nibowl
asked on
LDAP SSL not working on Fedora 14 (in particular with ssh)
I recently decided to install Fedora 14 to test it out for a bit and have run into a bit of a snag. I cannot seem to get LDAP connecting properly. I have configured /etc/openldap/ldap.conf, /etc/nss_ldap.conf, /etc/nsswitch and /etc/pam.d/system-auth as I have with other systems in the past that all work. I can use getent to get passwd, netgroup, shadow, etc and all return what appear to be valid results. I can su to different LDAP users who are not local but only from root as it does not require authentication. It seems only things that require authentication are failing. Also, when I do an authconfig --test i get a response that I can't seem to find any info about: Inconsistent attr: passwordAlgorithm. Some relevent command output:
[root@host ~]# getent passwd ldapuser
ldapuser:x:12345:123:LDAP User:/home/ldapuser:/bin/b
[root@host ~]# getent shadow ldapuser
ldapuser:*:::::::
The client can verify the user against the LDAP server but not authenticate for some reason.
Mar 11 17:13:36 host sshd[1930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=sshhost.domain user=ldapuser
Mar 11 17:13:38 host sshd[1930]: Failed password for ldapuser from 10.48.140.95 port 53157 ssh2
I am using the same SSL cert as I have used on many other systems that does work (mostly with RHEL5 systems).
[root@host ~]# getent passwd ldapuser
ldapuser:x:12345:123:LDAP User:/home/ldapuser:/bin/b
[root@host ~]# getent shadow ldapuser
ldapuser:*:::::::
The client can verify the user against the LDAP server but not authenticate for some reason.
Mar 11 17:13:36 host sshd[1930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=sshhost.domain user=ldapuser
Mar 11 17:13:38 host sshd[1930]: Failed password for ldapuser from 10.48.140.95 port 53157 ssh2
I am using the same SSL cert as I have used on many other systems that does work (mostly with RHEL5 systems).
ASKER
This explains why, but did not offer much in terms of a solution in getting it to connect, though I now have another direction to look.
ASKER
It looks like some of my issue was tied to the --passalgo=blah that was not assigned in my authconfig statement for the Inconsistent attr: passwordAlgorithm error. Fixing that got rid of that issue. Next was the fact that some of my directives I put in my ldap.conf file before are apparently now located in the pam_ldap.conf file. Looks like they have split the original /etc/ldap.conf into the two files. Once I am able to get back to working on the system I will verify and test this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I was able to track it down over time and test it to be functional, none of which was referenced by any other posters.
http://forum.nginx.org/read.php?30,171166
Did You try checking the logs on the authentication server and fc14