can't get OS to use LDAP for accounts

[Richard Riley]

I fully agree that security is priority, but some times it is so much
quicker to determine if iptables or selinux is the culprit by stopping
them just long enough to test and see if the service now works.  If it
does, then you know quickly where to concentrate your effort.  If
iptables is the culprit, then I would enable logging to help identify
the specifics.

I have found that if I enable logging initially on a busy machine, I may
lose hours searching the log files only to discover that iptables was
not the culprit in the first place.

 

Richard Riley

Linux System Administrator

Ariba, Inc.



________________________________

From: redhat-sysadmin-list-bounces at redhat.com
[mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Sutton,
Harry (MSE)
Sent: Monday, March 03, 2008 4:30 PM
To: redhat-sysadmin-list at redhat.com
Subject: Re: can't get OS to use LDAP for accounts

 

I'm a firm believer that it's never a good idea to shut off security
features to get things working. Significant improvements in the SELinux
administrative and troubleshooting tools make it much easier to get that
working properly without having to disable it.

As for iptables, I think it's a much better idea to enable logging, even
on a temporary basis, to determine which packets are being blocked and
then adding rules to allow them. There's a really good article / short
video in Red Hat Magazine at
http://www.redhatmagazine.com/2007/08/01/video-tip-from-rhces-firewalls/
that explains this really well.

    /Harry Sutton, RHCA
     Hewlett-Packard Company

Richard Riley wrote: 

Try stopping iptables on both machines during the test.
 
Richard Riley
 
  

		-----Original Message-----
		From: redhat-sysadmin-list-bounces at redhat.com
[mailto:redhat-
		sysadmin-list-bounces at redhat.com] On Behalf Of Douglas J
Hunley
		Sent: Monday, March 03, 2008 9:34 AM
		To: redhat-sysadmin-list at redhat.com
		Subject: Re: can't get OS to use LDAP for accounts
		 
		On Monday 03 March 2008 09:10:08 Steven Kalisky wrote:
		      

			Try turning off SELinux and then test.
			        

		SELinux had previously been disabled. That didn't change
anything
		:(
		 
		--
		 
		--
		redhat-sysadmin-list mailing list
		redhat-sysadmin-list at redhat.com
	
https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
		      

 
--
redhat-sysadmin-list mailing list
redhat-sysadmin-list at redhat.com
https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
 
  

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-sysadmin-list/attachments/20080303/a6782a2c/attachment.htm>