<div>>>>>grep base /etc/ldap.conf<br></div>
<div>----------------------------------</div>
<div>#scope base<br># nss_base_XXX base?scope?filter<br># where scope is {base,one,sub}<br># nss_base_passwd ou=People,<br># to append the default base DN but this<br>#nss_base_passwd ou=People,dc=example,dc=com?one<br>
#nss_base_shadow ou=People,dc=example,dc=com?one<br>#nss_base_group ou=Group,dc=example,dc=com?one<br>#nss_base_hosts ou=Hosts,dc=example,dc=com?one<br>#nss_base_services ou=Services,dc=example,dc=com?one<br>
#nss_base_networks ou=Networks,dc=example,dc=com?one<br>#nss_base_protocols ou=Protocols,dc=example,dc=com?one<br>#nss_base_rpc ou=Rpc,dc=example,dc=com?one<br>#nss_base_ethers ou=Ethers,dc=example,dc=com?one<br>
#nss_base_netmasks ou=Networks,dc=example,dc=com?ne<br>#nss_base_bootparams ou=Ethers,dc=example,dc=com?one<br>#nss_base_aliases ou=Aliases,dc=example,dc=com?one<br>#nss_base_netgroup ou=Netgroup,dc=example,dc=com?one<br>
#nss_base_passwd ou=aixaccount,?one<br>#nss_base_group ou=aixgroup,?one<br>---------------------------------------------------------------------------</div>
<div> </div>
<div>OK, so i was expecting some base which are binding it to FDS.....but did not find here any such thing...which gives an impression that system-config-authentication is not working proberly in CentOS5.3. My assumption may be wrong....</div>
<div> </div>
<div>so if i put some entry in this like (base dc=vfds,dc=local)...and then boot the client machine... can i expect it workin then.....</div>
<div> </div>
<div>waiting for the advise....in the mean time i am rebooting the machine....</div>
<div> </div>
<div>many thanks in advance...</div>
<div> </div>
<div> </div>
<div>--H<br><br></div>
<div class="gmail_quote">On Wed, Jun 17, 2009 at 6:15 PM, jean-Noël Chardron <span dir="ltr"><<a href="mailto:Jean-Noel.Chardron@dr15.cnrs.fr">Jean-Noel.Chardron@dr15.cnrs.fr</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"><br>Hakuna Matata a écrit :
<div class="im"><br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Jean<br>Thanks for a quick reply.<br><br>Client IP address is 192.168.5.4<br>yes these files are from client only.<br>
<br></blockquote></div>all files seem correct , (in system-auth the interresting line are with pam_ldap.so)<br>So may be, the base to search in the tree are misconfigured in the /etc/ldap.conf<br><br>you previously show the /etc/ldap.conf :
<div class="im"><br>uri ldap://<a href="http://192.168.5.1/" target="_blank">192.168.5.1</a> <<a href="http://192.168.5.1/" target="_blank">http://192.168.5.1</a>><br>ssl no<br>tls_cacertdir /etc/openldap/cacerts<br>
pam_password md5<br><br></div>can you show the ouptut of the command :<br>grep base /etc/ldap.conf<br>with only the line that are uncommented , normaly this will show the distinguished name of the search base.<br>and this must correspond with the tree in your FDS<br>
<br><br><br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"><br>*/etc/pam.d/system-auth *
<div>
<div></div>
<div class="h5"><br>------------------------------------------------<br> This file is auto-generated.<br># User changes will be destroyed the next time authconfig is run.<br>auth required pam_env.so<br>auth sufficient pam_unix.so nullok try_first_pass<br>
auth requisite pam_succeed_if.so uid >= 500 quiet<br>auth sufficient pam_ldap.so use_first_pass<br>auth required pam_deny.so<br><br>account required pam_unix.so broken_shadow<br>
account sufficient pam_succeed_if.so uid < 500 quiet<br>account [default=bad success=ok user_unknown=ignore] pam_ldap.so<br>account required pam_permit.so<br><br>password requisite pam_cracklib.so try_first_pass retry=3<br>
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok<br>password sufficient pam_ldap.so use_authtok<br>password required pam_deny.so<br><br>session optional pam_keyinit.so revoke<br>
session required pam_limits.so<br>session optional pam_keyinit.so revoke<br>session required pam_limits.so<br>session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid<br>
session required pam_unix.so<br>session optional pam_ldap.so<br>-----------------------------------------------------------------------<br><br>and* /etc/pam.d/login *<br><br>#%PAM-1.0<br>auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so<br>
auth include system-auth<br>account required pam_nologin.so<br>account include system-auth<br>password include system-auth<br># pam_selinux.so close should be the first session rule<br>session required pam_selinux.so close<br>
session include system-auth<br>session required pam_loginuid.so<br>session optional pam_console.so<br># pam_selinux.so open should only be followed by sessions to be executed in the user context<br>session required pam_selinux.so open<br>
session optional pam_keyinit.so force revoke<br>~ ----------------------------------------------------------------------------------<br><br> what is the *uid of the user test01 in the FDS*<br>
<br>uid is t01<br><br>and under Posix user<br><br>uid numbe =2223 (i manually gave this)<br>gid number=2223<br>home dire = /home/test<br>login shell=/bin/test<br><br><br>and then i create a directory with name "test" under /home ...........eg. mkdir /home/test<br>
<br><br><br><br>Best Regards<br>--H<br><br><br><br><br><br><br></div></div>
<div>
<div></div>
<div class="h5">On Wed, Jun 17, 2009 at 4:33 PM, jean-Noël Chardron <<a href="mailto:Jean-Noel.Chardron@dr15.cnrs.fr" target="_blank">Jean-Noel.Chardron@dr15.cnrs.fr</a> <mailto:<a href="mailto:Jean-Noel.Chardron@dr15.cnrs.fr" target="_blank">Jean-Noel.Chardron@dr15.cnrs.fr</a>>> wrote:<br>
<br> hi,<br><br> ok , I suppose the ip adress of the server is 192.168.5.1 (right ?)<br> and you have a client (a centos 5.3) with unknow to us ip address.<br><br> I suppose the nsswitch.conf and /etc/ldap.conf below is on the<br>
client so it is correct<br><br> Then can you show the files /etc/pam.d/system-auth and<br> /etc/pam.d/login that are on the client please<br><br> then can you tell us what is the uid of the user test01 in the FDS<br>
<br><br><br> Hakuna Matata a écrit :<br><br><br> yes, my nsswitch.conf file is as below.<br> passwd: files ldap<br> shadow: files ldap<br> group: files ldap<br><br> ethers: files<br>
netmasks: files<br> networks: files<br> protocols: files<br> rpc: files<br> services: files<br><br> netgroup: files ldap<br><br> publickey: nisplus<br><br> automount: files ldap<br>
aliases: files nisplus<br><br><br> and /etc/ldap.conf file contains<br></div></div> uri ldap://<a href="http://192.168.5.1/" target="_blank">192.168.5.1</a> <<a href="http://192.168.5.1/" target="_blank">http://192.168.5.1</a>> <<a href="http://192.168.5.1/" target="_blank">http://192.168.5.1</a>>
<div class="im"><br><br> ssl no<br> tls_cacertdir /etc/openldap/cacerts<br> pam_password md5<br><br><br><br><br> ----i am still not able to authenticate.......<br><br><br> -best Regards<br> --H<br>
<br> On Wed, Jun 17, 2009 at 12:21 PM, Dmitry Amirov<br> <<a href="mailto:amirov@infinet.ru" target="_blank">amirov@infinet.ru</a> <mailto:<a href="mailto:amirov@infinet.ru" target="_blank">amirov@infinet.ru</a>><br>
</div>
<div class="im"> <mailto:<a href="mailto:amirov@infinet.ru" target="_blank">amirov@infinet.ru</a> <mailto:<a href="mailto:amirov@infinet.ru" target="_blank">amirov@infinet.ru</a>>>> wrote:<br><br> Hello<br>
<br> Is it ldap://ldap.vfds.local correct?<br> Please, try this command:<br><br> ping ldap.vfds.local<br><br> If pinging then try to use command getent to check that<br> ldap users are<br>
present in your system.<br> getent passwd<br><br> If not pinging, then you need to use FQDN or ip-address,<br> like this:<br><br></div> ldap://<a href="http://1.2.3.4/" target="_blank">1.2.3.4</a> <<a href="http://1.2.3.4/" target="_blank">http://1.2.3.4</a>> <<a href="http://1.2.3.4/" target="_blank">http://1.2.3.4</a>><br>
ldap://<a href="http://example.com/" target="_blank">example.com</a> <<a href="http://example.com/" target="_blank">http://example.com</a>> <<a href="http://example.com/" target="_blank">http://example.com</a>>
<div>
<div></div>
<div class="h5"><br><br><br><br> Hakuna Matata wrote:<br> > Hi,<br> ><br> > I am new to FDS, i have set this up as per the<br> documentation . It is<br> > working fine .<br>
> Now want that linux client (CentOS 5.3) to authenticate<br> with FDS.<br> ><br> > hostname of FDS = ldap.fds.local<br> ><br> > i create a user test01 and fill the posix information<br>
><br> > on client machine i am using system-config-authentiation<br> > 1. check the LDAP box and filled the details as .<br> > LDAP search base dn = dc=vfds,<br>
dc=local<br> > LDAP Server = ldap://ldap.vfds.local<br> ><br> > then i rebooted the machine and trying to login via user<br> test01. now<br>
> it is showing error as username or password incorrect.<br> ><br> ><br> > i would really appreciate if someone can give me some<br> pointer or<br> help<br> > where i am doing wrong.<br>
><br> > Many Thanks in advance<br> > Best regards<br> > --H<br> ><br> > --<br> > 389 users mailing list<br> > <a href="mailto:389-users@redhat.com" target="_blank">389-users@redhat.com</a> <mailto:<a href="mailto:389-users@redhat.com" target="_blank">389-users@redhat.com</a>><br>
</div></div> <mailto:<a href="mailto:389-users@redhat.com" target="_blank">389-users@redhat.com</a> <mailto:<a href="mailto:389-users@redhat.com" target="_blank">389-users@redhat.com</a>>>
<div class="im"><br><br> ><br> <a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br> ><br>
<br> --<br> 389 users mailing list<br> <a href="mailto:389-users@redhat.com" target="_blank">389-users@redhat.com</a> <mailto:<a href="mailto:389-users@redhat.com" target="_blank">389-users@redhat.com</a>><br>
</div> <mailto:<a href="mailto:389-users@redhat.com" target="_blank">389-users@redhat.com</a> <mailto:<a href="mailto:389-users@redhat.com" target="_blank">389-users@redhat.com</a>>>
<div class="im"><br><br> <a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br><br><br> ------------------------------------------------------------------------<br>
<br> --<br> 389 users mailing list<br> <a href="mailto:389-users@redhat.com" target="_blank">389-users@redhat.com</a> <mailto:<a href="mailto:389-users@redhat.com" target="_blank">389-users@redhat.com</a>><br>
<a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br> <br><br><br><br> --<br> 389 users mailing list<br>
<a href="mailto:389-users@redhat.com" target="_blank">389-users@redhat.com</a> <mailto:<a href="mailto:389-users@redhat.com" target="_blank">389-users@redhat.com</a>><br> <a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br>
<br><br>------------------------------------------------------------------------<br><br>--<br>389 users mailing list<br><a href="mailto:389-users@redhat.com" target="_blank">389-users@redhat.com</a><br><a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br>
<br></div></blockquote><font color="#888888"><br><br>-- <br>Jean-Noel Chardron</font>
<div>
<div></div>
<div class="h5"><br><br><br><br>--<br>389 users mailing list<br><a href="mailto:389-users@redhat.com" target="_blank">389-users@redhat.com</a><br><a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br>
</div></div></blockquote></div><br>