Moin, ich habe ein Problem mit der Anmeldung an der ADS. wenn ich den test mit ldapsearch -x -D "cn=Administrator,cn=Users,dc=linux,dc=test" -W "sAMAccountName=del" mache, funktionert die anmeldung tadelos, falls ich allerdings versuche mich mit dem gleichem benutzer an der console anzumelden schlägt dies immer fehl.....ich habe absolu keine ahnung mehr warum....ich habe die AD4Unix tools auf der ADS installiert und mit dem rfc 2307 style versehen. nss_ldap habe ich neukompiliert mit --enable-rfc2307bis und --enable-schema-mapping. ich bekomme immer folgende fehlermeldung: Mar 13 15:32:38 linux login: pam_ldap: ldap_search_s No such object Mar 13 15:32:38 linux login(pam_unix)[1672]: check pass; user unknown Mar 13 15:32:38 linux login(pam_unix)[1672]: authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty5 ruser= rhost= Mar 13 15:32:41 linux login[1672]: FAILED LOGIN 1 FROM /dev/tty5 FOR UNKNOWN, Authentication service cannot retrieve authentication info. meine ldap.conf: # $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $ # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example, dc=com #URI ldap://linux.test #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never host 192.168.0.1 base dc=linux,dc=test ldap_version 3 #binddn gast@linux.test binddn cn=Gast,cn=Users,dc=linux,dc=test bindpw gast port 389 scope sub ssl no pam_filter objectclass=user pam_login_attribute bloedesding pam_password ad nss_base_passwd ou=users,dc=linux,dc=test nss_base_shadow ou=users,dc=linux,dc=test nss_base_group ou=group,dc=linux,dc=test nss_map_objectclass posixAccount User nss_map_attribute uid sAMAccountName nss_map_attribute uniqueMember member nss_map_attribute userPassword msSFUPassword nss_map_attribute homeDirectory msSFUHomeDirectory nss_map_objectclass posixGroup Group nss_map_attribute cn sAMAccountName #nss_map_objectclass shadowAccount User meine nsswitch.conf: # # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # compat Use Libc5 compatibility setup # nisplus Use NIS+ (NIS version 3) # nis Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) for IPv4 only # dns6 Use DNS for IPv4 and IPv6 # files Use the local files # db Use the /var/db databases # [NOTFOUND=return] Stop searching if not found so far # # For more information, please read the nsswitch.conf.5 manual page. # passwd: compat files ldap shadow: compat files ldap group: compat files ldap #passwd: ldap #group: ldap #shadow: ldap hosts: files dns ldap networks: files dns ldap services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files publickey: files bootparams: files automount: files nis aliases: files meine login aus pam.d auth required /lib/security/pam_securetty.so auth required /lib/security/pam_nologin.so auth sufficient /lib/security/pam_ldap.so auth required /lib/security/pam_unix_auth.so try_first_pass account sufficient /lib/security/pam_ldap.so account required /lib/security/pam_unix_acct.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_ldap.so #password required /lib/security/pam_pwdb.so use_first_pass session required /lib/security/pam_unix_session.so #session optional /lib/security/pam_console.so meine passwd aus pam.d #%PAM-1.0 auth sufficient /lib/security/pam_ldap.so auth required /lib/security/pam_unix_auth.so use_first_pass account sufficient /lib/security/pam_ldap.so account required /lib/security/pam_unix_acct.so password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_ldap.so password required /lib/security/pam_pwdb.so try_first_pass ich hoffe mal jemand von euch kann mir weiterhelfen........besten dank Daniel (See attached file: ldap.conf)(See attached file: login)(See attached file: messages)(See attached file: nsswitch.conf)(See attached file: nsswitch.ldap)(See attached file: passwd)(See attached file: warn)
Attachment:
ldap.conf
Description: Binary data
Attachment:
login
Description: Binary data
Attachment:
messages
Description: Binary data
Attachment:
nsswitch.conf
Description: Binary data
Attachment:
nsswitch.ldap
Description: Binary data
Attachment:
passwd
Description: Binary data
Attachment:
warn
Description: Binary data