Re: Authenticating via LDAP to Active Directory

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nigel Wade wrote:
Davis, Jared Scott wrote:
In /var/log/messages:
"sshd: pam_ldap: ldap_simple_bind Can't contact LDAP server"


So PAM can't talk to the LDAP server. Double check the values in
/etc/ldap.conf. ldapsearch uses /etc/openldap/ldap.conf and PAM uses
/etc/ldap.conf so check the sym-link.

just a point: these are not symbolic links. The two files have similar,
but definitley different syntax. So the file you want to check is
/etc/ldap.conf

Monitor the network traffic using wireshark/ethereal to see what is
happening between your client and the LDAP server. Is it setup correctly
to handle LDAPS? Since you mention certs. I presume you are required to
use LDAPS, it makes diagnosing problems harder because all the requests
are encrypted. How is your LDAP server specified in ldap.conf, host/port
or uri?

whether it is LDAPS or LDAP/TLS will depend on the AD version. IIRC, AD
in windows server 2003+ can use TLS these days. Windows 200 used LDAPS.

Regards

Stuart
- --
Stuart Sears RHCA RHCSS PDF ODT DUI
"The PM's claims on this subject are not exactly lies, so much as
fact-free."
http://www.no2id.net/news/pressRelease/release.php?name=Blair_Fact-Free
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFF4AmOamPtx1brPQ4RAqPaAJ0Sa8dN9ZrTdwkR4AYs5P98L/Ar0ACfUvdS
4BCet7uPpvL8ucBxd9SfNb4=
=DADD
-----END PGP SIGNATURE-----

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list