[Fedora-directory-users] Forgive the misunderstandings of a "newb"

Scott Ackerman lists at scott-ackerman.com
Fri Feb 9 17:37:03 UTC 2007 

I am running Fedora Core 5 and have (as far as I can understand) all 
required modules, etc. installed, I have checked the ldap.conf file and 
it is pointing to our LDAP server, I have checked the nsswitch.conf file 
and it appears to be configured correctly. But after having deleted the 
user from the local machine, I now cannot login because of 
authentication failure.
System-config-authenticatin in pam.d contains this:

#%PAM-1.0
auth            include         config-util
account         include         config-util
session         include         config-util


So, back to the drawing board and more searching on the web. It seems as 
if most of these how-to's are geared toward people what have a working 
understanding of how all of this integrates into LDAP. An assumption 
that I wouldn't necessarily make, especially in light of the fact that 
if you come from a Windoze server environment, AD is used which doesn't 
have all of these configuration issues (you just get a whole new set of 
issues).

Keir Whitlock wrote:
> System-config-authentication should have picked this up on newer
> versions of redhat and fedora
>
>  
>  
>  
>  
> _________________________________________ 
> Keir Whitlock
> Unix Systems Administrator
> Unix Operations Team
>
>
> T: +44 (0)870 7748500
> F: +44 (0)870 7748501
> E: keir.whitlock at jobsite.co.uk 
> W: www.jobsite.co.uk 
>
>
> Legally privileged/Confidential Information may be contained in this
> message. If you are not the addressee(s) legally indicated in this
> message (or responsible for delivery of the message to such person), you
> may not copy or deliver this message to anyone. In such case, you should
> destroy this message, and notify us immediately. If you or your employer
> does not consent to Internet e-mail messages of this kind, please advise
> us immediately. Opinions, conclusions and other information expressed in
> this message are not given or endorsed by my firm or employer unless
> otherwise indicated by an authorised representative independent of this
> message. Please note that despite using the latest virus software,
> neither my employer nor I accept any responsibility for viruses and it
> is your responsibility to scan attachments (if any).
>
>
> -----Original Message-----
> From: fedora-directory-users-bounces at redhat.com
> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Nathan
> Kinder
> Sent: 09 February 2007 16:26
> To: General discussion list for the Fedora Directory server project.
> Subject: Re: [Fedora-directory-users] Forgive the misunderstandings of a
> "newb"
>
> Scott Ackerman wrote:
>   
>> Thanks Nathan, but where did I miss that in the how-to?
>>   
>>     
> It appears to be missing from the how-to (some of the how-to's do make 
> reference to nss_ldap being required though).
>   
>> Nathan Kinder wrote:
>>   
>>     
>>> lists at scott-ackerman.com wrote:
>>>     
>>>       
>>>> I thought I was smart until I dove into LDAP. I am the sole
>>>>         
> part-time IT
>   
>>>> Manager for a charter school (240 students, 20 staff, 60 computers)
>>>>         
> and
>   
>>>> am migrating away from a Windows server environment to Linux. The
>>>>         
> only
>   
>>>> services that are being provided by a Windows server now are AD,
>>>>         
> file
>   
>>>> and print sharing services. Since we are turning about 15 of our
>>>>         
> student
>   
>>>> computers into Linux stations, I decided on a "simpler" method of
>>>> managing authentication, login etc. and chose Fedora Directory
>>>>         
> Server
>   
>>>> (after having beat my head against the wall with strictly OpenLDAP
>>>>         
> for a
>   
>>>> month). I have successfully set up FDS and entered all students and
>>>> staff. I have decided not to sync against our AD server because we
>>>>         
> are
>   
>>>> changing the student login method, the old format was locker number
>>>>         
> for
>   
>>>> user name and then a password. I have decided to use the first.last
>>>>         
> name
>   
>>>> for user name and then a password.
>>>>
>>>> I am trying to set up posix authentication and Samba and am having
>>>> difficulties with both, technical on the former and understanding on
>>>>         
> the
>   
>>>> latter. First posix, I have followed the how to on the FDS Wiki, but
>>>> there seems to be some steps missing. I have gotten an authenticated
>>>> student logon, but only after having created an account on the local
>>>> machine with the same UID. I made sure that the password was
>>>>         
> different
>   
>>>> in FDS than when I created the user on the local machine and I am
>>>>         
> able
>   
>>>> to login to using either password which would indicate to me that I
>>>>         
> am
>   
>>>> successfully authenticating to FDS. However I don't particularly
>>>>         
> care to
>   
>>>> have to add 240 students on all 15 computers to make this work, not
>>>>         
> to
>   
>>>> mention all of the "home" directories that will be mounted from the
>>>>         
> NFS
>   
>>>> server. So the questions is, what steps am I missing here?
>>>>   
>>>>       
>>>>         
>>> It sounds like you need to configure nss_ldap.  Assuming you have
>>> nss_ldap installed on your client systems, you should be able to add
>>> "ldap" as a service for looking up users and groups in your
>>> /etc/nsswitch.conf file.
>>>
>>> -NGK
>>>     
>>>       
>>>> Samba. As I understand it, Windows will only authenticate against an
>>>>         
> NT
>   
>>>> or "NT like (aka. Samba)" server, which means as far as I can tell
>>>>         
> that
>   
>>>> either I have Samba sync against FDS or I use pGina on the Windows
>>>>         
> side
>   
>>>> to authenticate directly against LDAP or scrap LDAP all together and
>>>> just use an NIS server (don't think this is a good idea, but it is a
>>>> possiblity). Of course trying to assess the pros and cons of either
>>>>         
> has
>   
>>>> been somewhat difficult at best. Also the FDS Samba how-to doesn't
>>>>         
> cover
>   
>>>> computer management which Samba is going to have to deal with as
>>>>         
> well.
>   
>>>> Before someone replies with a "RTFM", I have read the Install Guide
>>>>         
> as
>   
>>>> well as the Red Hat Directory Server documentation and I am
>>>>         
> currently
>   
>>>> half-way through the book "Understanding and Deploying LDAP
>>>>         
> Directory
>   
>>>> Services", so I have a reasonable understanding of how to get into
>>>> trouble. Of course none of these provide in-depth (nor should they)
>>>> information as to how to integrate with other services. I have spent
>>>>         
> a
>   
>>>> month reading, tinkering etc., and I am not asking anyone else to do
>>>>         
> my
>   
>>>> work for me, but I have seem to hit a wall and need a couple of
>>>> "breadcrumbs" to get me back on the trail. Thank you for your
>>>>         
> patience
>   
>>>> and understanding.
>>>>
>>>>   
>>>>       
>>>>         
> ------------------------------------------------------------------------
>   
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>   
>>>     
>>>       
>>   
>>     
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-- 
Scott B. Ackerman
1212 Baker Street
Fort Collins, Colorado 80524
970-231-9035
scott at scott-ackerman.com


"Every improvement in the standard of work men do is followed swiftly and inevitably by an improvement in the men who do it" - William Morris

More information about the Fedora-directory-users mailing list