1. I am unable to get the LDAP bind to work. I can kinit, enter correct password, view tickets with klist. But when I try to log into the server as an AD user, I get the following messages:


    Dec 9 13:11:38 doladtest002 sshd[4020]: nss_ldap: failed to bind to LDAP server ldap://x.x.x.x: Invalid credentials
    Dec 9 13:11:38 doladtest002 sshd[4020]: nss_ldap: failed to bind to LDAP server ldap://SERVER.DOL.LOCAL/: Invalid credentials
    Dec 9 13:11:38 doladtest002 sshd[4020]: nss_ldap: could not search LDAP server - Server is unavailable
    Dec 9 13:11:38 doladtest002 sshd[4020]: Invalid user jrella from x.x.x.x
    Dec 9 13:11:38 doladtest002 sshd[4021]: input_userauth_request: invalid user jrella
    Dec 9 13:11:46 doladtest002 sshd[4020]: nss_ldap: failed to bind to LDAP server ldap://x.x.x.x: Invalid credentials
    Dec 9 13:11:46 doladtest002 sshd[4020]: nss_ldap: failed to bind to LDAP server ldap://DOLDC8ALB001.DOL.LOCAL/: Invalid credentials
    Dec 9 13:11:46 doladtest002 sshd[4020]: nss_ldap: could not search LDAP server - Server is unavailable
    Dec 9 13:11:46 doladtest002 sshd[4020]: pam_unix(sshd:auth): check pass; user unknown
    Dec 9 13:11:46 doladtest002 sshd[4020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x
    Dec 9 13:11:46 doladtest002 sshd[4020]: nss_ldap: failed to bind to LDAP server ldap://x.x.x.x: Invalid credentials
    Dec 9 13:11:46 doladtest002 sshd[4020]: nss_ldap: failed to bind to LDAP server ldap://SERVER.DOL.LOCAL/: Invalid credentials
    Dec 9 13:11:46 doladtest002 sshd[4020]: nss_ldap: could not search LDAP server - Server is unavailable
    Dec 9 13:11:46 doladtest002 sshd[4020]: pam_succeed_if(sshd:auth): error retrieving information about user jrella
    Dec 9 13:11:49 doladtest002 sshd[4020]: Failed password for invalid user jrella from x.x.x.x port 50220 ssh2


    Any help or suggestions are greatly appreciated. I have spent the last 2 days working through multiple configs and HOW-Tos, only to keep coming back to this issue.

    Thanks.
     

Share This Page