Re: [Fedora-directory-users] PAM authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thomas Mathiesen wrote:


Hi all!

I am happy to see that the communty have got a good-looking directory server.
Soon, I hope I can throw away our M$ active directory, and run fedora
directory instead, but I am having some issue, authenticating linux desktops.

So, here's what I have:
Fedora Directory installed on CentOS 4.0 (redhat EL clone)
Ran the typical install (after reading redhat directory install manual)

I can successfully login to the web-admin interface, and add users (after
binding as Directory Manager).

Due to a java error, I cannot use the console, but I rather use GQ (a gnome
LDAP tool). I can bind (as Directory Manager), and add/remove stuff.

So, here's what I continued doing:
Added a user (using the webinterface).
Added objectclass posixAccount to this user (using GQ)

Turning to my desktop, running Ubuntu Hoary and Openldap, I set it up using
this ldap config:
host ldap.mydomain.com
base dc=mydomain,dc=com
ldap_version 3
timelimit 30
pam_filter objectclass=posixAccount
pam_login_attribute uid
ssl no
#ssl start_tls
#tls_checkpeer no
pam_password ssha

I've tried to use ssl (and tls_checkpeer no), and no ssl.... nothing works.

In my log on the fedora directory server, I see the connection, and it first
tries to find the posixAccount, and returns no error. Then it looks for
shadowAccount, and returns no error (after I added that objectclass as well).

The client worked fine, authenticating with my previous openldap server... and
I can't see why I doesn't authenticate with my new fedora server.

Hi Thomas,
What ldap requests are your clients posting to the fedora directory server for authentication? Could you cut and paste the corresponding access log entries from the fedora directory server? 

Thanks,
--
toto


Help would be highly appreciated :)

/Thomas

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux