LDAP SSL not working on Fedora 14 (in particular with ssh)
Posted on 2011-03-11
I recently decided to install Fedora 14 to test it out for a bit and have run into a bit of a snag. I cannot seem to get LDAP connecting properly. I have configured /etc/openldap/ldap.conf, /etc/nss_ldap.conf, /etc/nsswitch and /etc/pam.d/system-auth as I have with other systems in the past that all work. I can use getent to get passwd, netgroup, shadow, etc and all return what appear to be valid results. I can su to different LDAP users who are not local but only from root as it does not require authentication. It seems only things that require authentication are failing. Also, when I do an authconfig --test i get a response that I can't seem to find any info about: Inconsistent attr: passwordAlgorithm. Some relevent command output:
[root@host ~]# getent passwd ldapuser
[root@host ~]# getent shadow ldapuser
The client can verify the user against the LDAP server but not authenticate for some reason.
Mar 11 17:13:36 host sshd: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=sshhost.domain user=ldapuser
Mar 11 17:13:38 host sshd: Failed password for ldapuser from 10.48.140.95 port 53157 ssh2
I am using the same SSL cert as I have used on many other systems that does work (mostly with RHEL5 systems).