Hakuna Matata a ?crit :
> Still no luck....
> i have added the below entry in my ldap.conf file
> base dc=vfds,dc=local
>
>
hum,
does your fds answers to a request of ldapsearch ?
you can try sommething like this from the server and from the client :
without credentials:
ldapsearch -x -h 192.168.5.1 -b "dc=vfds,dc=local" ''
with credentials :
ldapsearch -x -h 192.168.5.1 -b "dc=vfds,dc=local" -D "cn=Directory
Manager '' -W
> --H
>
> On Wed, Jun 17, 2009 at 9:44 PM, Hakuna Matata<narender.hooda at gmail.com> wrote:
>
>>>>>> grep base /etc/ldap.conf
>>>>>>
>> ----------------------------------
>> #scope base
>> # nss_base_XXX base?scope?filter
>> # where scope is {base,one,sub}
>> # nss_base_passwd ou=People,
>> # to append the default base DN but this
>> #nss_base_passwd ou=People,dc=example,dc=com?one
>> #nss_base_shadow ou=People,dc=example,dc=com?one
>> #nss_base_group ou=Group,dc=example,dc=com?one
>> #nss_base_hosts ou=Hosts,dc=example,dc=com?one
>> #nss_base_services ou=Services,dc=example,dc=com?one
>> #nss_base_networks ou=Networks,dc=example,dc=com?one
>> #nss_base_protocols ou=Protocols,dc=example,dc=com?one
>> #nss_base_rpc ou=Rpc,dc=example,dc=com?one
>> #nss_base_ethers ou=Ethers,dc=example,dc=com?one
>> #nss_base_netmasks ou=Networks,dc=example,dc=com?ne
>> #nss_base_bootparams ou=Ethers,dc=example,dc=com?one
>> #nss_base_aliases ou=Aliases,dc=example,dc=com?one
>> #nss_base_netgroup ou=Netgroup,dc=example,dc=com?one
>> #nss_base_passwd ou=aixaccount,?one
>> #nss_base_group ou=aixgroup,?one
>> ---------------------------------------------------------------------------
>>
>> OK, so i was expecting some base which are binding it to FDS.....but did not
>> find here any such thing...which gives an impression that
>> system-config-authentication is not working proberly in CentOS5.3. My
>> assumption may be wrong....
>>
>> so if i put some entry in this like (base dc=vfds,dc=local)...and then boot
>> the client machine... can i expect it workin then.....
>>
>> waiting for the advise....in the mean time i am rebooting the machine....
>>
>> many thanks in advance...
>>
>>
>> --H
>>
>> On Wed, Jun 17, 2009 at 6:15 PM, jean-No?l Chardron
>> <Jean-Noel.Chardron at dr15.cnrs.fr> wrote:
>>
>>> Hakuna Matata a ?crit :
>>>
>>>> Jean
>>>> Thanks for a quick reply.
>>>>
>>>> Client IP address is 192.168.5.4
>>>> yes these files are from client only.
>>>>
>>>>
>>> all files seem correct , (in system-auth the interresting line are with
>>> pam_ldap.so)
>>> So may be, the base to search in the tree are misconfigured in the
>>> /etc/ldap.conf
>>>
>>> you previously show the /etc/ldap.conf :
>>> uri ldap://192.168.5.1 <http://192.168.5.1>
>>> ssl no
>>> tls_cacertdir /etc/openldap/cacerts
>>> pam_password md5
>>>
>>> can you show the ouptut of the command :
>>> grep base /etc/ldap.conf
>>> with only the line that are uncommented , normaly this will show the
>>> distinguished name of the search base.
>>> and this must correspond with the tree in your FDS
>>>
>>>
>>>
>>>
>>>> */etc/pam.d/system-auth *
>>>> ------------------------------------------------
>>>> This file is auto-generated.
>>>> # User changes will be destroyed the next time authconfig is run.
>>>> auth required pam_env.so
>>>> auth sufficient pam_unix.so nullok try_first_pass
>>>> auth requisite pam_succeed_if.so uid >= 500 quiet
>>>> auth sufficient pam_ldap.so use_first_pass
>>>> auth required pam_deny.so
>>>>
>>>> account required pam_unix.so broken_shadow
>>>> account sufficient pam_succeed_if.so uid < 500 quiet
>>>> account [default=bad success=ok user_unknown=ignore] pam_ldap.so
>>>> account required pam_permit.so
>>>>
>>>> password requisite pam_cracklib.so try_first_pass retry=3
>>>> password sufficient pam_unix.so md5 shadow nullok try_first_pass
>>>> use_authtok
>>>> password sufficient pam_ldap.so use_authtok
>>>> password required pam_deny.so
>>>>
>>>> session optional pam_keyinit.so revoke
>>>> session required pam_limits.so
>>>> session optional pam_keyinit.so revoke
>>>> session required pam_limits.so
>>>> session [success=1 default=ignore] pam_succeed_if.so service in crond
>>>> quiet use_uid
>>>> session required pam_unix.so
>>>> session optional pam_ldap.so
>>>> -----------------------------------------------------------------------
>>>>
>>>> and* /etc/pam.d/login *
>>>>
>>>> #%PAM-1.0
>>>> auth [user_unknown=ignore success=ok ignore=ignore default=bad]
>>>> pam_securetty.so
>>>> auth include system-auth
>>>> account required pam_nologin.so
>>>> account include system-auth
>>>> password include system-auth
>>>> # pam_selinux.so close should be the first session rule
>>>> session required pam_selinux.so close
>>>> session include system-auth
>>>> session required pam_loginuid.so
>>>> session optional pam_console.so
>>>> # pam_selinux.so open should only be followed by sessions to be executed
>>>> in the user context
>>>> session required pam_selinux.so open
>>>> session optional pam_keyinit.so force revoke
>>>> ~
>>>> ----------------------------------------------------------------------------------
>>>>
>>>> what is the *uid of the user test01 in the FDS*
>>>>
>>>> uid is t01
>>>>
>>>> and under Posix user
>>>>
>>>> uid numbe =2223 (i manually gave this)
>>>> gid number=2223
>>>> home dire = /home/test
>>>> login shell=/bin/test
>>>>
>>>>
>>>> and then i create a directory with name "test" under /home ...........eg.
>>>> mkdir /home/test
>>>>
>>>>
>>>>
>>>>
>>>> Best Regards
>>>> --H
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Wed, Jun 17, 2009 at 4:33 PM, jean-No?l Chardron
>>>> <Jean-Noel.Chardron at dr15.cnrs.fr <mailto:Jean-Noel.Chardron at dr15.cnrs.fr>>
>>>> wrote:
>>>>
>>>> hi,
>>>>
>>>> ok , I suppose the ip adress of the server is 192.168.5.1 (right ?)
>>>> and you have a client (a centos 5.3) with unknow to us ip address.
>>>>
>>>> I suppose the nsswitch.conf and /etc/ldap.conf below is on the
>>>> client so it is correct
>>>>
>>>> Then can you show the files /etc/pam.d/system-auth and
>>>> /etc/pam.d/login that are on the client please
>>>>
>>>> then can you tell us what is the uid of the user test01 in the FDS
>>>>
>>>>
>>>>
>>>> Hakuna Matata a ?crit :
>>>>
>>>>
>>>> yes, my nsswitch.conf file is as below.
>>>> passwd: files ldap
>>>> shadow: files ldap
>>>> group: files ldap
>>>>
>>>> ethers: files
>>>> netmasks: files
>>>> networks: files
>>>> protocols: files
>>>> rpc: files
>>>> services: files
>>>>
>>>> netgroup: files ldap
>>>>
>>>> publickey: nisplus
>>>>
>>>> automount: files ldap
>>>> aliases: files nisplus
>>>>
>>>>
>>>> and /etc/ldap.conf file contains
>>>> uri ldap://192.168.5.1 <http://192.168.5.1> <http://192.168.5.1>
>>>>
>>>> ssl no
>>>> tls_cacertdir /etc/openldap/cacerts
>>>> pam_password md5
>>>>
>>>>
>>>>
>>>>
>>>> ----i am still not able to authenticate.......
>>>>
>>>>
>>>> -best Regards
>>>> --H
>>>>
>>>> On Wed, Jun 17, 2009 at 12:21 PM, Dmitry Amirov
>>>> <amirov at infinet.ru <mailto:amirov at infinet.ru>
>>>> <mailto:amirov at infinet.ru <mailto:amirov at infinet.ru>>> wrote:
>>>>
>>>> Hello
>>>>
>>>> Is it ldap://ldap.vfds.local correct?
>>>> Please, try this command:
>>>>
>>>> ping ldap.vfds.local
>>>>
>>>> If pinging then try to use command getent to check that
>>>> ldap users are
>>>> present in your system.
>>>> getent passwd
>>>>
>>>> If not pinging, then you need to use FQDN or ip-address,
>>>> like this:
>>>>
>>>> ldap://1.2.3.4 <http://1.2.3.4> <http://1.2.3.4>
>>>> ldap://example.com <http://example.com> <http://example.com>
>>>>
>>>>
>>>>
>>>> Hakuna Matata wrote:
>>>> > Hi,
>>>> >
>>>> > I am new to FDS, i have set this up as per the
>>>> documentation . It is
>>>> > working fine .
>>>> > Now want that linux client (CentOS 5.3) to authenticate
>>>> with FDS.
>>>> >
>>>> > hostname of FDS = ldap.fds.local
>>>> >
>>>> > i create a user test01 and fill the posix information
>>>> >
>>>> > on client machine i am using system-config-authentiation
>>>> > 1. check the LDAP box and filled the details as .
>>>> > LDAP search base dn = dc=vfds,
>>>> dc=local
>>>> > LDAP Server =
>>>> ldap://ldap.vfds.local
>>>> >
>>>> > then i rebooted the machine and trying to login via user
>>>> test01. now
>>>> > it is showing error as username or password incorrect.
>>>> >
>>>> >
>>>> > i would really appreciate if someone can give me some
>>>> pointer or
>>>> help
>>>> > where i am doing wrong.
>>>> >
>>>> > Many Thanks in advance
>>>> > Best regards
>>>> > --H
>>>> >
>>>> > --
>>>> > 389 users mailing list
>>>> > 389-users at redhat.com <mailto:389-users at redhat.com>
>>>> <mailto:389-users at redhat.com <mailto:389-users at redhat.com>>
>>>>
>>>> >
>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>> >
>>>>
>>>> --
>>>> 389 users mailing list
>>>> 389-users at redhat.com <mailto:389-users at redhat.com>
>>>> <mailto:389-users at redhat.com <mailto:389-users at redhat.com>>
>>>>
>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> --
>>>> 389 users mailing list
>>>> 389-users at redhat.com <mailto:389-users at redhat.com>
>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> 389 users mailing list
>>>> 389-users at redhat.com <mailto:389-users at redhat.com>
>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> --
>>>> 389 users mailing list
>>>> 389-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>>>
>>> --
>>> Jean-Noel Chardron
>>>
>>>
>>>
>>> --
>>> 389 users mailing list
>>> 389-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
