Operating System - HP-UX
1748185 Members
3906 Online
108759 Solutions
New Discussion

LDAP doesn't work for one user on one machine out of 30 (11vi3)

 
marvin51796
Regular Advisor

LDAP doesn't work for one user on one machine out of 30 (11vi3)

I have a user that can NOT log into a HP-UX 11vi3 box that is setup with LDAP. We have another 30 box's and it works fine. I have checked everything that I know but I am lost as to what to do next. Does anyone have any ideas of what to check or try.

Thanks

 

2 REPLIES 2
Matti_Kurkela
Honored Contributor

Re: LDAP doesn't work for one user on one machine out of 30 (11vi3)

Since you did not tell what you actually had checked, I'm afraid I must start with the basics:

 

Can you ping the LDAP server system?

 

Can you telnet to the appropriate port of the LDAP server system? (typically either 389 or 636, depending on whether SSL/TLS is used or not)

 

If SSL/TLS is used, run "nslookup <LDAP.server.IP.address>". Does it return the expected hostname? This may be required to validate the SSL certificate.

 

 

If you run:

# nsquery passwd <problem username>

# nsquery passwd <problem UID>

do you get the correct results (i.e. the information in LDAP)? If not, do you get wrong information, or no information at all?

 

Also perform the same checks with "nsquery group" and all the relevant group names and GIDs.

 

Does this system contain a local user with the same username or with the same UID?

 

If it does, it might be conflicting with the LDAP entry.

If it is a username-based conflict, it might be possible to just delete the conflicting local user information from /etc/passwd (and from /etc/shadow or /tcb/files/auth/<initial>/<username> if applicable).

If the conflict is with the UID numbers, you need to find out what the local user with the conflicting UID is used for, and then work to reassign one or the other to a different UID.

 

MK
marvin51796
Regular Advisor

Re: LDAP doesn't work for one user on one machine out of 30 (11vi3)

The Problem ended up being that NTP wasnt working on the system and we had to sync it up..