Jean
Thanks for a quick reply.

Client IP address is 192.168.5.4
yes these files are from client only.


/etc/pam.d/system-auth
------------------------------------------------
 This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_ldap.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    sufficient    pam_ldap.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_ldap.so
-----------------------------------------------------------------------

and /etc/pam.d/login 

#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    include      system-auth
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open
session    optional     pam_keyinit.so force revoke
~                                                  
----------------------------------------------------------------------------------

 what is the uid of the user test01 in the FDS

uid is t01

and under Posix user

uid numbe  =2223                                (i manually gave this)
gid number=2223
home dire = /home/test
login shell=/bin/test


and then i create a directory with name "test" under /home ...........eg. mkdir /home/test




Best Regards
--H






On Wed, Jun 17, 2009 at 4:33 PM, jean-Noël Chardron <Jean-Noel.Chardron@dr15.cnrs.fr> wrote:
hi,

ok , I suppose the ip adress of the server is  192.168.5.1 (right ?)
and you have a client (a centos 5.3)  with unknow to us  ip address.

I suppose the nsswitch.conf and /etc/ldap.conf below is on the client so it is correct

Then can you show the files /etc/pam.d/system-auth and /etc/pam.d/login  that are on the client please

then can you tell us  what is the uid of the user test01 in the FDS



Hakuna Matata a écrit :

yes, my nsswitch.conf file is as below.
passwd:     files ldap
shadow:     files ldap
group:      files ldap

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   files ldap

publickey:  nisplus

automount:  files ldap
aliases:    files nisplus


and /etc/ldap.conf file contains
uri ldap://192.168.5.1 <http://192.168.5.1>

ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5




----i am still not able to authenticate.......


-best Regards
--H

On Wed, Jun 17, 2009 at 12:21 PM, Dmitry Amirov <amirov@infinet.ru <mailto:amirov@infinet.ru>> wrote:

   Hello

   Is it ldap://ldap.vfds.local correct?
   Please, try this command:

   ping ldap.vfds.local

   If pinging then try to use command getent to check that ldap users are
   present in your system.
   getent passwd

   If not pinging, then you need to use FQDN or ip-address, like this:

   ldap://1.2.3.4 <http://1.2.3.4>
   ldap://example.com <http://example.com>



   Hakuna Matata wrote:
   > Hi,
   >
   > I am new to FDS, i have set this up as per the documentation . It is
   > working fine .
   > Now want that linux client (CentOS 5.3) to authenticate with FDS.
   >
   > hostname of FDS = ldap.fds.local
   >
   > i create a user test01 and fill the posix information
   >
   > on client machine i am using system-config-authentiation
   > 1. check the LDAP box and filled the details as .
   > LDAP search base dn =                          dc=vfds, dc=local
   > LDAP Server =                                               ldap://ldap.vfds.local
   >
   > then i rebooted the machine and trying to login via user test01. now
   > it is showing error as username or password incorrect.
   >
   >
   > i would really appreciate if someone can give me some pointer or
   help
   > where i am doing wrong.
   >
   > Many Thanks in advance
   > Best regards
   > --H
   >
   > --
   > 389 users mailing list
   > 389-users@redhat.com <mailto:389-users@redhat.com>

   > https://www.redhat.com/mailman/listinfo/fedora-directory-users
   >

   --
   389 users mailing list
   389-users@redhat.com <mailto:389-users@redhat.com>

   https://www.redhat.com/mailman/listinfo/fedora-directory-users


------------------------------------------------------------------------

--
389 users mailing list
389-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 



--
389 users mailing list
389-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users