Cant authenticate to LDAP domain with Redhat9

shaughto shaughto at ee.ucr.edu
Fri Jul 2 04:07:20 UTC 2004 

Ok, here is so more info, but some background first.

 A few weeks ago some researchers in my department took it upon themselves
to install Redhat 9 over Gentoo.  Well then they asked me to set it up onto
the domain.  Needless to say my boss was a bit upset that they did this, but
on with the story.  Well I managed to get one server to authenticate fairly
easy.  I copied the /etc/ldap.conf, /etc/nsswitch, /etc/pam.d/system-auth,
/etc/ssl/certs/eeca.pem, and /etc/autofs/auto.master.  However it did not
work, but once I copied /etc/ldap.conf to /etc/openldap/ldap.conf it
worked!!!!!
The second computer was not so easy, no matter what I did it would not
authenticate to the ldap domain.  Well I worked on it for two days with no
success, and then the next morning it was working.  WTF is all could think,
but at least it worked (wish I knew what happen though).  I really didn't
modify any extra files on that machine except that I modified the slapd.conf
and got openldap running, which should have nothing to with the client
authentication (please correct me if I am wrong).  Well I was poking in all
of the system files so maybe I did modify one... if only I could remember.

So now to my point about /etc/sysconfig/authconfig.  On these two computers
with redhat9, the authconfig is different on both and they both
authenticate!!! BTW I never ran authconfig or authconfig-gtk on these
machines.

Computer 1 authconfig:
USEHESIOD=no
USELDAP=yes
USENIS=no
USEKERBEROS=no
USELDAPAUTH=yes
USEMD5=yes
USESHADOW=yes
USESMBAUTH=no

Computer 2 authconfig:
USEDB=no
USEHESIOD=no
USELDAP=no
USENIS=no
USEKERBEROS=no
USELDAPAUTH=no
USEMD5=yes
USESHADOW=yes
USESMBAUTH=no

As you can see the authconfig differs in the computers in the ldap sections.
I have tried both variations on the my problematic computer (I'll call it
Computer 3) with no luck.  This confuses me and I'm not sure what is going
on with redhat and openldap.

Can someone please shed some light onto this and rid me of my ignorance on
the subject.
Thanks for your time, and sorry for the long email.

--
Steven

-- Original Message ----- 
From: "shaughto" <shaughto at ee.ucr.edu>
To: "General Red Hat Linux discussion list" <redhat-list at redhat.com>
Sent: Thursday, July 01, 2004 6:23 PM
Subject: Re: Cant authenticate to LDAP domain with Redhat9


> Thanks for the response...
>
> I have tried authconfig and authconfig-gtk, however they did not work.  In
> fact when I tried to log on after using those programs I could not log in
as
> root, nor any users.  I noticed that authconfig modified some of the LDAP
> config files, I believe it was /etc/pam.d/system-auth.  I simply copied
back
> my original config files, which is /etc/ldap.conf, /etc/nsswitch.conf,
> /etc/autofs/auto.master, /etc/ssl/certs/eeca.pem, and
> /etc/pam.d/system-auth.
> With those files back to my setting I can once log on as root.
>
> Hmm, what files does authconfig modify?  Maybe I can modify them by hand
> (through vi).
>
> Thanks again for the response.
>
> ----- Original Message ----- 
> From: "Rigler, Steve" <SRigler at MarathonOil.com>
> To: "General Red Hat Linux discussion list" <redhat-list at redhat.com>
> Sent: Thursday, July 01, 2004 5:36 PM
> Subject: RE: Cant authenticate to LDAP domain with Redhat9
>
>
> Try running "authconfig" and set up your LDAP configuration
> that way.
>
> -Steve
>
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com on behalf of Steven D. Haughton
> Sent: Thu 7/1/2004 5:56 PM
> To: redhat-list at redhat.com
> Subject: Cant authenticate to LDAP domain with Redhat9
>
> Hi,
>
>
> I'm new to ldap and fairly new to linux as well so bare with me.....
>
>
> I've recently installed Red Hat 9 over Gentoo due to some commerical
> software support. My problem is that I can not get Red Hat to
> authenticate to the ldap domain.
> Here is the current ldap software I have installed:
>
> [root at hostname root]# rpm -qa | grep ldap
> openldap-2.0.27-8
> openldap-clients-2.0.27-8
> nss_ldap-202-5
> openldap-devel-2.0.27-8
> openldap-servers-2.0.27-8
> php-ldap-4.2.2-17.2
>
> Here is current openssl:
> [root at hostname root]# rpm -qa | grep openssl
> openssl-0.9.7a-20.2
> openssl-perl-0.9.7a-20.2
> openssl096b-0.9.6b-15
> openssl-devel-0.9.7a-20.2
> openssl096-0.9.6-25.9
>
> I also have autofs installed and running.
> I have copied the exact files for /etc/ldap.conf, /etc/nsswitch.conf,
> /etc/pam.d/system_auth, and /etc/ssl/certs/eeca.pem, and
> /etc/autofs/auto.master
> which work on other linux computers (Mainly Gentoo.... and 2 redhat9
> computers).
> I also copied ldap.conf into /etc/openldap/ldap.conf and copied
> /etc/autofs/auto.master to /etc/auto.master.
>
> So my config files must be correct if they work on other computers...
> Leaving me to believe that there must be extra config files on Redhat
> that I must setup.
> I took out the hostname and domain names in the following test.
>
> Test:
> [root@"hostname" root]# ssh -ltestuser "hostname"
> testuser@"hostname's" password:
> Permission denied, please try again.
>
> Log file:
> sshd(pam_unix)[14275]: check pass; user unknown
> sshd(pam_unix)[14275]: authentication failure; logname= uid=0 euid=0
> tty=NODEVssh ruser= rhost="hostname"."**"."***".edu
> sshd(pam_unix)[14275]: check pass; user unknown
> sshd(pam_unix)[14275]: 1 more authentication failure; logname= uid=0
> euid=0 tty=NODEVssh ruser= rhost="hostname"."**"."***".edu
>
> Any Ideas on how to resolve this issue? Thanks.
>
> Also here is some more info on the problem.
> When I run ldapsearch i get this...
>
> [root at blochEE root]# ldapsearch -x -b "dc=ee,dc=ucr,dc=edu" uid=grad-adm
> version: 2
>
> #
> # filter: uid=grad-adm
> # requesting: ALL
> #
>
> # grad-adm, People, ee, ucr, edu
> dn: uid=grad-adm,ou=People,dc=ee,dc=ucr,dc=edu
> uid: grad-adm
> cn: Graduate Affairs
> sn: Affairs
> mail: grad-adm at ee.ucr.edu <mailto:grad-adm at ee.ucr.edu>
> labeledURI: http://www.ee.ucr.edu/~grad-adm
> <http://www.ee.ucr.edu/%7Egrad-adm>
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> loginShell: /bin/bash
> uidNumber: 30501
> gidNumber: 402
> homeDirectory: /home/eemisc/grad-adm
> gecos: Graduate Affairs
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
> [root at blochEE root]#
>
>
> And when I get this running getent:
> [root at blochEE root]# getent passwd grad-adm
> grad-adm:x:30501:402:Graduate Affairs:/home/eemisc/grad-adm:/bin/bash
> [root at blochEE root]#
>
>  From my understandings it looks like the client can communicate ok with
> the server, so I am at a loss as to why I can not login using users on
> the ldap server?
>
>
> If you need any more info. please let me know and I'll be happy to
> provide it.
> Any responses will be most appreciated.
> Thank you.
>
>
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
>
>
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=subscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
>
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>

More information about the redhat-list mailing list