This is what it is returning....
i guess i have to rebuild the client with CentOS 5.2 (though i have no
reason but still).....
and really want to give you big thank for helping me ...you are kind......
will keep posted with the results....
[root at client ~]# ldapsearch -x -h 192.168.5.1 -b "dc=vfds,dc=local"
-D "cn=Directory Manager" -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=vfds,dc=local> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
[root at client ~]#
On Wed, Jun 17, 2009 at 11:25 PM, Jean-Noel
Chardron<Jean-Noel.Chardron at dr15.cnrs.fr> wrote:
> Hakuna Matata a ?crit :
>>
>> Still no luck....
>> i have added the below entry in my ldap.conf file
>> base dc=vfds,dc=local
>>
>>
>
> hum,
> does your fds answers to a request of ldapsearch ?
> you can try sommething like this from the server and from the client :
> without credentials:
> ldapsearch -x -h ?192.168.5.1 -b "dc=vfds,dc=local" ''
> with credentials :
> ldapsearch -x -h ?192.168.5.1 -b "dc=vfds,dc=local" -D "cn=Directory Manager
> ?'' ?-W
>>
>> --H
>>
>> On Wed, Jun 17, 2009 at 9:44 PM, Hakuna Matata<narender.hooda at gmail.com>
>> wrote:
>>
>>>>>>>
>>>>>>> grep base /etc/ldap.conf
>>>>>>>
>>>
>>> ----------------------------------
>>> #scope base
>>> # nss_base_XXX ? ? ? ? ?base?scope?filter
>>> # where scope is {base,one,sub}
>>> # nss_base_passwd ? ? ? ou=People,
>>> # to append the default base DN but this
>>> #nss_base_passwd ? ? ? ?ou=People,dc=example,dc=com?one
>>> #nss_base_shadow ? ? ? ?ou=People,dc=example,dc=com?one
>>> #nss_base_group ? ? ? ? ou=Group,dc=example,dc=com?one
>>> #nss_base_hosts ? ? ? ? ou=Hosts,dc=example,dc=com?one
>>> #nss_base_services ? ? ?ou=Services,dc=example,dc=com?one
>>> #nss_base_networks ? ? ?ou=Networks,dc=example,dc=com?one
>>> #nss_base_protocols ? ? ou=Protocols,dc=example,dc=com?one
>>> #nss_base_rpc ? ? ? ? ? ou=Rpc,dc=example,dc=com?one
>>> #nss_base_ethers ? ? ? ?ou=Ethers,dc=example,dc=com?one
>>> #nss_base_netmasks ? ? ?ou=Networks,dc=example,dc=com?ne
>>> #nss_base_bootparams ? ?ou=Ethers,dc=example,dc=com?one
>>> #nss_base_aliases ? ? ? ou=Aliases,dc=example,dc=com?one
>>> #nss_base_netgroup ? ? ?ou=Netgroup,dc=example,dc=com?one
>>> #nss_base_passwd ou=aixaccount,?one
>>> #nss_base_group ou=aixgroup,?one
>>>
>>> ---------------------------------------------------------------------------
>>>
>>> OK, so i was expecting some base which are binding it to FDS.....but did
>>> not
>>> find here any such thing...which gives an impression that
>>> system-config-authentication is not working proberly in CentOS5.3. My
>>> assumption may be wrong....
>>>
>>> so if i put some entry in this like (base dc=vfds,dc=local)...and then
>>> boot
>>> the client machine... can i expect it workin then.....
>>>
>>> waiting for the advise....in the mean time i am rebooting the machine....
>>>
>>> many thanks in advance...
>>>
>>>
>>> --H
>>>
>>> On Wed, Jun 17, 2009 at 6:15 PM, jean-No?l Chardron
>>> <Jean-Noel.Chardron at dr15.cnrs.fr> wrote:
>>>
>>>>
>>>> Hakuna Matata a ?crit :
>>>>
>>>>>
>>>>> Jean
>>>>> Thanks for a quick reply.
>>>>>
>>>>> Client IP address is 192.168.5.4
>>>>> yes these files are from client only.
>>>>>
>>>>>
>>>>
>>>> all files seem correct , (in system-auth the interresting line are with
>>>> pam_ldap.so)
>>>> So may be, the base to search in the tree are misconfigured in the
>>>> /etc/ldap.conf
>>>>
>>>> you previously show the /etc/ldap.conf :
>>>> uri ldap://192.168.5.1 <http://192.168.5.1>
>>>> ssl no
>>>> tls_cacertdir /etc/openldap/cacerts
>>>> pam_password md5
>>>>
>>>> can you show the ouptut of the command :
>>>> grep base /etc/ldap.conf
>>>> with only the line that are uncommented , normaly this will show the
>>>> distinguished name of the search base.
>>>> and this must correspond with the tree in your FDS
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>> */etc/pam.d/system-auth *
>>>>> ------------------------------------------------
>>>>> ?This file is auto-generated.
>>>>> # User changes will be destroyed the next time authconfig is run.
>>>>> auth ? ? ? ?required ? ? ?pam_env.so
>>>>> auth ? ? ? ?sufficient ? ?pam_unix.so nullok try_first_pass
>>>>> auth ? ? ? ?requisite ? ? pam_succeed_if.so uid >= 500 quiet
>>>>> auth ? ? ? ?sufficient ? ?pam_ldap.so use_first_pass
>>>>> auth ? ? ? ?required ? ? ?pam_deny.so
>>>>>
>>>>> account ? ? required ? ? ?pam_unix.so broken_shadow
>>>>> account ? ? sufficient ? ?pam_succeed_if.so uid < 500 quiet
>>>>> account ? ? [default=bad success=ok user_unknown=ignore] pam_ldap.so
>>>>> account ? ? required ? ? ?pam_permit.so
>>>>>
>>>>> password ? ?requisite ? ? pam_cracklib.so try_first_pass retry=3
>>>>> password ? ?sufficient ? ?pam_unix.so md5 shadow nullok try_first_pass
>>>>> use_authtok
>>>>> password ? ?sufficient ? ?pam_ldap.so use_authtok
>>>>> password ? ?required ? ? ?pam_deny.so
>>>>>
>>>>> session ? ? optional ? ? ?pam_keyinit.so revoke
>>>>> session ? ? required ? ? ?pam_limits.so
>>>>> session ? ? optional ? ? ?pam_keyinit.so revoke
>>>>> session ? ? required ? ? ?pam_limits.so
>>>>> session ? ? [success=1 default=ignore] pam_succeed_if.so service in
>>>>> crond
>>>>> quiet use_uid
>>>>> session ? ? required ? ? ?pam_unix.so
>>>>> session ? ? optional ? ? ?pam_ldap.so
>>>>> -----------------------------------------------------------------------
>>>>>
>>>>> and* /etc/pam.d/login ?*
>>>>>
>>>>> #%PAM-1.0
>>>>> auth [user_unknown=ignore success=ok ignore=ignore default=bad]
>>>>> pam_securetty.so
>>>>> auth ? ? ? include ? ? ?system-auth
>>>>> account ? ?required ? ? pam_nologin.so
>>>>> account ? ?include ? ? ?system-auth
>>>>> password ? include ? ? ?system-auth
>>>>> # pam_selinux.so close should be the first session rule
>>>>> session ? ?required ? ? pam_selinux.so close
>>>>> session ? ?include ? ? ?system-auth
>>>>> session ? ?required ? ? pam_loginuid.so
>>>>> session ? ?optional ? ? pam_console.so
>>>>> # pam_selinux.so open should only be followed by sessions to be
>>>>> executed
>>>>> in the user context
>>>>> session ? ?required ? ? pam_selinux.so open
>>>>> session ? ?optional ? ? pam_keyinit.so force revoke
>>>>> ~
>>>>>
>>>>> ?----------------------------------------------------------------------------------
>>>>>
>>>>> ?what is the *uid of the user test01 in the FDS*
>>>>>
>>>>> uid is t01
>>>>>
>>>>> and under Posix user
>>>>>
>>>>> uid numbe ?=2223 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?(i manually gave this)
>>>>> gid number=2223
>>>>> home dire = /home/test
>>>>> login shell=/bin/test
>>>>>
>>>>>
>>>>> and then i create a directory with name "test" under /home
>>>>> ...........eg.
>>>>> mkdir /home/test
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Best Regards
>>>>> --H
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Jun 17, 2009 at 4:33 PM, jean-No?l Chardron
>>>>> <Jean-Noel.Chardron at dr15.cnrs.fr
>>>>> <mailto:Jean-Noel.Chardron at dr15.cnrs.fr>>
>>>>> wrote:
>>>>>
>>>>> ? hi,
>>>>>
>>>>> ? ok , I suppose the ip adress of the server is ?192.168.5.1 (right ?)
>>>>> ? and you have a client (a centos 5.3) ?with unknow to us ?ip address.
>>>>>
>>>>> ? I suppose the nsswitch.conf and /etc/ldap.conf below is on the
>>>>> ? client so it is correct
>>>>>
>>>>> ? Then can you show the files /etc/pam.d/system-auth and
>>>>> ? /etc/pam.d/login ?that are on the client please
>>>>>
>>>>> ? then can you tell us ?what is the uid of the user test01 in the FDS
>>>>>
>>>>>
>>>>>
>>>>> ? Hakuna Matata a ?crit :
>>>>>
>>>>>
>>>>> ? ? ? yes, my nsswitch.conf file is as below.
>>>>> ? ? ? passwd: ? ? files ldap
>>>>> ? ? ? shadow: ? ? files ldap
>>>>> ? ? ? group: ? ? ?files ldap
>>>>>
>>>>> ? ? ? ethers: ? ? files
>>>>> ? ? ? netmasks: ? files
>>>>> ? ? ? networks: ? files
>>>>> ? ? ? protocols: ?files
>>>>> ? ? ? rpc: ? ? ? ?files
>>>>> ? ? ? services: ? files
>>>>>
>>>>> ? ? ? netgroup: ? files ldap
>>>>>
>>>>> ? ? ? publickey: ?nisplus
>>>>>
>>>>> ? ? ? automount: ?files ldap
>>>>> ? ? ? aliases: ? ?files nisplus
>>>>>
>>>>>
>>>>> ? ? ? and /etc/ldap.conf file contains
>>>>> ? ? ? uri ldap://192.168.5.1 <http://192.168.5.1> <http://192.168.5.1>
>>>>>
>>>>> ? ? ? ssl no
>>>>> ? ? ? tls_cacertdir /etc/openldap/cacerts
>>>>> ? ? ? pam_password md5
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ? ? ? ----i am still not able to authenticate.......
>>>>>
>>>>>
>>>>> ? ? ? -best Regards
>>>>> ? ? ? --H
>>>>>
>>>>> ? ? ? On Wed, Jun 17, 2009 at 12:21 PM, Dmitry Amirov
>>>>> ? ? ? <amirov at infinet.ru <mailto:amirov at infinet.ru>
>>>>> ? ? ? <mailto:amirov at infinet.ru <mailto:amirov at infinet.ru>>> wrote:
>>>>>
>>>>> ? ? ? ? ?Hello
>>>>>
>>>>> ? ? ? ? ?Is it ldap://ldap.vfds.local correct?
>>>>> ? ? ? ? ?Please, try this command:
>>>>>
>>>>> ? ? ? ? ?ping ldap.vfds.local
>>>>>
>>>>> ? ? ? ? ?If pinging then try to use command getent to check that
>>>>> ? ? ? ldap users are
>>>>> ? ? ? ? ?present in your system.
>>>>> ? ? ? ? ?getent passwd
>>>>>
>>>>> ? ? ? ? ?If not pinging, then you need to use FQDN or ip-address,
>>>>> ? ? ? like this:
>>>>>
>>>>> ? ? ? ? ?ldap://1.2.3.4 <http://1.2.3.4> <http://1.2.3.4>
>>>>> ? ? ? ? ?ldap://example.com <http://example.com> <http://example.com>
>>>>>
>>>>>
>>>>>
>>>>> ? ? ? ? ?Hakuna Matata wrote:
>>>>> ? ? ? ? ?> Hi,
>>>>> ? ? ? ? ?>
>>>>> ? ? ? ? ?> I am new to FDS, i have set this up as per the
>>>>> ? ? ? documentation . It is
>>>>> ? ? ? ? ?> working fine .
>>>>> ? ? ? ? ?> Now want that linux client (CentOS 5.3) to authenticate
>>>>> ? ? ? with FDS.
>>>>> ? ? ? ? ?>
>>>>> ? ? ? ? ?> hostname of FDS = ldap.fds.local
>>>>> ? ? ? ? ?>
>>>>> ? ? ? ? ?> i create a user test01 and fill the posix information
>>>>> ? ? ? ? ?>
>>>>> ? ? ? ? ?> on client machine i am using system-config-authentiation
>>>>> ? ? ? ? ?> 1. check the LDAP box and filled the details as .
>>>>> ? ? ? ? ?> LDAP search base dn = ? ? ? ? ? ? ? ? ? ? ? ? ?dc=vfds,
>>>>> ? ? ? dc=local
>>>>> ? ? ? ? ?> LDAP Server =
>>>>> ? ? ldap://ldap.vfds.local
>>>>> ? ? ? ? ?>
>>>>> ? ? ? ? ?> then i rebooted the machine and trying to login via user
>>>>> ? ? ? test01. now
>>>>> ? ? ? ? ?> it is showing error as username or password incorrect.
>>>>> ? ? ? ? ?>
>>>>> ? ? ? ? ?>
>>>>> ? ? ? ? ?> i would really appreciate if someone can give me some
>>>>> ? ? ? pointer or
>>>>> ? ? ? ? ?help
>>>>> ? ? ? ? ?> where i am doing wrong.
>>>>> ? ? ? ? ?>
>>>>> ? ? ? ? ?> Many Thanks in advance
>>>>> ? ? ? ? ?> Best regards
>>>>> ? ? ? ? ?> --H
>>>>> ? ? ? ? ?>
>>>>> ? ? ? ? ?> --
>>>>> ? ? ? ? ?> 389 users mailing list
>>>>> ? ? ? ? ?> 389-users at redhat.com <mailto:389-users at redhat.com>
>>>>> ? ? ? <mailto:389-users at redhat.com <mailto:389-users at redhat.com>>
>>>>>
>>>>> ? ? ? ? ?>
>>>>> ? ? ? https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>> ? ? ? ? ?>
>>>>>
>>>>> ? ? ? ? ?--
>>>>> ? ? ? ? ?389 users mailing list
>>>>> ? ? ? ? ?389-users at redhat.com <mailto:389-users at redhat.com>
>>>>> ? ? ? <mailto:389-users at redhat.com <mailto:389-users at redhat.com>>
>>>>>
>>>>> ? ? ? ? ?https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ?------------------------------------------------------------------------
>>>>>
>>>>> ? ? ? --
>>>>> ? ? ? 389 users mailing list
>>>>> ? ? ? 389-users at redhat.com <mailto:389-users at redhat.com>
>>>>> ? ? ? https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ? --
>>>>> ? 389 users mailing list
>>>>> ? 389-users at redhat.com <mailto:389-users at redhat.com>
>>>>> ? https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------
>>>>>
>>>>> --
>>>>> 389 users mailing list
>>>>> 389-users at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>>>
>>>>
>>>> --
>>>> Jean-Noel Chardron
>>>>
>>>>
>>>>
>>>> --
>>>> 389 users mailing list
>>>> 389-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>>
>>>
>>
>> --
>> 389 users mailing list
>> 389-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
