System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

PAM authentication does not query LDAP on port 3268

KathyK
Regular Advisor

PAM authentication does not query LDAP on port 3268

Hi all,

we are authenticating users using LDAP. When we have port number (default) 389 set in /etc/ldap.conf doing a #getent passwd
would authenticate all password but when we change the port to 3268 in /etc/ldap.conf to search the global catalog since we have more than one tree; getent passwd will only list the users local to the host.

we are running RedHat Linux ES 5.2.

Any ideas are very wellcome.


Best Regards,
Kathy
6 REPLIES
Ivan Ferreira
Honored Contributor

Re: PAM authentication does not query LDAP on port 3268

What if you run the ldapsearch command to query that port? Do you get any return?

For details and restrictions consult:

http://technet.microsoft.com/en-us/library/cc978012.aspx
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
KathyK
Regular Advisor

Re: PAM authentication does not query LDAP on port 3268

Ivan,

Thank you for your reply.
yes ldapsearch:

dapsearch -x -b "dc=mydomain,dc=ad" -D kkhagani@mydomain.ad -h sadc1 -W -p 3268 "(sAMAccountName=kkhagani)"

works for me and the last few lines of the result is:


# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


it's just when i change the port number to the global number 3268, that it does not work.


thanks again
Kathy
Ivan Ferreira
Honored Contributor

Re: PAM authentication does not query LDAP on port 3268

How did you define your LDAP servers in /etc/ldap.conf and /etc/openldap/ldap.conf.


Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
KathyK
Regular Advisor

Re: PAM authentication does not query LDAP on port 3268

Ivan,

in /etc/openldap/ldap.conf:

HOST ..ad ..ad
BASE dc=,dc=ad
URI ldap://..ad ldap://..ad

and in /etc/ldap.conf:

host ..ad ..ad
base dc=,dc=ad
uri ldap://..ad ldap://..ad


we have two hosts.

thanks
Kathy

KathyK
Regular Advisor

Re: PAM authentication does not query LDAP on port 3268

OK,

my manager figured out what was the problem. in ldap.conf, we just commented out the

#nss_base_passwd ou=-STEC Users,?sub
#nss_base_shadow ou=-STEC Users,?sub

and the port number was not an issue.

thanks again

i'm closing this link.
KathyK
Regular Advisor

Re: PAM authentication does not query LDAP on port 3268

done