[389-users] Help Needed -----Linux Ldap Client machine unable to login Fedors DS
John A. Sullivan III
jsullivan at opensourcedevel.com
Wed Jun 17 19:04:06 UTC 2009
I've not been following this thread very closely but we are using CentOS
5.3 very happily - John
On Wed, 2009-06-17 at 23:55 +0530, Hakuna Matata wrote:
> This is what it is returning....
>
> i guess i have to rebuild the client with CentOS 5.2 (though i have no
> reason but still).....
>
> and really want to give you big thank for helping me ...you are kind......
> will keep posted with the results....
>
> [root at client ~]# ldapsearch -x -h 192.168.5.1 -b "dc=vfds,dc=local"
> -D "cn=Directory Manager" -W
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <dc=vfds,dc=local> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 32 No such object
>
> # numResponses: 1
> [root at client ~]#
>
>
> On Wed, Jun 17, 2009 at 11:25 PM, Jean-Noel
> Chardron<Jean-Noel.Chardron at dr15.cnrs.fr> wrote:
> > Hakuna Matata a écrit :
> >>
> >> Still no luck....
> >> i have added the below entry in my ldap.conf file
> >> base dc=vfds,dc=local
> >>
> >>
> >
> > hum,
> > does your fds answers to a request of ldapsearch ?
> > you can try sommething like this from the server and from the client :
> > without credentials:
> > ldapsearch -x -h 192.168.5.1 -b "dc=vfds,dc=local" ''
> > with credentials :
> > ldapsearch -x -h 192.168.5.1 -b "dc=vfds,dc=local" -D "cn=Directory Manager
> > '' -W
> >>
> >> --H
> >>
> >> On Wed, Jun 17, 2009 at 9:44 PM, Hakuna Matata<narender.hooda at gmail.com>
> >> wrote:
> >>
> >>>>>>>
> >>>>>>> grep base /etc/ldap.conf
> >>>>>>>
> >>>
> >>> ----------------------------------
> >>> #scope base
> >>> # nss_base_XXX base?scope?filter
> >>> # where scope is {base,one,sub}
> >>> # nss_base_passwd ou=People,
> >>> # to append the default base DN but this
> >>> #nss_base_passwd ou=People,dc=example,dc=com?one
> >>> #nss_base_shadow ou=People,dc=example,dc=com?one
> >>> #nss_base_group ou=Group,dc=example,dc=com?one
> >>> #nss_base_hosts ou=Hosts,dc=example,dc=com?one
> >>> #nss_base_services ou=Services,dc=example,dc=com?one
> >>> #nss_base_networks ou=Networks,dc=example,dc=com?one
> >>> #nss_base_protocols ou=Protocols,dc=example,dc=com?one
> >>> #nss_base_rpc ou=Rpc,dc=example,dc=com?one
> >>> #nss_base_ethers ou=Ethers,dc=example,dc=com?one
> >>> #nss_base_netmasks ou=Networks,dc=example,dc=com?ne
> >>> #nss_base_bootparams ou=Ethers,dc=example,dc=com?one
> >>> #nss_base_aliases ou=Aliases,dc=example,dc=com?one
> >>> #nss_base_netgroup ou=Netgroup,dc=example,dc=com?one
> >>> #nss_base_passwd ou=aixaccount,?one
> >>> #nss_base_group ou=aixgroup,?one
> >>>
> >>> ---------------------------------------------------------------------------
> >>>
> >>> OK, so i was expecting some base which are binding it to FDS.....but did
> >>> not
> >>> find here any such thing...which gives an impression that
> >>> system-config-authentication is not working proberly in CentOS5.3. My
> >>> assumption may be wrong....
> >>>
> >>> so if i put some entry in this like (base dc=vfds,dc=local)...and then
> >>> boot
> >>> the client machine... can i expect it workin then.....
> >>>
> >>> waiting for the advise....in the mean time i am rebooting the machine....
> >>>
> >>> many thanks in advance...
> >>>
> >>>
> >>> --H
> >>>
> >>> On Wed, Jun 17, 2009 at 6:15 PM, jean-Noël Chardron
> >>> <Jean-Noel.Chardron at dr15.cnrs.fr> wrote:
> >>>
> >>>>
> >>>> Hakuna Matata a écrit :
> >>>>
> >>>>>
> >>>>> Jean
> >>>>> Thanks for a quick reply.
> >>>>>
> >>>>> Client IP address is 192.168.5.4
> >>>>> yes these files are from client only.
> >>>>>
> >>>>>
> >>>>
> >>>> all files seem correct , (in system-auth the interresting line are with
> >>>> pam_ldap.so)
> >>>> So may be, the base to search in the tree are misconfigured in the
> >>>> /etc/ldap.conf
> >>>>
> >>>> you previously show the /etc/ldap.conf :
> >>>> uri ldap://192.168.5.1 <http://192.168.5.1>
> >>>> ssl no
> >>>> tls_cacertdir /etc/openldap/cacerts
> >>>> pam_password md5
> >>>>
> >>>> can you show the ouptut of the command :
> >>>> grep base /etc/ldap.conf
> >>>> with only the line that are uncommented , normaly this will show the
> >>>> distinguished name of the search base.
> >>>> and this must correspond with the tree in your FDS
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>
> >>>>> */etc/pam.d/system-auth *
> >>>>> ------------------------------------------------
> >>>>> This file is auto-generated.
> >>>>> # User changes will be destroyed the next time authconfig is run.
> >>>>> auth required pam_env.so
> >>>>> auth sufficient pam_unix.so nullok try_first_pass
> >>>>> auth requisite pam_succeed_if.so uid >= 500 quiet
> >>>>> auth sufficient pam_ldap.so use_first_pass
> >>>>> auth required pam_deny.so
> >>>>>
> >>>>> account required pam_unix.so broken_shadow
> >>>>> account sufficient pam_succeed_if.so uid < 500 quiet
> >>>>> account [default=bad success=ok user_unknown=ignore] pam_ldap.so
> >>>>> account required pam_permit.so
> >>>>>
> >>>>> password requisite pam_cracklib.so try_first_pass retry=3
> >>>>> password sufficient pam_unix.so md5 shadow nullok try_first_pass
> >>>>> use_authtok
> >>>>> password sufficient pam_ldap.so use_authtok
> >>>>> password required pam_deny.so
> >>>>>
> >>>>> session optional pam_keyinit.so revoke
> >>>>> session required pam_limits.so
> >>>>> session optional pam_keyinit.so revoke
> >>>>> session required pam_limits.so
> >>>>> session [success=1 default=ignore] pam_succeed_if.so service in
> >>>>> crond
> >>>>> quiet use_uid
> >>>>> session required pam_unix.so
> >>>>> session optional pam_ldap.so
> >>>>> -----------------------------------------------------------------------
> >>>>>
> >>>>> and* /etc/pam.d/login *
> >>>>>
> >>>>> #%PAM-1.0
> >>>>> auth [user_unknown=ignore success=ok ignore=ignore default=bad]
> >>>>> pam_securetty.so
> >>>>> auth include system-auth
> >>>>> account required pam_nologin.so
> >>>>> account include system-auth
> >>>>> password include system-auth
> >>>>> # pam_selinux.so close should be the first session rule
> >>>>> session required pam_selinux.so close
> >>>>> session include system-auth
> >>>>> session required pam_loginuid.so
> >>>>> session optional pam_console.so
> >>>>> # pam_selinux.so open should only be followed by sessions to be
> >>>>> executed
> >>>>> in the user context
> >>>>> session required pam_selinux.so open
> >>>>> session optional pam_keyinit.so force revoke
> >>>>> ~
> >>>>>
> >>>>> ----------------------------------------------------------------------------------
> >>>>>
> >>>>> what is the *uid of the user test01 in the FDS*
> >>>>>
> >>>>> uid is t01
> >>>>>
> >>>>> and under Posix user
> >>>>>
> >>>>> uid numbe =2223 (i manually gave this)
> >>>>> gid number=2223
> >>>>> home dire = /home/test
> >>>>> login shell=/bin/test
> >>>>>
> >>>>>
> >>>>> and then i create a directory with name "test" under /home
> >>>>> ...........eg.
> >>>>> mkdir /home/test
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> Best Regards
> >>>>> --H
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> On Wed, Jun 17, 2009 at 4:33 PM, jean-Noël Chardron
> >>>>> <Jean-Noel.Chardron at dr15.cnrs.fr
> >>>>> <mailto:Jean-Noel.Chardron at dr15.cnrs.fr>>
> >>>>> wrote:
> >>>>>
> >>>>> hi,
> >>>>>
> >>>>> ok , I suppose the ip adress of the server is 192.168.5.1 (right ?)
> >>>>> and you have a client (a centos 5.3) with unknow to us ip address.
> >>>>>
> >>>>> I suppose the nsswitch.conf and /etc/ldap.conf below is on the
> >>>>> client so it is correct
> >>>>>
> >>>>> Then can you show the files /etc/pam.d/system-auth and
> >>>>> /etc/pam.d/login that are on the client please
> >>>>>
> >>>>> then can you tell us what is the uid of the user test01 in the FDS
> >>>>>
> >>>>>
> >>>>>
> >>>>> Hakuna Matata a écrit :
> >>>>>
> >>>>>
> >>>>> yes, my nsswitch.conf file is as below.
> >>>>> passwd: files ldap
> >>>>> shadow: files ldap
> >>>>> group: files ldap
> >>>>>
> >>>>> ethers: files
> >>>>> netmasks: files
> >>>>> networks: files
> >>>>> protocols: files
> >>>>> rpc: files
> >>>>> services: files
> >>>>>
> >>>>> netgroup: files ldap
> >>>>>
> >>>>> publickey: nisplus
> >>>>>
> >>>>> automount: files ldap
> >>>>> aliases: files nisplus
> >>>>>
> >>>>>
> >>>>> and /etc/ldap.conf file contains
> >>>>> uri ldap://192.168.5.1 <http://192.168.5.1> <http://192.168.5.1>
> >>>>>
> >>>>> ssl no
> >>>>> tls_cacertdir /etc/openldap/cacerts
> >>>>> pam_password md5
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> ----i am still not able to authenticate.......
> >>>>>
> >>>>>
> >>>>> -best Regards
> >>>>> --H
> >>>>>
> >>>>> On Wed, Jun 17, 2009 at 12:21 PM, Dmitry Amirov
> >>>>> <amirov at infinet.ru <mailto:amirov at infinet.ru>
> >>>>> <mailto:amirov at infinet.ru <mailto:amirov at infinet.ru>>> wrote:
> >>>>>
> >>>>> Hello
> >>>>>
> >>>>> Is it ldap://ldap.vfds.local correct?
> >>>>> Please, try this command:
> >>>>>
> >>>>> ping ldap.vfds.local
> >>>>>
> >>>>> If pinging then try to use command getent to check that
> >>>>> ldap users are
> >>>>> present in your system.
> >>>>> getent passwd
> >>>>>
> >>>>> If not pinging, then you need to use FQDN or ip-address,
> >>>>> like this:
> >>>>>
> >>>>> ldap://1.2.3.4 <http://1.2.3.4> <http://1.2.3.4>
> >>>>> ldap://example.com <http://example.com> <http://example.com>
> >>>>>
> >>>>>
> >>>>>
> >>>>> Hakuna Matata wrote:
> >>>>> > Hi,
> >>>>> >
> >>>>> > I am new to FDS, i have set this up as per the
> >>>>> documentation . It is
> >>>>> > working fine .
> >>>>> > Now want that linux client (CentOS 5.3) to authenticate
> >>>>> with FDS.
> >>>>> >
> >>>>> > hostname of FDS = ldap.fds.local
> >>>>> >
> >>>>> > i create a user test01 and fill the posix information
> >>>>> >
> >>>>> > on client machine i am using system-config-authentiation
> >>>>> > 1. check the LDAP box and filled the details as .
> >>>>> > LDAP search base dn = dc=vfds,
> >>>>> dc=local
> >>>>> > LDAP Server =
> >>>>> ldap://ldap.vfds.local
> >>>>> >
> >>>>> > then i rebooted the machine and trying to login via user
> >>>>> test01. now
> >>>>> > it is showing error as username or password incorrect.
> >>>>> >
> >>>>> >
> >>>>> > i would really appreciate if someone can give me some
> >>>>> pointer or
> >>>>> help
> >>>>> > where i am doing wrong.
> >>>>> >
> >>>>> > Many Thanks in advance
> >>>>> > Best regards
> >>>>> > --H
> >>>>> >
> >>>>> > --
> >>>>> > 389 users mailing list
> >>>>> > 389-users at redhat.com <mailto:389-users at redhat.com>
> >>>>> <mailto:389-users at redhat.com <mailto:389-users at redhat.com>>
> >>>>>
> >>>>> >
> >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>>> >
> >>>>>
> >>>>> --
> >>>>> 389 users mailing list
> >>>>> 389-users at redhat.com <mailto:389-users at redhat.com>
> >>>>> <mailto:389-users at redhat.com <mailto:389-users at redhat.com>>
> >>>>>
> >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> ------------------------------------------------------------------------
> >>>>>
> >>>>> --
> >>>>> 389 users mailing list
> >>>>> 389-users at redhat.com <mailto:389-users at redhat.com>
> >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> 389 users mailing list
> >>>>> 389-users at redhat.com <mailto:389-users at redhat.com>
> >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>>>
> >>>>>
> >>>>>
> >>>>> ------------------------------------------------------------------------
> >>>>>
> >>>>> --
> >>>>> 389 users mailing list
> >>>>> 389-users at redhat.com
> >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>>>
> >>>>>
> >>>>
> >>>> --
> >>>> Jean-Noel Chardron
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> 389 users mailing list
> >>>> 389-users at redhat.com
> >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>>
> >>>
> >>>
> >>
> >> --
> >> 389 users mailing list
> >> 389-users at redhat.com
> >> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>
> >
> >
> > --
> > 389 users mailing list
> > 389-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com
http://www.spiritualoutreach.com
Making Christianity intelligible to secular society
More information about the Fedora-directory-users
mailing list