I realized that I sent this email as html. I'll try it again for those who use text
email viewers.
Is this a text only mail list?
________________________________________
From: fedora-list-bounces(a)redhat.com [mailto:fedora-list-bounces@redhat.com] On Behalf Of
fedora list
Sent: Saturday, October 30, 2004 11:44 PM
To: fedora-list(a)redhat.com
Subject: FC2 authentication with Active Directory
Setup:
FC2 on a workstation will all updates.
2 servers running Winblows server 2003 will all updates.
Problem:
I can't for the life of me figure out why I can't authenticate. I see Kerberos
authenticates successfully, but nss_ldap cannot connect to the LDAP server. I guess it
can't query LDAP to see what my UID is and fails on the uid < 100 for pam_unix.
I modified the PAM files, ldap.conf, and krb5.conf files.
Here are some excerpts from some log files.
Secure:
Oct 28 15:26:42 jparker-dfc2 login[3783]: pam_succeed_if: requirement "uid <
100" not met by user "jparker"
Oct 28 15:27:06 jparker-dfc2 login[30256]: pam_succeed_if: requirement "uid <
100" not met by user "jparker"
Messages:
Oct 28 15:26:41 jparker-dfc2 login(pam_unix)[3783]: authentication failure; logname=LOGIN
uid=0 euid=0 tty=tty1 ruser= rhost= user=jparker
Oct 28 15:26:42 jparker-dfc2 login[3783]: pam_krb5[3783]: authentication succeeds for
'jparker' (jparker(a)KBM1.LOC)
Oct 28 15:26:42 jparker-dfc2 login[3783]: nss_ldap: could not search LDAP server -
Operations error
Oct 28 15:26:42 jparker-dfc2 login[3783]: nss_ldap: could not search LDAP server -
Operations error
Oct 28 15:26:42 jparker-dfc2 login[3783]: pam_ldap: ldap_search_s Operations error
Oct 28 15:26:42 jparker-dfc2 pam_winbind[3783]: user 'jparker' granted acces
Oct 28 15:26:42 jparker-dfc2 login[3783]: nss_ldap: could not search LDAP server -
Operations error
Oct 28 15:26:42 jparker-dfc2 login(pam_unix)[3783]: session opened for user jparker by
LOGIN(uid=0)
Oct 28 15:26:42 jparker-dfc2 login[3783]: Permission denied
I'm looking for any and all suggestions. Short of passwords and such, I'll post
whatever you need.
Show replies by date