Hi,
I have a Openldap server running on RHEL 7.2. I created one new RHEL 7.2 client and added it on server side and did client side config too.
On server side, I added this new client and I can see this new client on server side with below command
Code:
[root@ldapmaster1 ~]# ldapsearch -Y EXTERNAL -H ldapi:/// -b "dc=pp,dc=qq,dc=rr,dc=ss" "cn=client21"
On client side, here is config
Code:
[root@client21 ~]# authconfig --enableldap --enableldapauth --ldapserver="ldapmaster1-data.pp.qq.rr.ss" --ldapbasedn="dc=pp,dc=qq,dc=rr,dc=ss" --update
[root@client21 ~]#
[root@client21 ~]# cat /etc/openldap/ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
TLS_CACERTDIR /etc/openldap/cacerts
# Turning this off breaks GSSAPI used with krb5 when rdns = false
SASL_NOCANON on
URI ldap://ldapmaster1-data.pp.qq.rr.ss/
BASE dc=pp,dc=qq,dc=rr,dc=ss
[root@client21 ~]#
[root@ia-dav-nms1 ~]# cat /etc/nsswitch.conf | egrep "passwd|shadow|group|sudoers" | grep -v "#"
passwd: files ldap
shadow: files ldap
group: files ldap
netgroup: files ldap
sudoers: ldap
[root@ia-dav-nms1 ~]#
When I try to login with my credential (non-root), it denied password. On LDAP master side I see with tcpdump that client's IP is hitting on server. But password not accepting. Same password is working on other clients.
Please suggest, how it should be fixed, what am I missing?
Thanks