# pam_ldap can not bind /why?



## samanka80 (Aug 30, 2012)

Hi

I have a LDAP server on FreeBSD 9 connecting to an Active Directory server and it can see AD perfectly. I also have krb5 on my LDAP server which seems to be working fine, using kinit. pam_ldap, nss_ldap and pam_krb5 are also installed. 

Now that I want to *su alex*, and alex is in active directory, I have error below:

```
Aug 30 11:06:32 ldap su: pam_ldap: error trying to bind (Invalid credentials)
Aug 30 11:06:32 ldap su: in _openpam_check_error_code(): pam_sm_acct_mgmt(): unexpected return value 11
```

I know that it is because of the first try for binding maybe to LDAP server. I have been looking everywhere for it, I realized that pam_ldap is using the same ldap.conf file, here is my ldap.conf file:

```
host 10.0.5.38   #this is the IP of Active directory server
uri ldap://ldap.seth.local/
base dc=seth,dc=local
binddn cn=ldap,cn=users,dc=seth,dc=local
bindpw *******
scope sub
ssl no
pam_password ad
pam_groupdn             DC=seth,DC=local?sub
pam_member_attribute    uniquemember

nss_base_passwd dc=seth,dc=local?sub
nss_base_shadow dc=seth,dc=local?sub
nss_base_group dc=seth,dc=local?sub
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_objectclass posixGroup group
pam_login_attribute     sAMAccountName
pam_filter              objectclass=User
nss_map_attribute uid sAMAccountName
nss_map_attribute uidNumber msSFU30UidNumber
nss_map_attribute gidNumber msSFU30GidNumber
nss_map_attribute loginShell msSFU30LoginShell
nss_map_attribute gecos name
nss_map_attribute userPassword msSFU30Password
nss_map_attribute homeDirectory msSFU30HomeDirectory
nss_map_attribute uniqueMember msSFU30PosixMember
nss_map_attribute cn cn
```
as pam_ldap is trying to connect to LDAP (I guess) the ip address in host 10.0.5.38 can not work for it (should it?? am I right??). People talk about a file named pam_ldap.conf, I don't have it on my system, on FreeBSD 9. I created one in /etc, it didn't work. 

Can you please give me some detail info about connecting pam_ldap to use LDAP and connect to active directory? I have read every manual I have found but I can not find anything useful. 

Thanks


----------

