Re: [389-users] Help Needed -----Linux Ldap Client machine unable to login Fedors DS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is what it is returning....

i guess i have to rebuild the client with CentOS 5.2 (though i have no
reason but still).....

and really want to give you big thank for helping me ...you are kind......
will keep posted with the results....

[root@client ~]# ldapsearch -x -h  192.168.5.1 -b "dc=vfds,dc=local"
-D "cn=Directory Manager"  -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=vfds,dc=local> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1
[root@client ~]#


On Wed, Jun 17, 2009 at 11:25 PM, Jean-Noel
Chardron<Jean-Noel.Chardron@xxxxxxxxxxxx> wrote:
> Hakuna Matata a écrit :
>>
>> Still no luck....
>> i have added the below entry in my ldap.conf file
>> base dc=vfds,dc=local
>>
>>
>
> hum,
> does your fds answers to a request of ldapsearch ?
> you can try sommething like this from the server and from the client :
> without credentials:
> ldapsearch -x -h  192.168.5.1 -b "dc=vfds,dc=local" ''
> with credentials :
> ldapsearch -x -h  192.168.5.1 -b "dc=vfds,dc=local" -D "cn=Directory Manager
>  ''  -W
>>
>> --H
>>
>> On Wed, Jun 17, 2009 at 9:44 PM, Hakuna Matata<narender.hooda@xxxxxxxxx>
>> wrote:
>>
>>>>>>>
>>>>>>> grep base /etc/ldap.conf
>>>>>>>
>>>
>>> ----------------------------------
>>> #scope base
>>> # nss_base_XXX          base?scope?filter
>>> # where scope is {base,one,sub}
>>> # nss_base_passwd       ou=People,
>>> # to append the default base DN but this
>>> #nss_base_passwd        ou=People,dc=example,dc=com?one
>>> #nss_base_shadow        ou=People,dc=example,dc=com?one
>>> #nss_base_group         ou=Group,dc=example,dc=com?one
>>> #nss_base_hosts         ou=Hosts,dc=example,dc=com?one
>>> #nss_base_services      ou=Services,dc=example,dc=com?one
>>> #nss_base_networks      ou=Networks,dc=example,dc=com?one
>>> #nss_base_protocols     ou=Protocols,dc=example,dc=com?one
>>> #nss_base_rpc           ou=Rpc,dc=example,dc=com?one
>>> #nss_base_ethers        ou=Ethers,dc=example,dc=com?one
>>> #nss_base_netmasks      ou=Networks,dc=example,dc=com?ne
>>> #nss_base_bootparams    ou=Ethers,dc=example,dc=com?one
>>> #nss_base_aliases       ou=Aliases,dc=example,dc=com?one
>>> #nss_base_netgroup      ou=Netgroup,dc=example,dc=com?one
>>> #nss_base_passwd ou=aixaccount,?one
>>> #nss_base_group ou=aixgroup,?one
>>>
>>> ---------------------------------------------------------------------------
>>>
>>> OK, so i was expecting some base which are binding it to FDS.....but did
>>> not
>>> find here any such thing...which gives an impression that
>>> system-config-authentication is not working proberly in CentOS5.3. My
>>> assumption may be wrong....
>>>
>>> so if i put some entry in this like (base dc=vfds,dc=local)...and then
>>> boot
>>> the client machine... can i expect it workin then.....
>>>
>>> waiting for the advise....in the mean time i am rebooting the machine....
>>>
>>> many thanks in advance...
>>>
>>>
>>> --H
>>>
>>> On Wed, Jun 17, 2009 at 6:15 PM, jean-Noël Chardron
>>> <Jean-Noel.Chardron@xxxxxxxxxxxx> wrote:
>>>
>>>>
>>>> Hakuna Matata a écrit :
>>>>
>>>>>
>>>>> Jean
>>>>> Thanks for a quick reply.
>>>>>
>>>>> Client IP address is 192.168.5.4
>>>>> yes these files are from client only.
>>>>>
>>>>>
>>>>
>>>> all files seem correct , (in system-auth the interresting line are with
>>>> pam_ldap.so)
>>>> So may be, the base to search in the tree are misconfigured in the
>>>> /etc/ldap.conf
>>>>
>>>> you previously show the /etc/ldap.conf :
>>>> uri ldap://192.168.5.1 <http://192.168.5.1>
>>>> ssl no
>>>> tls_cacertdir /etc/openldap/cacerts
>>>> pam_password md5
>>>>
>>>> can you show the ouptut of the command :
>>>> grep base /etc/ldap.conf
>>>> with only the line that are uncommented , normaly this will show the
>>>> distinguished name of the search base.
>>>> and this must correspond with the tree in your FDS
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>> */etc/pam.d/system-auth *
>>>>> ------------------------------------------------
>>>>>  This file is auto-generated.
>>>>> # User changes will be destroyed the next time authconfig is run.
>>>>> auth        required      pam_env.so
>>>>> auth        sufficient    pam_unix.so nullok try_first_pass
>>>>> auth        requisite     pam_succeed_if.so uid >= 500 quiet
>>>>> auth        sufficient    pam_ldap.so use_first_pass
>>>>> auth        required      pam_deny.so
>>>>>
>>>>> account     required      pam_unix.so broken_shadow
>>>>> account     sufficient    pam_succeed_if.so uid < 500 quiet
>>>>> account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
>>>>> account     required      pam_permit.so
>>>>>
>>>>> password    requisite     pam_cracklib.so try_first_pass retry=3
>>>>> password    sufficient    pam_unix.so md5 shadow nullok try_first_pass
>>>>> use_authtok
>>>>> password    sufficient    pam_ldap.so use_authtok
>>>>> password    required      pam_deny.so
>>>>>
>>>>> session     optional      pam_keyinit.so revoke
>>>>> session     required      pam_limits.so
>>>>> session     optional      pam_keyinit.so revoke
>>>>> session     required      pam_limits.so
>>>>> session     [success=1 default=ignore] pam_succeed_if.so service in
>>>>> crond
>>>>> quiet use_uid
>>>>> session     required      pam_unix.so
>>>>> session     optional      pam_ldap.so
>>>>> -----------------------------------------------------------------------
>>>>>
>>>>> and* /etc/pam.d/login  *
>>>>>
>>>>> #%PAM-1.0
>>>>> auth [user_unknown=ignore success=ok ignore=ignore default=bad]
>>>>> pam_securetty.so
>>>>> auth       include      system-auth
>>>>> account    required     pam_nologin.so
>>>>> account    include      system-auth
>>>>> password   include      system-auth
>>>>> # pam_selinux.so close should be the first session rule
>>>>> session    required     pam_selinux.so close
>>>>> session    include      system-auth
>>>>> session    required     pam_loginuid.so
>>>>> session    optional     pam_console.so
>>>>> # pam_selinux.so open should only be followed by sessions to be
>>>>> executed
>>>>> in the user context
>>>>> session    required     pam_selinux.so open
>>>>> session    optional     pam_keyinit.so force revoke
>>>>> ~
>>>>>
>>>>>  ----------------------------------------------------------------------------------
>>>>>
>>>>>  what is the *uid of the user test01 in the FDS*
>>>>>
>>>>> uid is t01
>>>>>
>>>>> and under Posix user
>>>>>
>>>>> uid numbe  =2223                                (i manually gave this)
>>>>> gid number=2223
>>>>> home dire = /home/test
>>>>> login shell=/bin/test
>>>>>
>>>>>
>>>>> and then i create a directory with name "test" under /home
>>>>> ...........eg.
>>>>> mkdir /home/test
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Best Regards
>>>>> --H
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Jun 17, 2009 at 4:33 PM, jean-Noël Chardron
>>>>> <Jean-Noel.Chardron@xxxxxxxxxxxx
>>>>> <mailto:Jean-Noel.Chardron@xxxxxxxxxxxx>>
>>>>> wrote:
>>>>>
>>>>>   hi,
>>>>>
>>>>>   ok , I suppose the ip adress of the server is  192.168.5.1 (right ?)
>>>>>   and you have a client (a centos 5.3)  with unknow to us  ip address.
>>>>>
>>>>>   I suppose the nsswitch.conf and /etc/ldap.conf below is on the
>>>>>   client so it is correct
>>>>>
>>>>>   Then can you show the files /etc/pam.d/system-auth and
>>>>>   /etc/pam.d/login  that are on the client please
>>>>>
>>>>>   then can you tell us  what is the uid of the user test01 in the FDS
>>>>>
>>>>>
>>>>>
>>>>>   Hakuna Matata a écrit :
>>>>>
>>>>>
>>>>>       yes, my nsswitch.conf file is as below.
>>>>>       passwd:     files ldap
>>>>>       shadow:     files ldap
>>>>>       group:      files ldap
>>>>>
>>>>>       ethers:     files
>>>>>       netmasks:   files
>>>>>       networks:   files
>>>>>       protocols:  files
>>>>>       rpc:        files
>>>>>       services:   files
>>>>>
>>>>>       netgroup:   files ldap
>>>>>
>>>>>       publickey:  nisplus
>>>>>
>>>>>       automount:  files ldap
>>>>>       aliases:    files nisplus
>>>>>
>>>>>
>>>>>       and /etc/ldap.conf file contains
>>>>>       uri ldap://192.168.5.1 <http://192.168.5.1> <http://192.168.5.1>
>>>>>
>>>>>       ssl no
>>>>>       tls_cacertdir /etc/openldap/cacerts
>>>>>       pam_password md5
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>       ----i am still not able to authenticate.......
>>>>>
>>>>>
>>>>>       -best Regards
>>>>>       --H
>>>>>
>>>>>       On Wed, Jun 17, 2009 at 12:21 PM, Dmitry Amirov
>>>>>       <amirov@xxxxxxxxxx <mailto:amirov@xxxxxxxxxx>
>>>>>       <mailto:amirov@xxxxxxxxxx <mailto:amirov@xxxxxxxxxx>>> wrote:
>>>>>
>>>>>          Hello
>>>>>
>>>>>          Is it ldap://ldap.vfds.local correct?
>>>>>          Please, try this command:
>>>>>
>>>>>          ping ldap.vfds.local
>>>>>
>>>>>          If pinging then try to use command getent to check that
>>>>>       ldap users are
>>>>>          present in your system.
>>>>>          getent passwd
>>>>>
>>>>>          If not pinging, then you need to use FQDN or ip-address,
>>>>>       like this:
>>>>>
>>>>>          ldap://1.2.3.4 <http://1.2.3.4> <http://1.2.3.4>
>>>>>          ldap://example.com <http://example.com> <http://example.com>
>>>>>
>>>>>
>>>>>
>>>>>          Hakuna Matata wrote:
>>>>>          > Hi,
>>>>>          >
>>>>>          > I am new to FDS, i have set this up as per the
>>>>>       documentation . It is
>>>>>          > working fine .
>>>>>          > Now want that linux client (CentOS 5.3) to authenticate
>>>>>       with FDS.
>>>>>          >
>>>>>          > hostname of FDS = ldap.fds.local
>>>>>          >
>>>>>          > i create a user test01 and fill the posix information
>>>>>          >
>>>>>          > on client machine i am using system-config-authentiation
>>>>>          > 1. check the LDAP box and filled the details as .
>>>>>          > LDAP search base dn =                          dc=vfds,
>>>>>       dc=local
>>>>>          > LDAP Server =
>>>>>     ldap://ldap.vfds.local
>>>>>          >
>>>>>          > then i rebooted the machine and trying to login via user
>>>>>       test01. now
>>>>>          > it is showing error as username or password incorrect.
>>>>>          >
>>>>>          >
>>>>>          > i would really appreciate if someone can give me some
>>>>>       pointer or
>>>>>          help
>>>>>          > where i am doing wrong.
>>>>>          >
>>>>>          > Many Thanks in advance
>>>>>          > Best regards
>>>>>          > --H
>>>>>          >
>>>>>          > --
>>>>>          > 389 users mailing list
>>>>>          > 389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>
>>>>>       <mailto:389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>>
>>>>>
>>>>>          >
>>>>>       https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>          >
>>>>>
>>>>>          --
>>>>>          389 users mailing list
>>>>>          389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>
>>>>>       <mailto:389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>>
>>>>>
>>>>>          https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>  ------------------------------------------------------------------------
>>>>>
>>>>>       --
>>>>>       389 users mailing list
>>>>>       389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>
>>>>>       https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>   --
>>>>>   389 users mailing list
>>>>>   389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>
>>>>>   https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------
>>>>>
>>>>> --
>>>>> 389 users mailing list
>>>>> 389-users@xxxxxxxxxx
>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>>>
>>>>
>>>> --
>>>> Jean-Noel Chardron
>>>>
>>>>
>>>>
>>>> --
>>>> 389 users mailing list
>>>> 389-users@xxxxxxxxxx
>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>>
>>>
>>
>> --
>> 389 users mailing list
>> 389-users@xxxxxxxxxx
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>
>
> --
> 389 users mailing list
> 389-users@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux