anmeldung an ADS

[dschneider]

Moin,

ich habe ein Problem mit der Anmeldung an der ADS.
wenn ich den test mit ldapsearch -x -D
"cn=Administrator,cn=Users,dc=linux,dc=test" -W "sAMAccountName=del" mache,
funktionert die anmeldung tadelos, falls ich allerdings versuche mich mit
dem gleichem benutzer an der console anzumelden schl�gt dies immer
fehl.....ich habe absolu keine ahnung mehr warum....ich habe die AD4Unix
tools auf der ADS installiert und mit dem rfc 2307 style versehen. nss_ldap
habe ich neukompiliert mit --enable-rfc2307bis und --enable-schema-mapping.
ich bekomme immer folgende fehlermeldung:

Mar 13 15:32:38 linux login: pam_ldap: ldap_search_s No such object
Mar 13 15:32:38 linux login(pam_unix)[1672]: check pass; user unknown
Mar 13 15:32:38 linux login(pam_unix)[1672]: authentication failure;
logname=LOGIN uid=0 euid=0 tty=/dev/tty5 ruser= rhost=
Mar 13 15:32:41 linux login[1672]: FAILED LOGIN 1 FROM /dev/tty5 FOR
UNKNOWN, Authentication service cannot retrieve authentication info.

meine ldap.conf:
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01
kurt Exp $
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE  dc=example, dc=com
#URI   ldap://linux.test
#SIZELIMIT  12
#TIMELIMIT  15
#DEREF      never

host 192.168.0.1
base dc=linux,dc=test
ldap_version 3
#binddn [EMAIL PROTECTED]
binddn cn=Gast,cn=Users,dc=linux,dc=test
bindpw gast
port 389
scope sub
ssl no

pam_filter objectclass=user
pam_login_attribute bloedesding
pam_password ad

nss_base_passwd ou=users,dc=linux,dc=test
nss_base_shadow ou=users,dc=linux,dc=test
nss_base_group ou=group,dc=linux,dc=test

nss_map_objectclass posixAccount User
nss_map_attribute uid sAMAccountName
nss_map_attribute uniqueMember member
nss_map_attribute userPassword msSFUPassword
nss_map_attribute homeDirectory msSFUHomeDirectory
nss_map_objectclass posixGroup Group
nss_map_attribute cn sAMAccountName
#nss_map_objectclass shadowAccount User

meine nsswitch.conf:
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
#       compat                  Use Libc5 compatibility setup
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service) for IPv4 only
#    dns6           Use DNS for IPv4 and IPv6
#       files                   Use the local files
#       db                      Use the /var/db databases
#       [NOTFOUND=return]       Stop searching if not found so far
#
# For more information, please read the nsswitch.conf.5 manual page.
#

passwd: compat files ldap
shadow: compat files ldap
group:  compat files ldap

#passwd: ldap
#group:  ldap
#shadow: ldap

hosts:    files dns ldap
networks:    files dns ldap

services:         files
protocols:        files
rpc:           files
ethers:        files
netmasks:         files
netgroup:       files
publickey:     files

bootparams:     files
automount:      files nis
aliases:        files

meine login aus pam.d
auth       required   /lib/security/pam_securetty.so
auth       required     /lib/security/pam_nologin.so
auth       sufficient /lib/security/pam_ldap.so
auth       required   /lib/security/pam_unix_auth.so try_first_pass
account    sufficient /lib/security/pam_ldap.so
account    required   /lib/security/pam_unix_acct.so
password   required   /lib/security/pam_cracklib.so
password   required   /lib/security/pam_ldap.so
#password   required     /lib/security/pam_pwdb.so use_first_pass
session    required   /lib/security/pam_unix_session.so
#session    optional     /lib/security/pam_console.so

meine passwd aus pam.d
#%PAM-1.0
auth       sufficient     /lib/security/pam_ldap.so
auth       required     /lib/security/pam_unix_auth.so use_first_pass
account    sufficient     /lib/security/pam_ldap.so
account    required     /lib/security/pam_unix_acct.so
password   required /lib/security/pam_cracklib.so retry=3
password   sufficient     /lib/security/pam_ldap.so
password   required     /lib/security/pam_pwdb.so try_first_pass

ich hoffe mal jemand von euch kann mir weiterhelfen........besten dank

Daniel



(See attached file: ldap.conf)(See attached file: login)(See attached file:
messages)(See attached file: nsswitch.conf)(See attached file:
nsswitch.ldap)(See attached file: passwd)(See attached file: warn)

ldap.conf
Description: Binary data

login
Description: Binary data

messages
Description: Binary data

nsswitch.conf
Description: Binary data

nsswitch.ldap
Description: Binary data

passwd
Description: Binary data

warn
Description: Binary data