gdm[7355]: pam_ldap: ldap_simple_bind Can't contact LDAP server

Hi,

I'm having problems trying to authenticate over ldap. I have my server running on port 389, when I try ldapsearch on hosts it works, when I try to connect through ssh with ldap accounts it works, but when I try to login on clients - I can't. /var/log/syslog shows "gdm[7355]: pam_ldap: ldap_simple_bind Can't contact LDAP server". I feel like I've tried everything, but with no results... If anyone could help me, I'd apprecieate it. Here are my conf files:

# /etc/nsswitch.conf

passwd:         files ldap
group:          files ldap
shadow:         files ldap

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

#/etc/pam_ldap.conf

pam_filter !(uidNumber=0)
base dc=dc=xxx,dc=xxx
uri ldap://127.0.0.1/
ldap_version 3
rootbinddn cn=admin,dc=xxx,dc=xxx
pam_password md5

# /etc/libnss-ldap.conf

host 127.0.0.1
base dc=xxx,dc=xxx
uri ldap://127.0.0.1/
ldap_version 3
rootbinddn cn=admin,dc=xxx,dc=xxx

and files from /etc/pam.d
# /etc/pam.d/common-account - authorization settings common to all services

account sufficient pam_ldap.so
account required pam_unix.so try_first_pass


# /etc/pam.d/common-auth - authentication settings common to all services

auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure try_first_pass


# /etc/pam.d/common-password - password-related modules common to all services

password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5 try_first_pass


# /etc/pam.d/common-session - session-related modules common to all services

session required pam_unix.so
session required        pam_mkhomedir.so skel=/etc/skel umask=0022

Those are server files - do I have to change those same files on clients?

Thanks for any help

pj_kejti skrev, on 22-11-2007 14:54:

> I'm having problems trying to authenticate over ldap. I have my server
> running on port 389, when I try ldapsearch on hosts it works, when I try to
> connect through ssh with ldap accounts it works, but when I try to login on
> clients - I can't. /var/log/syslog shows "gdm[7355]: pam_ldap:
> ldap_simple_bind Can't contact LDAP server". I feel like I've tried
> everything, but with no results... If anyone could help me, I'd apprecieate
> it. Here are my conf files:

(...]

You say nothing about your LDAP distro and version or your OS or distro.
Pity, because no-one has any way of relating to them.

Could all be Windows (I couldn't care less, but ...)

I run Red Hat and Fedora and neither have anything like what you report.

> Those are server files - do I have to change those same files on clients?

On my OpenLDAP 2.3.39 and 2.4.6 RHEL5 and FC6 systems, everything is
different to what you report on yours. But basically, the salient
details in the configuration files for both the nss libraries and the
pam libraries have to be the same as for those for slapd. That doesn't
mean *everything* in the pam configuration file also has to be in the
LDAP configuration file, just the relevant bits.

What "bits", for whatever LDAP version you're running you do not report.

--Tonni

--
Tony Earnshaw
Email: tonni at hetnet dot nl

Tony Earnshaw-4 wrote:

You say nothing about your LDAP distro and version or your OS or distro.
Pity, because no-one has any way of relating to them.

You're right, sorry - I'm using OpenLDAP on Debian Etch 4.0

Basically, everything should be ok, but it isn't and I just don't know what to do.

Maybe it's just firewall? :/ I'm kinda new to everything considering linux administration, so it could be anything... I installed the openldap server with libnss-ldap, libpam-ldap, configured it, same on client (just libnss-ldap, libpam-ldap), but I'm not even sure if it was the right thing to do, I couldn't find any good how-to (as I said - I'm new to this, forgive me ;] ).

Is there any information I could give you, that would help solving my problem?

Hello Tony,

As you have already have configured a LDAP server in Fedora Linux O.S. I am sure you would be thenable to help me out.

i had been trying to log on to my LDAP server machine since last month using ssh and direct log on from the console, but nothing succeeds. i had tried with different combinations of of my /etc/ldap.conf file for an example like enabling sasl or tls etc ? but nothing worked successfully in using ssh command or direct log on through the console ??

finger ldapusr

works shows all details, where the ldapusr is a user which has been migrated into ldap server in LDIF format.

well even geeent passwd or geent ldapusr

id ldapusr

all works fine.

all these executes fine, but ssh and direct log on does nt executes successfully.

Now since a few days, my /var/log/message file  is not showing any log of messages when i try logging onto the LDAP server machine from the console or use ssh command, may i know why ?

For your reference i am enclosing the /etc/openldap/slapd.conf, /etc/ldap.conf,  and /var/log/messages files for your reference.

Please tell me why now afresh messages are not getting looged into my /var/log/messages file ???

Kindly give me a solution of each of these problems so that ssh and direct log on to the console is successful.

the output of ssh is as below, fro a user "jmaan":-

[root@authdns icp]# ssh 127.0.0.1 -l jmaan
jmaan@127.0.0.1's password:
Permission denied, please try again.
jmaan@127.0.0.1's password:
Permission denied, please try again.
jmaan@127.0.0.1's password:
Permission denied (publickey,gssapi-with-mic,password).
[root@authdns icp]#


Waiting for you reply, fpr each question asked, assuming this that you have an aprior experince of LDAP server on Linux Fedora O.S same as me.
My O.S is Linux Fedora 7

and the version of openldap is :-

[root@authdns log]# rpm -q openldap
openldap-2.3.34-0.fc7
[root@authdns log]#

Jyotishmaan,
 India

Tony Earnshaw-4 wrote:

pj_kejti skrev, on 22-11-2007 14:54:

> I'm having problems trying to authenticate over ldap. I have my server
> running on port 389, when I try ldapsearch on hosts it works, when I try to
> connect through ssh with ldap accounts it works, but when I try to login on
> clients - I can't. /var/log/syslog shows "gdm[7355]: pam_ldap:
> ldap_simple_bind Can't contact LDAP server". I feel like I've tried
> everything, but with no results... If anyone could help me, I'd apprecieate
> it. Here are my conf files:

(...]

You say nothing about your LDAP distro and version or your OS or distro.
Pity, because no-one has any way of relating to them.

Could all be Windows (I couldn't care less, but ...)

I run Red Hat and Fedora and neither have anything like what you report.

> Those are server files - do I have to change those same files on clients?

On my OpenLDAP 2.3.39 and 2.4.6 RHEL5 and FC6 systems, everything is
different to what you report on yours. But basically, the salient
details in the configuration files for both the nss libraries and the
pam libraries have to be the same as for those for slapd. That doesn't
mean *everything* in the pam configuration file also has to be in the
LDAP configuration file, just the relevant bits.

What "bits", for whatever LDAP version you're running you do not report.

--Tonni

--
Tony Earnshaw
Email: tonni at hetnet dot nl