Re: ldapsearch is fine but from authentication purpose its not doing anything

[Grzegorz Dwornicki <gd1100@xxxxxxxxx>]

Do you have nss_ldap installed?

28-07-2012 18:58, "Fosiul Alam" <fosiul@xxxxxxxxx> napisał(a):

hi yes.. i am not using ip . i am using fully host name

this is my nsswitch

cat /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
#       nisplus or nis+         Use NIS+ (NIS version 3)
#       nis or yp               Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files                   Use the local files
#       db                      Use the local database (.db) files
#       compat                  Use NIS on compat mode
#       hesiod                  Use Hesiod for user lookups
#       [NOTFOUND=return]       Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files ldap
shadow:     files ldap
group:      files ldap

#hosts:     db files nisplus nis dns
hosts:      files dns

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   files ldap

publickey:  nisplus

automount:  files ldap
aliases:    files nisplus

sudoers: files ldap


and /etc/ldap

[root@home cacerts]# grep -v "^#" /etc/ldap.conf | sed -e '/^$/d'
base dc=fosiul,dc=lan

timelimit 120
bind_timelimit 120
idle_timelimit 3600
 #nss_base_passwd       ou=users,l=uk,dc=fosiul,dc=lan,?one
nss_initgroups_ignoreusers
root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
uri ldap://ldap-2.fosiul.lan/
ssl start_tls
tls_cacertfile /etc/openldap/cacerts/ds-ca.crt
pam_password clear


On Sat, Jul 28, 2012 at 5:23 PM, Grzegorz Dwornicki <gd1100@xxxxxxxxx> wrote:
> I assume you are using TLS. You need to use fqdn not ip of centos directory
> server, configure firewall for 389 or 636 port.
>
> Please send content of /etc/nsswitch.conf and /etc/ldap.conf
>
> 28-07-2012 18:13, "Fosiul Alam" <fosiul@xxxxxxxxx> napisał(a):
>
>> Hi
>> I configured another pc
>> with authconfig-tui
>> but there is not any luck
>> its same thing ..
>>
>> Fosiul
>>
>> On Sat, Jul 28, 2012 at 4:04 PM, Grzegorz Dwornicki <gd1100@xxxxxxxxx>
>> wrote:
>> > In other mail I've told you: use authconfig or authconfig-tui or
>> > system-config-authentication to setup system for ldap authentication.
>> > For
>> > example authconfig-tui has simple text-based interface, authconfig is
>> > CLI
>> > based and require arguments. Finally system-config-authentication has
>> > gui.
>> >
>> > 28-07-2012 16:50, "Fosiul Alam" <fosiul@xxxxxxxxx> napisał(a):
>> >>
>> >> Hi
>> >> I have setup ldap server and from client its returning example :
>> >>
>> >> [root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx  -h
>> >> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
>> >> # extended LDIF
>> >> #
>> >> # LDAPv3
>> >> # base <dc=fosiul,dc=lan> with scope subtree
>> >> # filter: (cn=Fosiul Alam)
>> >> # requesting: ALL
>> >> #
>> >>
>> >> # falam, users, uk, fosiul.lan
>> >> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan
>> >> givenName: Fosiul
>> >> sn: Alam
>> >> loginShell: /bin/bash/bash
>> >> uidNumber: 1000
>> >> gidNumber: 3000
>> >> objectClass: top
>> >> objectClass: person
>> >> objectClass: organizationalPerson
>> >> objectClass: inetorgperson
>> >> objectClass: posixAccount
>> >> uid: falam
>> >> cn: Fosiul Alam
>> >> homeDirectory: /home/falam
>> >> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ=
>> >>  =
>> >>
>> >> # search result
>> >> search: 3
>> >> result: 0 Success
>> >>
>> >> # numResponses: 2
>> >> # numEntries: 1
>> >>
>> >> and in the access log :
>> >>
>> >> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from
>> >> 192.0.0.4 to 192.0.0.9
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT
>> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120
>> >> nentries=0 etime=0
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory
>> >> manager" method=128 version=3
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97
>> >> nentries=0 etime=0 dn="cn=directory manager"
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH
>> >> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101
>> >> nentries=1 etime=0
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
>> >>
>> >>
>> >> But From command line , when i do
>> >> [root@home ~]# id falam
>> >> id: falam: No such user
>> >>
>> >>
>> >>
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from
>> >> 192.0.0.4 to 192.0.0.9
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT
>> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120
>> >> nentries=0 etime=0
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128
>> >> version=3
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97
>> >> nentries=0 etime=0 dn=""
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH
>> >> base="dc=fosiul,dc=lan" scope=2
>> >> filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid
>> >> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
>> >> description objectClass"
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101
>> >> nentries=0 etime=0
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
>> >>
>> >>
>> >> So basically, ldapsearch is working but authentication is not working
>> >> ..
>> >>
>> >> Can any one please help me with this .
>> >> and i am using Centos 5.8
>> >>
>> >> Fosiul.
>> >> --
>> >> 389 users mailing list
>> >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >
>> >
>> > --
>> > 389 users mailing list
>> > 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>> --
>> Regards
>> Fosiul Alam
>> 07877100621
>> http://www.fosiul.co.uk
>> --
>> 389 users mailing list
>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users



--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users