My PAM module seems to work right but it fails in authentication. Althought it can't authenticate, the session module works and the software who uses it executes well.

For example, when I login through "gdm" using pam to authenticate against an ldap server
/var/log/auth.log shows
Any ideas?

Hi capibolso-

It's clear that your LDAP server is not being consulted as a source of authentication by PAM. Below is a specimen of what you should be seeing in your logs if PAM is using LDAP:

May 1 08:06:48 ns1 sshd[32592]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=myComputer.f1linux.com user=myUsername
May 1 08:06:48 ns1 sshd[32592]: Accepted password for myUsername from 10.10.10.10 port 60069 ssh2
May 1 08:06:48 ns1 sshd[32592]: pam_unix(sshd:session): session opened for user myUsername
[/CODE]

The following are some HowTo's I bunged on my blog which you may find useful. Please note that the blog entries are geared towards more modern LDAP configurations and work with RHEL/CentOS 6+ . If you're using some ancient setup, you might find issues:

The first link details how to configure LDAP clients for PAM:

http://blog.f1linux.com/2013/04/21/h...oubleshooting/

And the next link details how to unpick LDAP errors. The LDAP queries have to wind through various parts of the system for everything to work correctly. The trick is, knowing at what point things are breaking:

http://blog.f1linux.com/2013/04/25/h...t-ldap-errors/

Hope this helps somebody out. LDAP is a monkey to be sure and it's really not been very well documented, hence my own efforts. LDAP is brilliant, but I can't believe how totally either absent, or just obtuse & unhelpful whatever has been written is.

-Terrence