[Fedora-directory-users] Probably very stupid problem ....

Craig White craigwhite at azapple.com
Fri Dec 16 13:23:12 UTC 2005 

On Fri, 2005-12-16 at 13:07 +0100, Enrico Valsecchi wrote:
> Hi All,
> 
> I have a problem.
> My Users, stored correctly into Fedora-DS,
> can't login into my Linux System.
> (With OpenLdap did not have this problem)
> I don't understand where is MY error!
> :(
> 
> There are my system settings....
> 
> Many Thanks!
> 
> Bye,
> 
> Enrico
> 
> /etc/pam.d/system-auth
> auth        required      /lib/security/$ISA/pam_env.so
> auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
> auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
> auth        required      /lib/security/$ISA/pam_deny.so
> 
> account     required      /lib/security/$ISA/pam_unix.so broken_shadow
> account     sufficient    /lib/security/$ISA/pam_localuser.so
> account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
> account     [default=bad success=ok 
> user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
> account     required      /lib/security/$ISA/pam_permit.so
> 
> password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
> password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok 
> md5 shadow
> password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
> password    required      /lib/security/$ISA/pam_deny.so
> 
> session     required      /lib/security/$ISA/pam_limits.so
> session     required      /lib/security/$ISA/pam_unix.so
> session     optional      /lib/security/$ISA/pam_ldap.so
> 
> /etc/nsswitch.conf
> passwd:     files ldap
> shadow:     files ldap
> group:      files ldap
> 
> /etc/ldap.conf AND /etc/openldap.conf
> suffix          "dc=chiccomara,dc=org"
----
should have /etc/openldap/ldap.conf with at least...

BASE: dc=chiccomara,dc=org
HOST: 127.0.0.1
----
> 
> uri ldap://centos.chiccomara.org/
> ldap_version 3
> pam_filter objectclass=posixAccount
> pam_login_attribute uid
> pam_member_attribute memberuid
> pam_password ssha
> nss_base_passwd ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org
> nss_base_shadow ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org
> nss_base_group  ou=Groups,ou=Mizar Solutions,dc=chiccomara,dc=org
> # nss_base_hosts  ou=Host,ou=Mizar Solutions,dc=chiccomara,dc=org
> scope one
-----
probably need here...

base: dc=chiccomara,dc=org
host: 127.0.0.1
rootbinddn: cn=Directory Manager #or whatever bind dn you choose
and I am not all knowing on PADL tools but I would have...
nss_base_passwd ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org?one
nss_base_shadow ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org?one
nss_base_group  ou=Groups,ou=Mizar Solutions,dc=chiccomara,dc=org?one

and then /etc/ldap.secret with your rootbinddn password chmod 600

and you should be able to simply test it by doing...

getent passwd
getent group

and get your users/groups listed

Craig

More information about the Fedora-directory-users mailing list