05-01-2013 11:47 AM
I have a user that can NOT log into a HP-UX 11vi3 box that is setup with LDAP. We have another 30 box's and it works fine. I have checked everything that I know but I am lost as to what to do next. Does anyone have any ideas of what to check or try.
05-02-2013 01:04 AM
Since you did not tell what you actually had checked, I'm afraid I must start with the basics:
Can you ping the LDAP server system?
Can you telnet to the appropriate port of the LDAP server system? (typically either 389 or 636, depending on whether SSL/TLS is used or not)
If SSL/TLS is used, run "nslookup <LDAP.server.IP.address>". Does it return the expected hostname? This may be required to validate the SSL certificate.
If you run:
# nsquery passwd <problem username> # nsquery passwd <problem UID>
do you get the correct results (i.e. the information in LDAP)? If not, do you get wrong information, or no information at all?
Also perform the same checks with "nsquery group" and all the relevant group names and GIDs.
Does this system contain a local user with the same username or with the same UID?
If it does, it might be conflicting with the LDAP entry.
If it is a username-based conflict, it might be possible to just delete the conflicting local user information from /etc/passwd (and from /etc/shadow or /tcb/files/auth/<initial>/<username> if applicable).
If the conflict is with the UID numbers, you need to find out what the local user with the conflicting UID is used for, and then work to reassign one or the other to a different UID.