[389-users] Help Needed -----Linux Ldap Client machine unable to login Fedors DS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Still no luck....
i have added the below entry in my ldap.conf file
base dc=vfds,dc=local


--H

On Wed, Jun 17, 2009 at 9:44 PM, Hakuna Matata<narender.hooda at gmail.com> wrote:
>>>>>grep base /etc/ldap.conf
> ----------------------------------
> #scope base
> # nss_base_XXX????????? base?scope?filter
> # where scope is {base,one,sub}
> # nss_base_passwd?????? ou=People,
> # to append the default base DN but this
> #nss_base_passwd??????? ou=People,dc=example,dc=com?one
> #nss_base_shadow??????? ou=People,dc=example,dc=com?one
> #nss_base_group???????? ou=Group,dc=example,dc=com?one
> #nss_base_hosts???????? ou=Hosts,dc=example,dc=com?one
> #nss_base_services????? ou=Services,dc=example,dc=com?one
> #nss_base_networks????? ou=Networks,dc=example,dc=com?one
> #nss_base_protocols???? ou=Protocols,dc=example,dc=com?one
> #nss_base_rpc?????????? ou=Rpc,dc=example,dc=com?one
> #nss_base_ethers??????? ou=Ethers,dc=example,dc=com?one
> #nss_base_netmasks????? ou=Networks,dc=example,dc=com?ne
> #nss_base_bootparams??? ou=Ethers,dc=example,dc=com?one
> #nss_base_aliases?????? ou=Aliases,dc=example,dc=com?one
> #nss_base_netgroup????? ou=Netgroup,dc=example,dc=com?one
> #nss_base_passwd ou=aixaccount,?one
> #nss_base_group ou=aixgroup,?one
> ---------------------------------------------------------------------------
>
> OK, so i was expecting some base which are binding it to FDS.....but did not
> find here any such thing...which gives an impression that
> system-config-authentication is not working proberly in CentOS5.3. My
> assumption may be wrong....
>
> so if i put some entry in this like (base dc=vfds,dc=local)...and then boot
> the client machine... can i expect it workin then.....
>
> waiting for the advise....in the mean time i am rebooting the machine....
>
> many thanks in advance...
>
>
> --H
>
> On Wed, Jun 17, 2009 at 6:15 PM, jean-No?l Chardron
> <Jean-Noel.Chardron at dr15.cnrs.fr> wrote:
>>
>> Hakuna Matata a ?crit :
>>>
>>> Jean
>>> Thanks for a quick reply.
>>>
>>> Client IP address is 192.168.5.4
>>> yes these files are from client only.
>>>
>> all files seem correct , (in system-auth the interresting line are with
>> pam_ldap.so)
>> So may be, the base to search in the tree are misconfigured in the
>> /etc/ldap.conf
>>
>> you previously show the /etc/ldap.conf :
>> uri ldap://192.168.5.1 <http://192.168.5.1>
>> ssl no
>> tls_cacertdir /etc/openldap/cacerts
>> pam_password md5
>>
>> can you show the ouptut of the command :
>> grep base /etc/ldap.conf
>> with only the line that are uncommented , normaly this will show the
>> distinguished name of the search base.
>> and this must correspond with the tree in your FDS
>>
>>
>>
>>>
>>> */etc/pam.d/system-auth *
>>> ------------------------------------------------
>>> ?This file is auto-generated.
>>> # User changes will be destroyed the next time authconfig is run.
>>> auth ? ? ? ?required ? ? ?pam_env.so
>>> auth ? ? ? ?sufficient ? ?pam_unix.so nullok try_first_pass
>>> auth ? ? ? ?requisite ? ? pam_succeed_if.so uid >= 500 quiet
>>> auth ? ? ? ?sufficient ? ?pam_ldap.so use_first_pass
>>> auth ? ? ? ?required ? ? ?pam_deny.so
>>>
>>> account ? ? required ? ? ?pam_unix.so broken_shadow
>>> account ? ? sufficient ? ?pam_succeed_if.so uid < 500 quiet
>>> account ? ? [default=bad success=ok user_unknown=ignore] pam_ldap.so
>>> account ? ? required ? ? ?pam_permit.so
>>>
>>> password ? ?requisite ? ? pam_cracklib.so try_first_pass retry=3
>>> password ? ?sufficient ? ?pam_unix.so md5 shadow nullok try_first_pass
>>> use_authtok
>>> password ? ?sufficient ? ?pam_ldap.so use_authtok
>>> password ? ?required ? ? ?pam_deny.so
>>>
>>> session ? ? optional ? ? ?pam_keyinit.so revoke
>>> session ? ? required ? ? ?pam_limits.so
>>> session ? ? optional ? ? ?pam_keyinit.so revoke
>>> session ? ? required ? ? ?pam_limits.so
>>> session ? ? [success=1 default=ignore] pam_succeed_if.so service in crond
>>> quiet use_uid
>>> session ? ? required ? ? ?pam_unix.so
>>> session ? ? optional ? ? ?pam_ldap.so
>>> -----------------------------------------------------------------------
>>>
>>> and* /etc/pam.d/login ?*
>>>
>>> #%PAM-1.0
>>> auth [user_unknown=ignore success=ok ignore=ignore default=bad]
>>> pam_securetty.so
>>> auth ? ? ? include ? ? ?system-auth
>>> account ? ?required ? ? pam_nologin.so
>>> account ? ?include ? ? ?system-auth
>>> password ? include ? ? ?system-auth
>>> # pam_selinux.so close should be the first session rule
>>> session ? ?required ? ? pam_selinux.so close
>>> session ? ?include ? ? ?system-auth
>>> session ? ?required ? ? pam_loginuid.so
>>> session ? ?optional ? ? pam_console.so
>>> # pam_selinux.so open should only be followed by sessions to be executed
>>> in the user context
>>> session ? ?required ? ? pam_selinux.so open
>>> session ? ?optional ? ? pam_keyinit.so force revoke
>>> ~
>>> ?----------------------------------------------------------------------------------
>>>
>>> ?what is the *uid of the user test01 in the FDS*
>>>
>>> uid is t01
>>>
>>> and under Posix user
>>>
>>> uid numbe ?=2223 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?(i manually gave this)
>>> gid number=2223
>>> home dire = /home/test
>>> login shell=/bin/test
>>>
>>>
>>> and then i create a directory with name "test" under /home ...........eg.
>>> mkdir /home/test
>>>
>>>
>>>
>>>
>>> Best Regards
>>> --H
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Wed, Jun 17, 2009 at 4:33 PM, jean-No?l Chardron
>>> <Jean-Noel.Chardron at dr15.cnrs.fr <mailto:Jean-Noel.Chardron at dr15.cnrs.fr>>
>>> wrote:
>>>
>>> ? ?hi,
>>>
>>> ? ?ok , I suppose the ip adress of the server is ?192.168.5.1 (right ?)
>>> ? ?and you have a client (a centos 5.3) ?with unknow to us ?ip address.
>>>
>>> ? ?I suppose the nsswitch.conf and /etc/ldap.conf below is on the
>>> ? ?client so it is correct
>>>
>>> ? ?Then can you show the files /etc/pam.d/system-auth and
>>> ? ?/etc/pam.d/login ?that are on the client please
>>>
>>> ? ?then can you tell us ?what is the uid of the user test01 in the FDS
>>>
>>>
>>>
>>> ? ?Hakuna Matata a ?crit :
>>>
>>>
>>> ? ? ? ?yes, my nsswitch.conf file is as below.
>>> ? ? ? ?passwd: ? ? files ldap
>>> ? ? ? ?shadow: ? ? files ldap
>>> ? ? ? ?group: ? ? ?files ldap
>>>
>>> ? ? ? ?ethers: ? ? files
>>> ? ? ? ?netmasks: ? files
>>> ? ? ? ?networks: ? files
>>> ? ? ? ?protocols: ?files
>>> ? ? ? ?rpc: ? ? ? ?files
>>> ? ? ? ?services: ? files
>>>
>>> ? ? ? ?netgroup: ? files ldap
>>>
>>> ? ? ? ?publickey: ?nisplus
>>>
>>> ? ? ? ?automount: ?files ldap
>>> ? ? ? ?aliases: ? ?files nisplus
>>>
>>>
>>> ? ? ? ?and /etc/ldap.conf file contains
>>> ? ? ? ?uri ldap://192.168.5.1 <http://192.168.5.1> <http://192.168.5.1>
>>>
>>> ? ? ? ?ssl no
>>> ? ? ? ?tls_cacertdir /etc/openldap/cacerts
>>> ? ? ? ?pam_password md5
>>>
>>>
>>>
>>>
>>> ? ? ? ?----i am still not able to authenticate.......
>>>
>>>
>>> ? ? ? ?-best Regards
>>> ? ? ? ?--H
>>>
>>> ? ? ? ?On Wed, Jun 17, 2009 at 12:21 PM, Dmitry Amirov
>>> ? ? ? ?<amirov at infinet.ru <mailto:amirov at infinet.ru>
>>> ? ? ? ?<mailto:amirov at infinet.ru <mailto:amirov at infinet.ru>>> wrote:
>>>
>>> ? ? ? ? ? Hello
>>>
>>> ? ? ? ? ? Is it ldap://ldap.vfds.local correct?
>>> ? ? ? ? ? Please, try this command:
>>>
>>> ? ? ? ? ? ping ldap.vfds.local
>>>
>>> ? ? ? ? ? If pinging then try to use command getent to check that
>>> ? ? ? ?ldap users are
>>> ? ? ? ? ? present in your system.
>>> ? ? ? ? ? getent passwd
>>>
>>> ? ? ? ? ? If not pinging, then you need to use FQDN or ip-address,
>>> ? ? ? ?like this:
>>>
>>> ? ? ? ? ? ldap://1.2.3.4 <http://1.2.3.4> <http://1.2.3.4>
>>> ? ? ? ? ? ldap://example.com <http://example.com> <http://example.com>
>>>
>>>
>>>
>>> ? ? ? ? ? Hakuna Matata wrote:
>>> ? ? ? ? ? > Hi,
>>> ? ? ? ? ? >
>>> ? ? ? ? ? > I am new to FDS, i have set this up as per the
>>> ? ? ? ?documentation . It is
>>> ? ? ? ? ? > working fine .
>>> ? ? ? ? ? > Now want that linux client (CentOS 5.3) to authenticate
>>> ? ? ? ?with FDS.
>>> ? ? ? ? ? >
>>> ? ? ? ? ? > hostname of FDS = ldap.fds.local
>>> ? ? ? ? ? >
>>> ? ? ? ? ? > i create a user test01 and fill the posix information
>>> ? ? ? ? ? >
>>> ? ? ? ? ? > on client machine i am using system-config-authentiation
>>> ? ? ? ? ? > 1. check the LDAP box and filled the details as .
>>> ? ? ? ? ? > LDAP search base dn = ? ? ? ? ? ? ? ? ? ? ? ? ?dc=vfds,
>>> ? ? ? ?dc=local
>>> ? ? ? ? ? > LDAP Server =
>>> ? ? ?ldap://ldap.vfds.local
>>> ? ? ? ? ? >
>>> ? ? ? ? ? > then i rebooted the machine and trying to login via user
>>> ? ? ? ?test01. now
>>> ? ? ? ? ? > it is showing error as username or password incorrect.
>>> ? ? ? ? ? >
>>> ? ? ? ? ? >
>>> ? ? ? ? ? > i would really appreciate if someone can give me some
>>> ? ? ? ?pointer or
>>> ? ? ? ? ? help
>>> ? ? ? ? ? > where i am doing wrong.
>>> ? ? ? ? ? >
>>> ? ? ? ? ? > Many Thanks in advance
>>> ? ? ? ? ? > Best regards
>>> ? ? ? ? ? > --H
>>> ? ? ? ? ? >
>>> ? ? ? ? ? > --
>>> ? ? ? ? ? > 389 users mailing list
>>> ? ? ? ? ? > 389-users at redhat.com <mailto:389-users at redhat.com>
>>> ? ? ? ?<mailto:389-users at redhat.com <mailto:389-users at redhat.com>>
>>>
>>> ? ? ? ? ? >
>>> ? ? ? ?https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>> ? ? ? ? ? >
>>>
>>> ? ? ? ? ? --
>>> ? ? ? ? ? 389 users mailing list
>>> ? ? ? ? ? 389-users at redhat.com <mailto:389-users at redhat.com>
>>> ? ? ? ?<mailto:389-users at redhat.com <mailto:389-users at redhat.com>>
>>>
>>> ? ? ? ? ? https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>>>
>>> ?------------------------------------------------------------------------
>>>
>>> ? ? ? ?--
>>> ? ? ? ?389 users mailing list
>>> ? ? ? ?389-users at redhat.com <mailto:389-users at redhat.com>
>>> ? ? ? ?https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>>>
>>>
>>> ? ?--
>>> ? ?389 users mailing list
>>> ? ?389-users at redhat.com <mailto:389-users at redhat.com>
>>> ? ?https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> --
>>> 389 users mailing list
>>> 389-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>
>>
>> --
>> Jean-Noel Chardron
>>
>>
>>
>> --
>> 389 users mailing list
>> 389-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux