hi yes.. i am not using ip . i am using fully host name this is my nsswitch cat /etc/nsswitch.conf # # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # nisplus or nis+ Use NIS+ (NIS version 3) # nis or yp Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far # # To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis passwd: files ldap shadow: files ldap group: files ldap #hosts: db files nisplus nis dns hosts: files dns # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files ldap publickey: nisplus automount: files ldap aliases: files nisplus sudoers: files ldap and /etc/ldap [root@home cacerts]# grep -v "^#" /etc/ldap.conf | sed -e '/^$/d' base dc=fosiul,dc=lan timelimit 120 bind_timelimit 120 idle_timelimit 3600 #nss_base_passwd ou=users,l=uk,dc=fosiul,dc=lan,?one nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm uri ldap://ldap-2.fosiul.lan/ ssl start_tls tls_cacertfile /etc/openldap/cacerts/ds-ca.crt pam_password clear On Sat, Jul 28, 2012 at 5:23 PM, Grzegorz Dwornicki <gd1100@xxxxxxxxx> wrote: > I assume you are using TLS. You need to use fqdn not ip of centos directory > server, configure firewall for 389 or 636 port. > > Please send content of /etc/nsswitch.conf and /etc/ldap.conf > > 28-07-2012 18:13, "Fosiul Alam" <fosiul@xxxxxxxxx> napisał(a): > >> Hi >> I configured another pc >> with authconfig-tui >> but there is not any luck >> its same thing .. >> >> Fosiul >> >> On Sat, Jul 28, 2012 at 4:04 PM, Grzegorz Dwornicki <gd1100@xxxxxxxxx> >> wrote: >> > In other mail I've told you: use authconfig or authconfig-tui or >> > system-config-authentication to setup system for ldap authentication. >> > For >> > example authconfig-tui has simple text-based interface, authconfig is >> > CLI >> > based and require arguments. Finally system-config-authentication has >> > gui. >> > >> > 28-07-2012 16:50, "Fosiul Alam" <fosiul@xxxxxxxxx> napisał(a): >> >> >> >> Hi >> >> I have setup ldap server and from client its returning example : >> >> >> >> [root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx -h >> >> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" >> >> # extended LDIF >> >> # >> >> # LDAPv3 >> >> # base <dc=fosiul,dc=lan> with scope subtree >> >> # filter: (cn=Fosiul Alam) >> >> # requesting: ALL >> >> # >> >> >> >> # falam, users, uk, fosiul.lan >> >> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan >> >> givenName: Fosiul >> >> sn: Alam >> >> loginShell: /bin/bash/bash >> >> uidNumber: 1000 >> >> gidNumber: 3000 >> >> objectClass: top >> >> objectClass: person >> >> objectClass: organizationalPerson >> >> objectClass: inetorgperson >> >> objectClass: posixAccount >> >> uid: falam >> >> cn: Fosiul Alam >> >> homeDirectory: /home/falam >> >> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ= >> >> = >> >> >> >> # search result >> >> search: 3 >> >> result: 0 Success >> >> >> >> # numResponses: 2 >> >> # numEntries: 1 >> >> >> >> and in the access log : >> >> >> >> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from >> >> 192.0.0.4 to 192.0.0.9 >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT >> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS" >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120 >> >> nentries=0 etime=0 >> >> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory >> >> manager" method=128 version=3 >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97 >> >> nentries=0 etime=0 dn="cn=directory manager" >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH >> >> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101 >> >> nentries=1 etime=0 >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1 >> >> >> >> >> >> But From command line , when i do >> >> [root@home ~]# id falam >> >> id: falam: No such user >> >> >> >> >> >> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from >> >> 192.0.0.4 to 192.0.0.9 >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT >> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS" >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120 >> >> nentries=0 etime=0 >> >> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 >> >> version=3 >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97 >> >> nentries=0 etime=0 dn="" >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH >> >> base="dc=fosiul,dc=lan" scope=2 >> >> filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid >> >> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos >> >> description objectClass" >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101 >> >> nentries=0 etime=0 >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1 >> >> >> >> >> >> So basically, ldapsearch is working but authentication is not working >> >> .. >> >> >> >> Can any one please help me with this . >> >> and i am using Centos 5.8 >> >> >> >> Fosiul. >> >> -- >> >> 389 users mailing list >> >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> >> https://admin.fedoraproject.org/mailman/listinfo/389-users >> > >> > >> > -- >> > 389 users mailing list >> > 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> > https://admin.fedoraproject.org/mailman/listinfo/389-users >> >> >> >> -- >> Regards >> Fosiul Alam >> 07877100621 >> http://www.fosiul.co.uk >> -- >> 389 users mailing list >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/389-users > > > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users -- Regards Fosiul Alam 07877100621 http://www.fosiul.co.uk -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
