Hi, Thanks for your reply. I'm not even that far. I had this set up over a year ago but the machine it was on is inaccessible to me right now and not sure if it's coming back. I'm having to remake the directory and that's where i'm stuck at. I have an idea of where to go after that it's just making the directory at this point. I want Unix machines, Linux and freebsd, to be able to authenticate users and samba users to be able to authenticate as well. Thanks. Dave. -----Original Message----- From: blind-sysadmins-bounces@lists.hodgsonfamily.org [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of John G. Heim Sent: Sunday, June 14, 2009 9:52 PM To: Blind sysadmins list Subject: Re: [Blind-sysadmins] unix machine and ldap authentication We do ldap authentication at the University of Wisconsin Department of Mathematics. If you have specific questions let me know. But I can give you some tips on troubleshooting: First thing you need to do is make sure you can search the ldap directory from the client machine. What you want to do is do an ldapsearch with debug on and with encryption so you can tell if your client can talk to the ldap server. On my systems I'd do something like this: $ ldapsearch -d1 -x -ZZ uid=jheim You will be able to tell if the client knows which server to talk to and if it can find a certificate, etc. If that works, the next thing to try is finger: $ finger jheim That will tell you if the client machine is configured correctly to identify logins from the ldap database. I can point you to some howtos if you get stuck at this point. If you get past this point and logins still don't work, then you have to look in the system log on the server to see what queries are being sent from the client. And you have to check /var/log/auth.log on the client machine. _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/mailman/listinfo/blind-sysadmins