Linux Authentication Failing

Hi All,

I have problem in linux authentication. I have set up my
linux box to authenticate against a LDAP server. Here is the scenario:

I use openLDAP with BDB as my LDAP server.

My nsswitch.conf has the format of "files ldap" for passwd, group and
shadow.

I have few users in the LDAP server and few users in the passwd file.


When the slapd process is started, the authentication against LDAP
server works fine. But if I shutdown the slapd process and try to
login, the authentication for the users in the password file fails.
When the slapd process is started up everybody can login i.e. the
users in the LDAP database as well as users in the passwd file.

My understanding of the whole process was the authentication mechanism
first looks into the password file and then into the ldap server for
user existence. So logically speaking the users in the passwd file
should be able to log in whether the slapd process is started up or
not.

I am completely lost here and any help is totally appreciated.

Thanks in advance.

Ajit

avarahala@hotmail.com (Ajit Varahala) wrote in message news:<6d8aa700.0404070955.5cae3a34@posting.google. com>...
> Hi All,
>
> I have problem in linux authentication. I have set up my
> linux box to authenticate against a LDAP server. Here is the scenario:
>
> I use openLDAP with BDB as my LDAP server.
>
> My nsswitch.conf has the format of "files ldap" for passwd, group and
> shadow.
>
> I have few users in the LDAP server and few users in the passwd file.
>
>
> When the slapd process is started, the authentication against LDAP
> server works fine. But if I shutdown the slapd process and try to
> login, the authentication for the users in the password file fails.
> When the slapd process is started up everybody can login i.e. the
> users in the LDAP database as well as users in the passwd file.
>
> My understanding of the whole process was the authentication mechanism
> first looks into the password file and then into the ldap server for
> user existence. So logically speaking the users in the passwd file
> should be able to log in whether the slapd process is started up or
> not.
>
> I am completely lost here and any help is totally appreciated.
>
> Thanks in advance.
>
> Ajit

If the passwd file is on the local machine then yes if slapd is
running or not you should be able to login. If you shutdown and
restart slapd try running getent passwd from the command line on a
client and see if it returns the ldap passwd file. To make sure add a
user on the server and load the entry into the ldap databse then you
can see if that user is returned from the client. I am using the same
authentication method but have all the users on the ldap server not on
the client it self and I have only had problems due to my firewall set
up so I am really not sure why this is. Good luck.