Problem with solaris & FDS authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

==
well, I decided to turn off the nscd completely, while I'm testing.
==
GT: Pls run nscd, without it LDAP name service may not work, after running nscd, check if "id testdba" shows the expected result, you may add "debug" keyword to all lines in /etc/pam.conf to observe all possible /var/adm/messages for "sshd" processing.
 
GT: You also need to zero into FDS access and errors log files for useful clues, show us some of the access log details if possible.
 
===
I  have them in the ldap.client.file but the default profile looks like this:

# default, profile, composers.foo.com
dn: cn=default,ou=profile,dc=composers,dc=foo,dc=com
defaultSearchBase: dc=composers,dc=foo,dc=com
authenticationMethod: simple
followReferrals: TRUE
bindTimeLimit: 2
profileTTL: 43200
searchTimeLimit: 30
objectClass: top
objectClass: DUAConfigProfile
defaultServerList: 149.85.70.17
credentialLevel: proxy
cn: default
defaultSearchScope: one

Am I missing anything?  I don't have serviceSearchDescriptor but I think it should chain
ou=People+defaultSearchBase, right?
===
GT: Use Fedord Management Console to add the three SSDs into the "default" profile, just right click and edit its properties, add/edit attributes, the bindTimeLimit of 2 seconds is too low, you may want to up it to 10 seconds.
 
serviceSearchDescriptor: passwd: ou=People,dc=composers,dc=foo,dc=com?one
serviceSearchDescriptor: group: ou=group,dc=composers,dc=foo,dc=com?one
serviceSearchDescriptor: shadow: ou=People,dc=composers,dc=foo,dc=com?one
bindTimeLimit: 10
 
GT: Make sure on top of DNS, you have 149.85.70.17 and LDAP Server hostname in `hostname`.`domainname` format in /etc/hosts, there should be an "hosts: files dns" in /etc/nsswitch.conf, it should not be "hosts: ldap"

===
debug1: Next authentication method: publickey
debug1: Trying private key: /.ssh/identity
debug1: Trying private key: /.ssh/id_rsa
debug1: Trying private key: /.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
LDAP Password:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Password:

And notice it's asking me for a separate ldap password.  What's up with that?
===
GT: IIRC "Password:" is the prompting of pam_unix_xxxx.so.1 auth module
"LDAP Password:" is the prompting of pam_ldap.so.1 auth module, when first pass failed, 2nd pass continued.

 
 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 6006 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20050901/9a1e9cff/attachment.bin
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux