[Fedora-directory-users] Forgive the misunderstandings of a "newb"
Scott Ackerman
lists at scott-ackerman.com
Fri Feb 9 17:37:03 UTC 2007
I am running Fedora Core 5 and have (as far as I can understand) all
required modules, etc. installed, I have checked the ldap.conf file and
it is pointing to our LDAP server, I have checked the nsswitch.conf file
and it appears to be configured correctly. But after having deleted the
user from the local machine, I now cannot login because of
authentication failure.
System-config-authenticatin in pam.d contains this:
#%PAM-1.0
auth include config-util
account include config-util
session include config-util
So, back to the drawing board and more searching on the web. It seems as
if most of these how-to's are geared toward people what have a working
understanding of how all of this integrates into LDAP. An assumption
that I wouldn't necessarily make, especially in light of the fact that
if you come from a Windoze server environment, AD is used which doesn't
have all of these configuration issues (you just get a whole new set of
issues).
Keir Whitlock wrote:
> System-config-authentication should have picked this up on newer
> versions of redhat and fedora
>
>
>
>
>
> _________________________________________
> Keir Whitlock
> Unix Systems Administrator
> Unix Operations Team
>
>
> T: +44 (0)870 7748500
> F: +44 (0)870 7748501
> E: keir.whitlock at jobsite.co.uk
> W: www.jobsite.co.uk
>
>
> Legally privileged/Confidential Information may be contained in this
> message. If you are not the addressee(s) legally indicated in this
> message (or responsible for delivery of the message to such person), you
> may not copy or deliver this message to anyone. In such case, you should
> destroy this message, and notify us immediately. If you or your employer
> does not consent to Internet e-mail messages of this kind, please advise
> us immediately. Opinions, conclusions and other information expressed in
> this message are not given or endorsed by my firm or employer unless
> otherwise indicated by an authorised representative independent of this
> message. Please note that despite using the latest virus software,
> neither my employer nor I accept any responsibility for viruses and it
> is your responsibility to scan attachments (if any).
>
>
> -----Original Message-----
> From: fedora-directory-users-bounces at redhat.com
> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Nathan
> Kinder
> Sent: 09 February 2007 16:26
> To: General discussion list for the Fedora Directory server project.
> Subject: Re: [Fedora-directory-users] Forgive the misunderstandings of a
> "newb"
>
> Scott Ackerman wrote:
>
>> Thanks Nathan, but where did I miss that in the how-to?
>>
>>
> It appears to be missing from the how-to (some of the how-to's do make
> reference to nss_ldap being required though).
>
>> Nathan Kinder wrote:
>>
>>
>>> lists at scott-ackerman.com wrote:
>>>
>>>
>>>> I thought I was smart until I dove into LDAP. I am the sole
>>>>
> part-time IT
>
>>>> Manager for a charter school (240 students, 20 staff, 60 computers)
>>>>
> and
>
>>>> am migrating away from a Windows server environment to Linux. The
>>>>
> only
>
>>>> services that are being provided by a Windows server now are AD,
>>>>
> file
>
>>>> and print sharing services. Since we are turning about 15 of our
>>>>
> student
>
>>>> computers into Linux stations, I decided on a "simpler" method of
>>>> managing authentication, login etc. and chose Fedora Directory
>>>>
> Server
>
>>>> (after having beat my head against the wall with strictly OpenLDAP
>>>>
> for a
>
>>>> month). I have successfully set up FDS and entered all students and
>>>> staff. I have decided not to sync against our AD server because we
>>>>
> are
>
>>>> changing the student login method, the old format was locker number
>>>>
> for
>
>>>> user name and then a password. I have decided to use the first.last
>>>>
> name
>
>>>> for user name and then a password.
>>>>
>>>> I am trying to set up posix authentication and Samba and am having
>>>> difficulties with both, technical on the former and understanding on
>>>>
> the
>
>>>> latter. First posix, I have followed the how to on the FDS Wiki, but
>>>> there seems to be some steps missing. I have gotten an authenticated
>>>> student logon, but only after having created an account on the local
>>>> machine with the same UID. I made sure that the password was
>>>>
> different
>
>>>> in FDS than when I created the user on the local machine and I am
>>>>
> able
>
>>>> to login to using either password which would indicate to me that I
>>>>
> am
>
>>>> successfully authenticating to FDS. However I don't particularly
>>>>
> care to
>
>>>> have to add 240 students on all 15 computers to make this work, not
>>>>
> to
>
>>>> mention all of the "home" directories that will be mounted from the
>>>>
> NFS
>
>>>> server. So the questions is, what steps am I missing here?
>>>>
>>>>
>>>>
>>> It sounds like you need to configure nss_ldap. Assuming you have
>>> nss_ldap installed on your client systems, you should be able to add
>>> "ldap" as a service for looking up users and groups in your
>>> /etc/nsswitch.conf file.
>>>
>>> -NGK
>>>
>>>
>>>> Samba. As I understand it, Windows will only authenticate against an
>>>>
> NT
>
>>>> or "NT like (aka. Samba)" server, which means as far as I can tell
>>>>
> that
>
>>>> either I have Samba sync against FDS or I use pGina on the Windows
>>>>
> side
>
>>>> to authenticate directly against LDAP or scrap LDAP all together and
>>>> just use an NIS server (don't think this is a good idea, but it is a
>>>> possiblity). Of course trying to assess the pros and cons of either
>>>>
> has
>
>>>> been somewhat difficult at best. Also the FDS Samba how-to doesn't
>>>>
> cover
>
>>>> computer management which Samba is going to have to deal with as
>>>>
> well.
>
>>>> Before someone replies with a "RTFM", I have read the Install Guide
>>>>
> as
>
>>>> well as the Red Hat Directory Server documentation and I am
>>>>
> currently
>
>>>> half-way through the book "Understanding and Deploying LDAP
>>>>
> Directory
>
>>>> Services", so I have a reasonable understanding of how to get into
>>>> trouble. Of course none of these provide in-depth (nor should they)
>>>> information as to how to integrate with other services. I have spent
>>>>
> a
>
>>>> month reading, tinkering etc., and I am not asking anyone else to do
>>>>
> my
>
>>>> work for me, but I have seem to hit a wall and need a couple of
>>>> "breadcrumbs" to get me back on the trail. Thank you for your
>>>>
> patience
>
>>>> and understanding.
>>>>
>>>>
>>>>
>>>>
> ------------------------------------------------------------------------
>
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>>>
>>
>>
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
--
Scott B. Ackerman
1212 Baker Street
Fort Collins, Colorado 80524
970-231-9035
scott at scott-ackerman.com
"Every improvement in the standard of work men do is followed swiftly and inevitably by an improvement in the men who do it" - William Morris
More information about the Fedora-directory-users
mailing list