For LDAP User Logon problems, please refer to the solution !!! -- Linux Enterprise Application-Linux server application information. For details, refer to the following section. Configuration environment:
Server: centos 5.6
Client: fedora 15
Problems:
You can use su user or su-user to log on to the client.
You can also use ldapsearch-x-LLL on the client to find ldap information.
However, you cannot log on through the logon method normally. For example, you can log on directly through the logon interface or SSH.
Server-side LDAP configuration: (unmodified and not posted)
Slapd. conf:
Database bdb
Suffix "dc = mwhdc, dc = com"
Rootdn "cn = Manager, dc = mwhdc, dc = com"
# Cleartext passwords, especially for the rootdn, shocould
# Be avoided. See slappasswd (8) and slapd. conf (5) for details.
# Use of strong authentication encouraged.
# Rootpw 123456
Rootpw {SSHA} Tdh3fwWO0X68E7H8Zwb4N + 9 bjMhNcBuK
Pam. d/system-auth:
# % PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
Auth required pam_env.so
Auth sufficient pam_unix.so nullok try_first_pass
Auth requisite pam_succeed_if.so uid >=500 quiet
# Auth sufficient pam_ldap.so
Auth sufficient pam_ldap.so use_first_pass
Auth required pam_deny.so
LDAP configuration on the client side: (unmodified and not posted)
Openldap/ldap. conf:
URI ldap: // 172.28.11.54/
BASE dc = mwhdc, dc = com
Pam_check_host_attr yes
TLS_CACERTDIR/etc/openldap/cacerts
Pam. d/system-auth:
# % PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
Auth required pam_env.so
Auth sufficient pam_unix.so nullok try_first_pass
Auth requisite pam_succeed_if.so uid >=500 quiet
Auth sufficient pam_ldap.so use_first_pass
# Auth sufficient pam_sss.so use_first_pass
Auth required pam_deny.so
Account required pam_unix.so broken_shadow
Account sufficient pam_succeed_if.so uid <500 quiet
Account [default = bad success = OK user_unknown = ignore] pam_ldap.so
# Account [default = bad success = OK user_unknown = ignore] pam_sss.so
Account required pam_permit.so
Sysconfig/authconfig:
USEMKHOMEDIR = yes
USEPAMACCESS = no
CACHECREDENTIALS = yes
USESSSDAUTH = no
USESHADOW = yes
USEWINBIND = no
PASSWDALGORITHM = yes
FORCELEGACY = no
USEFPRINTD = no
USEHESIOD = no
FORCESMARTCARD = no
USEDB = no
USELDAPAUTH = yes
USELOCAUTHORIZE = yes
USEECRYPTFS = no
USECRACKLIB = yes
USEWINBINDAUTH = no
USESMARTCARD = no
USELDAP = yes
USENIS = no
USEKERBEROS = no
USESYSNETAUTH = yes
USESSSD = no
USEPASSWDQC = no
This is the main configuration. I don't know where the problem is! It's always depressing !!! I have consulted you! Please give me some advice ~~~!!
Thank you ~~~!!!
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
