just one more file contents ---authconfig , [root at client ~]# authconfig --test caching is enabled nss_files is always enabled nss_compat is disabled nss_db is disabled nss_hesiod is disabled hesiod LHS = "" hesiod RHS = "" nss_ldap is enabled LDAP+TLS is disabled LDAP server = "ldap://192.168.5.1"; LDAP base DN = "dc=vfds,dc=local" nss_nis is disabled NIS server = "" NIS domain = "" nss_nisplus is disabled nss_winbind is disabled SMB workgroup = "MYGROUP" SMB servers = "" SMB security = "user" SMB realm = "" Winbind template shell = "/bin/false" SMB idmap uid = "16777216-33554431" SMB idmap gid = "16777216-33554431" nss_wins is disabled pam_unix is always enabled shadow passwords are enabled password hashing algorithm is md5 pam_krb5 is disabled krb5 realm = "VFDS.VAD.COM" krb5 realm via dns is enabled krb5 kdc = "kerberos.vfds.vad.com:88" krb5 kdc via dns is disabled krb5 admin server = "kerberos.vfds.vad.com:749" pam_ldap is enabled LDAP+TLS is disabled LDAP server = "ldap://192.168.5.1"; LDAP base DN = "dc=vfds,dc=local" pam_pkcs11 is disabled use only smartcard for login is disabled smartcard module = "coolkey" smartcard removal action = "Ignore" pam_smb_auth is disabled SMB workgroup = "MYGROUP" SMB servers = "" pam_winbind is disabled SMB workgroup = "MYGROUP" SMB servers = "" SMB security = "user" SMB realm = "" pam_cracklib is enabled (try_first_pass retry=3) pam_passwdqc is disabled () pam_access is disabled () pam_mkhomedir is disabled () Always authorize local users is disabled () Authenticate system accounts against network services is disabled ------------------------------------ On Wed, Jun 17, 2009 at 11:55 PM, Hakuna Matata<narender.hooda at gmail.com> wrote: > This is what it is returning.... > > i guess i have to rebuild the client with CentOS 5.2 (though i have no > reason but still)..... > > and really want to give you big thank for helping me ...you are kind...... > will keep posted with the results.... > > [root at client ~]# ldapsearch -x -h ?192.168.5.1 -b "dc=vfds,dc=local" > -D "cn=Directory Manager" ?-W > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base <dc=vfds,dc=local> with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > # search result > search: 2 > result: 32 No such object > > # numResponses: 1 > [root at client ~]# > > > On Wed, Jun 17, 2009 at 11:25 PM, Jean-Noel > Chardron<Jean-Noel.Chardron at dr15.cnrs.fr> wrote: >> Hakuna Matata a ?crit : >>> >>> Still no luck.... >>> i have added the below entry in my ldap.conf file >>> base dc=vfds,dc=local >>> >>> >> >> hum, >> does your fds answers to a request of ldapsearch ? >> you can try sommething like this from the server and from the client : >> without credentials: >> ldapsearch -x -h ?192.168.5.1 -b "dc=vfds,dc=local" '' >> with credentials : >> ldapsearch -x -h ?192.168.5.1 -b "dc=vfds,dc=local" -D "cn=Directory Manager >> ?'' ?-W >>> >>> --H >>> >>> On Wed, Jun 17, 2009 at 9:44 PM, Hakuna Matata<narender.hooda at gmail.com> >>> wrote: >>> >>>>>>>> >>>>>>>> grep base /etc/ldap.conf >>>>>>>> >>>> >>>> ---------------------------------- >>>> #scope base >>>> # nss_base_XXX ? ? ? ? ?base?scope?filter >>>> # where scope is {base,one,sub} >>>> # nss_base_passwd ? ? ? ou=People, >>>> # to append the default base DN but this >>>> #nss_base_passwd ? ? ? ?ou=People,dc=example,dc=com?one >>>> #nss_base_shadow ? ? ? ?ou=People,dc=example,dc=com?one >>>> #nss_base_group ? ? ? ? ou=Group,dc=example,dc=com?one >>>> #nss_base_hosts ? ? ? ? ou=Hosts,dc=example,dc=com?one >>>> #nss_base_services ? ? ?ou=Services,dc=example,dc=com?one >>>> #nss_base_networks ? ? ?ou=Networks,dc=example,dc=com?one >>>> #nss_base_protocols ? ? ou=Protocols,dc=example,dc=com?one >>>> #nss_base_rpc ? ? ? ? ? ou=Rpc,dc=example,dc=com?one >>>> #nss_base_ethers ? ? ? ?ou=Ethers,dc=example,dc=com?one >>>> #nss_base_netmasks ? ? ?ou=Networks,dc=example,dc=com?ne >>>> #nss_base_bootparams ? ?ou=Ethers,dc=example,dc=com?one >>>> #nss_base_aliases ? ? ? ou=Aliases,dc=example,dc=com?one >>>> #nss_base_netgroup ? ? ?ou=Netgroup,dc=example,dc=com?one >>>> #nss_base_passwd ou=aixaccount,?one >>>> #nss_base_group ou=aixgroup,?one >>>> >>>> --------------------------------------------------------------------------- >>>> >>>> OK, so i was expecting some base which are binding it to FDS.....but did >>>> not >>>> find here any such thing...which gives an impression that >>>> system-config-authentication is not working proberly in CentOS5.3. My >>>> assumption may be wrong.... >>>> >>>> so if i put some entry in this like (base dc=vfds,dc=local)...and then >>>> boot >>>> the client machine... can i expect it workin then..... >>>> >>>> waiting for the advise....in the mean time i am rebooting the machine.... >>>> >>>> many thanks in advance... >>>> >>>> >>>> --H >>>> >>>> On Wed, Jun 17, 2009 at 6:15 PM, jean-No?l Chardron >>>> <Jean-Noel.Chardron at dr15.cnrs.fr> wrote: >>>> >>>>> >>>>> Hakuna Matata a ?crit : >>>>> >>>>>> >>>>>> Jean >>>>>> Thanks for a quick reply. >>>>>> >>>>>> Client IP address is 192.168.5.4 >>>>>> yes these files are from client only. >>>>>> >>>>>> >>>>> >>>>> all files seem correct , (in system-auth the interresting line are with >>>>> pam_ldap.so) >>>>> So may be, the base to search in the tree are misconfigured in the >>>>> /etc/ldap.conf >>>>> >>>>> you previously show the /etc/ldap.conf : >>>>> uri ldap://192.168.5.1 <http://192.168.5.1> >>>>> ssl no >>>>> tls_cacertdir /etc/openldap/cacerts >>>>> pam_password md5 >>>>> >>>>> can you show the ouptut of the command : >>>>> grep base /etc/ldap.conf >>>>> with only the line that are uncommented , normaly this will show the >>>>> distinguished name of the search base. >>>>> and this must correspond with the tree in your FDS >>>>> >>>>> >>>>> >>>>> >>>>>> >>>>>> */etc/pam.d/system-auth * >>>>>> ------------------------------------------------ >>>>>> ?This file is auto-generated. >>>>>> # User changes will be destroyed the next time authconfig is run. >>>>>> auth ? ? ? ?required ? ? ?pam_env.so >>>>>> auth ? ? ? ?sufficient ? ?pam_unix.so nullok try_first_pass >>>>>> auth ? ? ? ?requisite ? ? pam_succeed_if.so uid >= 500 quiet >>>>>> auth ? ? ? ?sufficient ? ?pam_ldap.so use_first_pass >>>>>> auth ? ? ? ?required ? ? ?pam_deny.so >>>>>> >>>>>> account ? ? required ? ? ?pam_unix.so broken_shadow >>>>>> account ? ? sufficient ? ?pam_succeed_if.so uid < 500 quiet >>>>>> account ? ? [default=bad success=ok user_unknown=ignore] pam_ldap.so >>>>>> account ? ? required ? ? ?pam_permit.so >>>>>> >>>>>> password ? ?requisite ? ? pam_cracklib.so try_first_pass retry=3 >>>>>> password ? ?sufficient ? ?pam_unix.so md5 shadow nullok try_first_pass >>>>>> use_authtok >>>>>> password ? ?sufficient ? ?pam_ldap.so use_authtok >>>>>> password ? ?required ? ? ?pam_deny.so >>>>>> >>>>>> session ? ? optional ? ? ?pam_keyinit.so revoke >>>>>> session ? ? required ? ? ?pam_limits.so >>>>>> session ? ? optional ? ? ?pam_keyinit.so revoke >>>>>> session ? ? required ? ? ?pam_limits.so >>>>>> session ? ? [success=1 default=ignore] pam_succeed_if.so service in >>>>>> crond >>>>>> quiet use_uid >>>>>> session ? ? required ? ? ?pam_unix.so >>>>>> session ? ? optional ? ? ?pam_ldap.so >>>>>> ----------------------------------------------------------------------- >>>>>> >>>>>> and* /etc/pam.d/login ?* >>>>>> >>>>>> #%PAM-1.0 >>>>>> auth [user_unknown=ignore success=ok ignore=ignore default=bad] >>>>>> pam_securetty.so >>>>>> auth ? ? ? include ? ? ?system-auth >>>>>> account ? ?required ? ? pam_nologin.so >>>>>> account ? ?include ? ? ?system-auth >>>>>> password ? include ? ? ?system-auth >>>>>> # pam_selinux.so close should be the first session rule >>>>>> session ? ?required ? ? pam_selinux.so close >>>>>> session ? ?include ? ? ?system-auth >>>>>> session ? ?required ? ? pam_loginuid.so >>>>>> session ? ?optional ? ? pam_console.so >>>>>> # pam_selinux.so open should only be followed by sessions to be >>>>>> executed >>>>>> in the user context >>>>>> session ? ?required ? ? pam_selinux.so open >>>>>> session ? ?optional ? ? pam_keyinit.so force revoke >>>>>> ~ >>>>>> >>>>>> ?---------------------------------------------------------------------------------- >>>>>> >>>>>> ?what is the *uid of the user test01 in the FDS* >>>>>> >>>>>> uid is t01 >>>>>> >>>>>> and under Posix user >>>>>> >>>>>> uid numbe ?=2223 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?(i manually gave this) >>>>>> gid number=2223 >>>>>> home dire = /home/test >>>>>> login shell=/bin/test >>>>>> >>>>>> >>>>>> and then i create a directory with name "test" under /home >>>>>> ...........eg. >>>>>> mkdir /home/test >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Best Regards >>>>>> --H >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Wed, Jun 17, 2009 at 4:33 PM, jean-No?l Chardron >>>>>> <Jean-Noel.Chardron at dr15.cnrs.fr >>>>>> <mailto:Jean-Noel.Chardron at dr15.cnrs.fr>> >>>>>> wrote: >>>>>> >>>>>> ? hi, >>>>>> >>>>>> ? ok , I suppose the ip adress of the server is ?192.168.5.1 (right ?) >>>>>> ? and you have a client (a centos 5.3) ?with unknow to us ?ip address. >>>>>> >>>>>> ? I suppose the nsswitch.conf and /etc/ldap.conf below is on the >>>>>> ? client so it is correct >>>>>> >>>>>> ? Then can you show the files /etc/pam.d/system-auth and >>>>>> ? /etc/pam.d/login ?that are on the client please >>>>>> >>>>>> ? then can you tell us ?what is the uid of the user test01 in the FDS >>>>>> >>>>>> >>>>>> >>>>>> ? Hakuna Matata a ?crit : >>>>>> >>>>>> >>>>>> ? ? ? yes, my nsswitch.conf file is as below. >>>>>> ? ? ? passwd: ? ? files ldap >>>>>> ? ? ? shadow: ? ? files ldap >>>>>> ? ? ? group: ? ? ?files ldap >>>>>> >>>>>> ? ? ? ethers: ? ? files >>>>>> ? ? ? netmasks: ? files >>>>>> ? ? ? networks: ? files >>>>>> ? ? ? protocols: ?files >>>>>> ? ? ? rpc: ? ? ? ?files >>>>>> ? ? ? services: ? files >>>>>> >>>>>> ? ? ? netgroup: ? files ldap >>>>>> >>>>>> ? ? ? publickey: ?nisplus >>>>>> >>>>>> ? ? ? automount: ?files ldap >>>>>> ? ? ? aliases: ? ?files nisplus >>>>>> >>>>>> >>>>>> ? ? ? and /etc/ldap.conf file contains >>>>>> ? ? ? uri ldap://192.168.5.1 <http://192.168.5.1> <http://192.168.5.1> >>>>>> >>>>>> ? ? ? ssl no >>>>>> ? ? ? tls_cacertdir /etc/openldap/cacerts >>>>>> ? ? ? pam_password md5 >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ? ? ? ----i am still not able to authenticate....... >>>>>> >>>>>> >>>>>> ? ? ? -best Regards >>>>>> ? ? ? --H >>>>>> >>>>>> ? ? ? On Wed, Jun 17, 2009 at 12:21 PM, Dmitry Amirov >>>>>> ? ? ? <amirov at infinet.ru <mailto:amirov at infinet.ru> >>>>>> ? ? ? <mailto:amirov at infinet.ru <mailto:amirov at infinet.ru>>> wrote: >>>>>> >>>>>> ? ? ? ? ?Hello >>>>>> >>>>>> ? ? ? ? ?Is it ldap://ldap.vfds.local correct? >>>>>> ? ? ? ? ?Please, try this command: >>>>>> >>>>>> ? ? ? ? ?ping ldap.vfds.local >>>>>> >>>>>> ? ? ? ? ?If pinging then try to use command getent to check that >>>>>> ? ? ? ldap users are >>>>>> ? ? ? ? ?present in your system. >>>>>> ? ? ? ? ?getent passwd >>>>>> >>>>>> ? ? ? ? ?If not pinging, then you need to use FQDN or ip-address, >>>>>> ? ? ? like this: >>>>>> >>>>>> ? ? ? ? ?ldap://1.2.3.4 <http://1.2.3.4> <http://1.2.3.4> >>>>>> ? ? ? ? ?ldap://example.com <http://example.com> <http://example.com> >>>>>> >>>>>> >>>>>> >>>>>> ? ? ? ? ?Hakuna Matata wrote: >>>>>> ? ? ? ? ?> Hi, >>>>>> ? ? ? ? ?> >>>>>> ? ? ? ? ?> I am new to FDS, i have set this up as per the >>>>>> ? ? ? documentation . It is >>>>>> ? ? ? ? ?> working fine . >>>>>> ? ? ? ? ?> Now want that linux client (CentOS 5.3) to authenticate >>>>>> ? ? ? with FDS. >>>>>> ? ? ? ? ?> >>>>>> ? ? ? ? ?> hostname of FDS = ldap.fds.local >>>>>> ? ? ? ? ?> >>>>>> ? ? ? ? ?> i create a user test01 and fill the posix information >>>>>> ? ? ? ? ?> >>>>>> ? ? ? ? ?> on client machine i am using system-config-authentiation >>>>>> ? ? ? ? ?> 1. check the LDAP box and filled the details as . >>>>>> ? ? ? ? ?> LDAP search base dn = ? ? ? ? ? ? ? ? ? ? ? ? ?dc=vfds, >>>>>> ? ? ? dc=local >>>>>> ? ? ? ? ?> LDAP Server = >>>>>> ? ? ldap://ldap.vfds.local >>>>>> ? ? ? ? ?> >>>>>> ? ? ? ? ?> then i rebooted the machine and trying to login via user >>>>>> ? ? ? test01. now >>>>>> ? ? ? ? ?> it is showing error as username or password incorrect. >>>>>> ? ? ? ? ?> >>>>>> ? ? ? ? ?> >>>>>> ? ? ? ? ?> i would really appreciate if someone can give me some >>>>>> ? ? ? pointer or >>>>>> ? ? ? ? ?help >>>>>> ? ? ? ? ?> where i am doing wrong. >>>>>> ? ? ? ? ?> >>>>>> ? ? ? ? ?> Many Thanks in advance >>>>>> ? ? ? ? ?> Best regards >>>>>> ? ? ? ? ?> --H >>>>>> ? ? ? ? ?> >>>>>> ? ? ? ? ?> -- >>>>>> ? ? ? ? ?> 389 users mailing list >>>>>> ? ? ? ? ?> 389-users at redhat.com <mailto:389-users at redhat.com> >>>>>> ? ? ? <mailto:389-users at redhat.com <mailto:389-users at redhat.com>> >>>>>> >>>>>> ? ? ? ? ?> >>>>>> ? ? ? https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> ? ? ? ? ?> >>>>>> >>>>>> ? ? ? ? ?-- >>>>>> ? ? ? ? ?389 users mailing list >>>>>> ? ? ? ? ?389-users at redhat.com <mailto:389-users at redhat.com> >>>>>> ? ? ? <mailto:389-users at redhat.com <mailto:389-users at redhat.com>> >>>>>> >>>>>> ? ? ? ? ?https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ?------------------------------------------------------------------------ >>>>>> >>>>>> ? ? ? -- >>>>>> ? ? ? 389 users mailing list >>>>>> ? ? ? 389-users at redhat.com <mailto:389-users at redhat.com> >>>>>> ? ? ? https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ? -- >>>>>> ? 389 users mailing list >>>>>> ? 389-users at redhat.com <mailto:389-users at redhat.com> >>>>>> ? https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------ >>>>>> >>>>>> -- >>>>>> 389 users mailing list >>>>>> 389-users at redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> >>>>>> >>>>> >>>>> -- >>>>> Jean-Noel Chardron >>>>> >>>>> >>>>> >>>>> -- >>>>> 389 users mailing list >>>>> 389-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>> >>>> >>> >>> -- >>> 389 users mailing list >>> 389-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> >> >> -- >> 389 users mailing list >> 389-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >
