for LAN authentication

Posted on 2004-11-04
Last Modified: 2013-12-15
I have a server running openLDAP using bdb. I have the server running fine everything works fine like authenticating users that are in the openldap database...the problem is this only works when I am on the server locally. I have some other machines set up with the same ldap client configuration files and when they login (i.e- with gdm) it will list ALL of the users in the openldap server but  they cant login, only the users that are in the local /etc/passwd file are able to login. I dont get how it can get a list of users from the ldap server but not be able to authenticate them, so its communicating but for some reason the passwd doesnt work? Like I said it works fine on the server though I can login with these users. Here is my relevant client files.... THANKS

"system-auth" file
auth        required
auth        sufficient likeauth nullok
auth        required
account     required
password    required retry=3 minlen=2  dcredit=0  ucredit=0                                                                                
password    sufficient nullok use_authtok md5 shadow
password    required
session     required skel=/etc/skel/ umask=0022
session     required
session     required
session     optional

# of course this is my ldap server ip
# The distinguished name of the search base.
base dc=lab,dc=com
rootbinddn cn=manager,dc=lab,dc=com
# Filter to AND with uid=%s
pam_filter objectclass=posixaccount
# The user ID attribute (defaults to uid)
pam_login_attribute uid
pam_member_attribute gid
pam_password crypt
# RFC2307bis naming contexts
# Syntax:
# nss_base_XXX          base?scope?filter
# where scope is {base,one,sub}
# and filter is a filter to be &'d with the
# default filter.
# You can omit the suffix eg:
# nss_base_passwd       ou=People,
# to append the default base DN but this
# may incur a small performance impact.
nss_base_passwd ou=People,dc=lab,dc=com?one
nss_base_shadow ou=People,dc=lab,dc=com?one
nss_base_group          ou=Group,dc=lab,dc=com?one
ssl off

and then nsswitch .conf

passwd:     files ldap
shadow:     files ldap
group:      files ldap
hosts:     files ldap dns

Question by:abatardi
    LVL 38

    Accepted Solution


       Is the clinet machine RedHat box?

       Check "/etc/sysconfig/authconfig"
    for 2 entries:

       Or use
    # authconfig
    to config it.

    LVL 1

    Author Comment

    They are Mandrake 10 boxes....not sure of any config utils to do that, i just edit manually.

    LVL 1

    Author Comment

    Well I am still having the same problem after rechecking stuff 100x. The only thing I find weird is on the workstations if I login as anyone else but the admin I can issue a "getent passwd" and it has all the right values, but if I log  in under root "getent passwd" only returns local accounts. BUT on the server all users have the local accounts and the openldap ones. There is no OpenLDAP guru's out there??

    Thanks ahead of time!

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
    Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
    Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now