Looking over your files, I see quite a few problems:

1) You need to configure nss_ldap.conf as well as pam_ldap.conf.

2) The lines in nsswitch.conf should really be "files ldap" not "ldap
files", i.e. local data takes precedence.

3) You need to tell pam.d/login to use the same password for pam_unix that
it tried to use for pam_ldap:
  auth    sufficient     pam_ldap.so
  auth    required       pam_unix.so nullok try_first_pass

4) In pam_ldap.conf, it's best not to bind as anyone. pam_ldap will
attempt to bind with the given password and that will be the test. You'll
need to use
  pam_password exop
if you still want to change user passwords with this setup.

If you are still having problems, watch what happens with a packet
sniffer.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to