Ya-Fang, Wow, I sympathize with your questions.
If you're new to Linux, don't try to configure LDAP on RHEL (or SLES for that matter). I've been doing it quite a while and it continues to "kick my butt" to this day. :)) But I would guess this is not one of your choices. You said you're configuring to authenticate to your organization's LDAP server - does it do "TLS" (encryption)?. Check with your organization's LDAP administrator. If the answer is no, stop here. As I understand it, when RHEL moved to v6, it will not authenticate unless TLS is active. The next question is whether or not you are using the "authconfig-tui" command for setting up client authentication. I would recommend that you do, but you're not sure exactly what has changed. If so, an important part is that, I believe, you need to copy the LDAP server's certificate to each of the clients. Have you done that? Hope this helps. -Mike MacIsaac On Wed, Nov 5, 2014 at 5:24 PM, Chen, Ya-Fang <yafang-c...@ti.com> wrote: > Hi, > > I'm new to Linux system and just installed a Red Hat 6.6 on system z by > following the cookbook. I tried to configure the Linux system to be a LDAP > client to connect to company's LDAP server for user authentication but am > still having issue when logon on saying "access denied". > > I've configured the below 3 files. > 1). /etc/ldap.conf (point to ldap hosts and base, and have below statement) > > tls_cacertfile /var/ldap/VeriSignRsaSecureServerCA.pem > > 2)./etc/nsswitch.conf > passwd: files ldap > shadow: files ldap > group: files ldap > > 3). /etc/pam.d/system-auth (contains below statement) > auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass > > Do I need to configure /etc/openldap/ldap.conf and/or any other file? > > > Here are the packages I've installed. Not sure if I missed anything? > > [root@slevmdb /]# rpm -qa | grep openldap > openldap-clients-2.4.39-8.el6.s390x > openldap-2.4.39-8.el6.s390x > [root@slevmdb /]# rpm -qa | grep sssd > sssd-client-1.11.6-30.el6.s390x > sssd-common-1.11.6-30.el6.s390x > sssd-proxy-1.11.6-30.el6.s390x > sssd-krb5-common-1.11.6-30.el6.s390x > sssd-common-pac-1.11.6-30.el6.s390x > sssd-ad-1.11.6-30.el6.s390x > sssd-ldap-1.11.6-30.el6.s390x > sssd-1.11.6-30.el6.s390x > python-sssdconfig-1.11.6-30.el6.noarch > sssd-ipa-1.11.6-30.el6.s390x > sssd-krb5-1.11.6-30.el6.s390x > [root@slevmdb /]# rpm -qa | grep pam > pam-1.1.1-20.el6.s390x > pam_passwdqc-1.0.5-6.el6.s390x > pam_krb5-2.3.11-9.el6.s390x > nss-pam-ldapd-0.7.5-18.2.el6_4.s390x > pam_ldap-185-11.el6.s390x > > > thanks for help. > > > Thanks and Regards, > Ya-Fang > > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/