Re: NSS ldap problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Oct 31, 2011, at 3:10 PM, Mitch Patenaude wrote:

> I'm having trouble setting up ldap based authenication.
> 
> I have a virtual (KVM) CentOS 5.4 box set up to authenticate to a 389 (fedora) directory server, and that works fine.
> 
> However, I set up a virtual box running CentOS 6, and I can't get it to authenicate.
> 
> I've run authconfig with the appropriate flags, ldapsearch properly finds the data, but I can't log in.  /var/log/secure shows that it doesn't find the user, and as a test I came up with the following perl snippet:
> 
> perl -e 'print join(" ",getpwnam("testuser")),"\n";'
> 
> And it properly finds the test user on the 5.4 box, but not the 6.0 box.
> 
> I've checked /etc/ldap.conf and /etc/openldap/ldap.conf and both seem about right.
> 
> Here are the ldap related packaged installed on the 6.0 box:
> [root@vburntest02 ~]# rpm -qa | grep ldap
> openldap-2.4.19-15.el6_0.2.x86_64
> pam_ldap-185-5.el6.x86_64
> nss-pam-ldapd-0.7.5-3.el6.x86_64
> openldap-clients-2.4.19-15.el6_0.2.x86_64
> apr-util-ldap-1.3.9-3.el6.x86_64
> 
> Any idea what to check next?
----
I'm not a perl person so I just check from shell with:
getent passwd
getent group

to make sure that the LDAP Users/Groups are indeed listed... authentication clearly won't work until they do.

The same /etc/ldap.conf from CentOS 5.x should work with CentOS 6.x

You might want to show us the contents of these files...

/etc/nsswitch.conf
/etc/pam.d/system-auth

I also have a 'one-liner' that I use for setting up ldap authentication in a pinch (be sure to substitute for $YOUR_LDAP_SERVER and $YOUR_LDAP_BASE, don't enable ldap tls if you don't have that function working and I'm not so certain about --enablemkhomedir on CentOS 5.x - haven't tried)...

authconfig --enableshadow --enableldap --enableldapauth \
--ldapserver=$YOUR_LDAP_SERVER --ldapbasedn=”$YOUR_LDAP_BASE” \
--enableldaptls --enablelocauthorize --enablemkhomedir \
--nostart --updateall

YMMV

Craig

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux