[389-users] Help Needed -----Linux Ldap Client machine unable to login Fedors DS
Hakuna Matata
narender.hooda at gmail.com
Wed Jun 17 17:35:27 UTC 2009
Still no luck....
i have added the below entry in my ldap.conf file
base dc=vfds,dc=local
--H
On Wed, Jun 17, 2009 at 9:44 PM, Hakuna Matata<narender.hooda at gmail.com> wrote:
>>>>>grep base /etc/ldap.conf
> ----------------------------------
> #scope base
> # nss_base_XXX base?scope?filter
> # where scope is {base,one,sub}
> # nss_base_passwd ou=People,
> # to append the default base DN but this
> #nss_base_passwd ou=People,dc=example,dc=com?one
> #nss_base_shadow ou=People,dc=example,dc=com?one
> #nss_base_group ou=Group,dc=example,dc=com?one
> #nss_base_hosts ou=Hosts,dc=example,dc=com?one
> #nss_base_services ou=Services,dc=example,dc=com?one
> #nss_base_networks ou=Networks,dc=example,dc=com?one
> #nss_base_protocols ou=Protocols,dc=example,dc=com?one
> #nss_base_rpc ou=Rpc,dc=example,dc=com?one
> #nss_base_ethers ou=Ethers,dc=example,dc=com?one
> #nss_base_netmasks ou=Networks,dc=example,dc=com?ne
> #nss_base_bootparams ou=Ethers,dc=example,dc=com?one
> #nss_base_aliases ou=Aliases,dc=example,dc=com?one
> #nss_base_netgroup ou=Netgroup,dc=example,dc=com?one
> #nss_base_passwd ou=aixaccount,?one
> #nss_base_group ou=aixgroup,?one
> ---------------------------------------------------------------------------
>
> OK, so i was expecting some base which are binding it to FDS.....but did not
> find here any such thing...which gives an impression that
> system-config-authentication is not working proberly in CentOS5.3. My
> assumption may be wrong....
>
> so if i put some entry in this like (base dc=vfds,dc=local)...and then boot
> the client machine... can i expect it workin then.....
>
> waiting for the advise....in the mean time i am rebooting the machine....
>
> many thanks in advance...
>
>
> --H
>
> On Wed, Jun 17, 2009 at 6:15 PM, jean-Noël Chardron
> <Jean-Noel.Chardron at dr15.cnrs.fr> wrote:
>>
>> Hakuna Matata a écrit :
>>>
>>> Jean
>>> Thanks for a quick reply.
>>>
>>> Client IP address is 192.168.5.4
>>> yes these files are from client only.
>>>
>> all files seem correct , (in system-auth the interresting line are with
>> pam_ldap.so)
>> So may be, the base to search in the tree are misconfigured in the
>> /etc/ldap.conf
>>
>> you previously show the /etc/ldap.conf :
>> uri ldap://192.168.5.1 <http://192.168.5.1>
>> ssl no
>> tls_cacertdir /etc/openldap/cacerts
>> pam_password md5
>>
>> can you show the ouptut of the command :
>> grep base /etc/ldap.conf
>> with only the line that are uncommented , normaly this will show the
>> distinguished name of the search base.
>> and this must correspond with the tree in your FDS
>>
>>
>>
>>>
>>> */etc/pam.d/system-auth *
>>> ------------------------------------------------
>>> This file is auto-generated.
>>> # User changes will be destroyed the next time authconfig is run.
>>> auth required pam_env.so
>>> auth sufficient pam_unix.so nullok try_first_pass
>>> auth requisite pam_succeed_if.so uid >= 500 quiet
>>> auth sufficient pam_ldap.so use_first_pass
>>> auth required pam_deny.so
>>>
>>> account required pam_unix.so broken_shadow
>>> account sufficient pam_succeed_if.so uid < 500 quiet
>>> account [default=bad success=ok user_unknown=ignore] pam_ldap.so
>>> account required pam_permit.so
>>>
>>> password requisite pam_cracklib.so try_first_pass retry=3
>>> password sufficient pam_unix.so md5 shadow nullok try_first_pass
>>> use_authtok
>>> password sufficient pam_ldap.so use_authtok
>>> password required pam_deny.so
>>>
>>> session optional pam_keyinit.so revoke
>>> session required pam_limits.so
>>> session optional pam_keyinit.so revoke
>>> session required pam_limits.so
>>> session [success=1 default=ignore] pam_succeed_if.so service in crond
>>> quiet use_uid
>>> session required pam_unix.so
>>> session optional pam_ldap.so
>>> -----------------------------------------------------------------------
>>>
>>> and* /etc/pam.d/login *
>>>
>>> #%PAM-1.0
>>> auth [user_unknown=ignore success=ok ignore=ignore default=bad]
>>> pam_securetty.so
>>> auth include system-auth
>>> account required pam_nologin.so
>>> account include system-auth
>>> password include system-auth
>>> # pam_selinux.so close should be the first session rule
>>> session required pam_selinux.so close
>>> session include system-auth
>>> session required pam_loginuid.so
>>> session optional pam_console.so
>>> # pam_selinux.so open should only be followed by sessions to be executed
>>> in the user context
>>> session required pam_selinux.so open
>>> session optional pam_keyinit.so force revoke
>>> ~
>>> ----------------------------------------------------------------------------------
>>>
>>> what is the *uid of the user test01 in the FDS*
>>>
>>> uid is t01
>>>
>>> and under Posix user
>>>
>>> uid numbe =2223 (i manually gave this)
>>> gid number=2223
>>> home dire = /home/test
>>> login shell=/bin/test
>>>
>>>
>>> and then i create a directory with name "test" under /home ...........eg.
>>> mkdir /home/test
>>>
>>>
>>>
>>>
>>> Best Regards
>>> --H
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Wed, Jun 17, 2009 at 4:33 PM, jean-Noël Chardron
>>> <Jean-Noel.Chardron at dr15.cnrs.fr <mailto:Jean-Noel.Chardron at dr15.cnrs.fr>>
>>> wrote:
>>>
>>> hi,
>>>
>>> ok , I suppose the ip adress of the server is 192.168.5.1 (right ?)
>>> and you have a client (a centos 5.3) with unknow to us ip address.
>>>
>>> I suppose the nsswitch.conf and /etc/ldap.conf below is on the
>>> client so it is correct
>>>
>>> Then can you show the files /etc/pam.d/system-auth and
>>> /etc/pam.d/login that are on the client please
>>>
>>> then can you tell us what is the uid of the user test01 in the FDS
>>>
>>>
>>>
>>> Hakuna Matata a écrit :
>>>
>>>
>>> yes, my nsswitch.conf file is as below.
>>> passwd: files ldap
>>> shadow: files ldap
>>> group: files ldap
>>>
>>> ethers: files
>>> netmasks: files
>>> networks: files
>>> protocols: files
>>> rpc: files
>>> services: files
>>>
>>> netgroup: files ldap
>>>
>>> publickey: nisplus
>>>
>>> automount: files ldap
>>> aliases: files nisplus
>>>
>>>
>>> and /etc/ldap.conf file contains
>>> uri ldap://192.168.5.1 <http://192.168.5.1> <http://192.168.5.1>
>>>
>>> ssl no
>>> tls_cacertdir /etc/openldap/cacerts
>>> pam_password md5
>>>
>>>
>>>
>>>
>>> ----i am still not able to authenticate.......
>>>
>>>
>>> -best Regards
>>> --H
>>>
>>> On Wed, Jun 17, 2009 at 12:21 PM, Dmitry Amirov
>>> <amirov at infinet.ru <mailto:amirov at infinet.ru>
>>> <mailto:amirov at infinet.ru <mailto:amirov at infinet.ru>>> wrote:
>>>
>>> Hello
>>>
>>> Is it ldap://ldap.vfds.local correct?
>>> Please, try this command:
>>>
>>> ping ldap.vfds.local
>>>
>>> If pinging then try to use command getent to check that
>>> ldap users are
>>> present in your system.
>>> getent passwd
>>>
>>> If not pinging, then you need to use FQDN or ip-address,
>>> like this:
>>>
>>> ldap://1.2.3.4 <http://1.2.3.4> <http://1.2.3.4>
>>> ldap://example.com <http://example.com> <http://example.com>
>>>
>>>
>>>
>>> Hakuna Matata wrote:
>>> > Hi,
>>> >
>>> > I am new to FDS, i have set this up as per the
>>> documentation . It is
>>> > working fine .
>>> > Now want that linux client (CentOS 5.3) to authenticate
>>> with FDS.
>>> >
>>> > hostname of FDS = ldap.fds.local
>>> >
>>> > i create a user test01 and fill the posix information
>>> >
>>> > on client machine i am using system-config-authentiation
>>> > 1. check the LDAP box and filled the details as .
>>> > LDAP search base dn = dc=vfds,
>>> dc=local
>>> > LDAP Server =
>>> ldap://ldap.vfds.local
>>> >
>>> > then i rebooted the machine and trying to login via user
>>> test01. now
>>> > it is showing error as username or password incorrect.
>>> >
>>> >
>>> > i would really appreciate if someone can give me some
>>> pointer or
>>> help
>>> > where i am doing wrong.
>>> >
>>> > Many Thanks in advance
>>> > Best regards
>>> > --H
>>> >
>>> > --
>>> > 389 users mailing list
>>> > 389-users at redhat.com <mailto:389-users at redhat.com>
>>> <mailto:389-users at redhat.com <mailto:389-users at redhat.com>>
>>>
>>> >
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>> >
>>>
>>> --
>>> 389 users mailing list
>>> 389-users at redhat.com <mailto:389-users at redhat.com>
>>> <mailto:389-users at redhat.com <mailto:389-users at redhat.com>>
>>>
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> --
>>> 389 users mailing list
>>> 389-users at redhat.com <mailto:389-users at redhat.com>
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>>>
>>>
>>> --
>>> 389 users mailing list
>>> 389-users at redhat.com <mailto:389-users at redhat.com>
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> --
>>> 389 users mailing list
>>> 389-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>
>>
>> --
>> Jean-Noel Chardron
>>
>>
>>
>> --
>> 389 users mailing list
>> 389-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
More information about the Fedora-directory-users
mailing list