I'm trying to set centos to authenticate to a server 2003 AD. I run authconfig-gtk and select ldap for "User Information" and "Authentication" and configure it as such
base dn: dc=test,dc=com
ldap server: 192.168.0.1 and no TLS encryption (need to get it running first)
on the options page
Cache user information, use shadow
passwords, password hashing algorithm
md5, local authorization is sufficient
for local users, create home
directories on the first login
But it wont let me ssh into the box with an AD account. Even when i log onto a local account there is a HUGE delay. 1-5 mins.
I keep getting these errors in /var/log/secure but googling them doesn't help.
nss_ldap: Reconnecting to LDAP server (sleeping 4 seconds)
nss_ldap: Reconnecting to LDAP server (sleeping 8 seconds)
I have installed SFU3.5 on the AD and filled out the unix tab for the testing users.
Best Answer
Before beginning, make sure you tail both
/var/log/secure
AND/var/log/messages
; secure will give you errors from pam, but messages will give you errors from ssh (i.e., errors from querying LDAP):So, we have the same setup at work (Using AD server 2003). Since it sounds like you already have pam hitting LDAP (because its failing when you try to login), lets check some values in
/etc/ldap.conf
.First off, set the bind_policy from hard to soft; hard will try connecting repeatedly, exponentially increasing the sleep time between attempts (these are the errors you saw in
/var/log/secure
). Setting it to soft will get rid of your delays when using a local account.Next, verify that you're using the correct settings for connecting (ssl, tls, etc.); you can use
ldapsearch
to test with a bit more verbosity as well. Unfortunately, without more debugging output (what server is setup, what error messages are being returned from the LDAP query, config files), I'm afraid nobody will be able to help much.Hope this helps you get on the right track!
Andrew