-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a clue,
You generally need to add lines in the /etc/pam.d/ files as well(common, session, password). I don't use RH stuff anymore nor am I a all in 1 IPA type...I put all the pieces together with ldap and radius. The /etc/pam.d/su should have an include that line will have one or all of the 3 files listed above. Once it is configured everything will work. Restarting the server had no bearing on su failure...it's just not setup to do it yet(maybe not LOL). If you can login with a user you know is in your ipaserver and you can ldapsearch -x -h dap://ipaserver.mydomain.com - -b dc=mydomain,dc=com then look at the pam.d stuff. Bryan | Hi all, | | Was wondering if anyone has succesfully been able to get the Redhat | IPA server to work on rhel5. | | I got it working for a while, but then after restarting the IPA- | server, my ipa-client could not connect to the IPA server. | On the IPA-client, the /etc/nsswitch.conf file has the the line | . | . | passwd files ldap | . | . | When i tried switching to an account on the IPA-server using the 'su' | command, i get an 'account does not exist' error on the client. (My | thinking is it cant connect to the ipa-server to fetch the said | account). The log files on the ipa-client says | | Nov 21 15:44:49 mydnssrv su: nss_ldap: failed to bind to LDAP server | ldap://ipaserver.mydomain.com: Can't contact LDAP server | Nov 21 15:44:49 mydnssrv su: nss_ldap: could not search LDAP server - | Server is unavailable | | Please any clue | Regards. | | | - -- A healthy diet includes Linux, Linux and more Linux. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkknBzEACgkQh+MLjl5SKYSjEACgge3fVJ2wqOi8+3esZ1JED2VS EZsAn1p9PGrDST68mJiMqTlADl3/eElg =RyeI -----END PGP SIGNATURE----- --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Linux Users Group. To post a message, send email to [email protected] To unsubscribe, send email to [EMAIL PROTECTED] For more options, visit our group at http://groups.google.com/group/linuxusersgroup -~----------~----~----~----~------~----~------~--~---
