 | | | ldap authentication and _ldap._tcp SRV record | ldap authentication and _ldap._tcp SRV record 2006-07-26 - By Rafael Ferreira
Back
Last time I checked pam_ldap was not able to use SRV records. I'm not sure what
is going on there but most likely the SRV record has nothing to do with your
problem.
- raf
Rafael Ferreira
RHCE - Redhat Certified Engineer
Senior Linux Administrator
University of Phoenix Online
rafael.ferreira@(protected)
(602)546 6921
-- --Original Message-- --
From: taroon-list-bounces@(protected) [mailto:taroon-list-bounces@(protected)] On
Behalf Of Thierry Lacoste
Sent: Wednesday, July 26, 2006 6:59 AM
To: taroon-list@(protected)
Subject: ldap authentication and _ldap._tcp SRV record
I have an ES3 server which was a NIS client of an Active Directory
server (though SFU). It's recolv.conf pointed to the AD server.
I installed my own Unix DNS server and I replaced AD with samba/ldap.
Then I configured the ES3 server to use nss_ldap and pam_ldap.
If my DNS server has an entry
_ldap._tcp ? ? ?IN SRV ?01 00 389 ?nonexistent.
I can login to the ES3 server with an ldap account.
Note that the DNS record can even point to a non-existent machine
which is the case here.
If I remove this DNS entry I can only login with local accounts on
the ES3 server. If I try to su to an ldap account I have an 'incorrect
password' error.
My /var/log/messages contains:
Jul 26 13:58:28 bambi su(pam_unix)[4046]: check pass; user unknown
Jul 26 13:58:28 bambi su(pam_unix)[4046]: authentication failure; logname=root
uid=100 euid=0 tty= ruser=admin rhost=
I didn't make the original installation of the server so I'm a bit lost.
Any clue would be much appreciated.
Regards,
Thierry.
--
Taroon-list mailing list
Taroon-list@(protected)
https://www.redhat.com/mailman/listinfo/taroon-list
--
Taroon-list mailing list
Taroon-list@(protected)
https://www.redhat.com/mailman/listinfo/taroon-list
|
|
|