Re: [389-users] Help Needed -----Linux Ldap Client machine unable to login Fedors DS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



just one more file contents ---authconfig ,
[root@client ~]# authconfig --test
caching is enabled
nss_files is always enabled
nss_compat is disabled
nss_db is disabled
nss_hesiod is disabled
 hesiod LHS = ""
 hesiod RHS = ""
nss_ldap is enabled
 LDAP+TLS is disabled
 LDAP server = "ldap://192.168.5.1";
 LDAP base DN = "dc=vfds,dc=local"
nss_nis is disabled
 NIS server = ""
 NIS domain = ""
nss_nisplus is disabled
nss_winbind is disabled
 SMB workgroup = "MYGROUP"
 SMB servers = ""
 SMB security = "user"
 SMB realm = ""
 Winbind template shell = "/bin/false"
 SMB idmap uid = "16777216-33554431"
 SMB idmap gid = "16777216-33554431"
nss_wins is disabled
pam_unix is always enabled
 shadow passwords are enabled
 password hashing algorithm is md5
pam_krb5 is disabled
 krb5 realm = "VFDS.VAD.COM"
 krb5 realm via dns is enabled
 krb5 kdc = "kerberos.vfds.vad.com:88"
 krb5 kdc via dns is disabled
 krb5 admin server = "kerberos.vfds.vad.com:749"
pam_ldap is enabled

 LDAP+TLS is disabled
 LDAP server = "ldap://192.168.5.1";
 LDAP base DN = "dc=vfds,dc=local"
pam_pkcs11 is disabled

 use only smartcard for login is disabled
 smartcard module = "coolkey"
 smartcard removal action = "Ignore"
pam_smb_auth is disabled
 SMB workgroup = "MYGROUP"
 SMB servers = ""
pam_winbind is disabled
 SMB workgroup = "MYGROUP"
 SMB servers = ""
 SMB security = "user"
 SMB realm = ""
pam_cracklib is enabled (try_first_pass retry=3)
pam_passwdqc is disabled ()
pam_access is disabled ()
pam_mkhomedir is disabled ()
Always authorize local users is disabled ()
Authenticate system accounts against network services is disabled
------------------------------------





On Wed, Jun 17, 2009 at 11:55 PM, Hakuna Matata<narender.hooda@xxxxxxxxx> wrote:
> This is what it is returning....
>
> i guess i have to rebuild the client with CentOS 5.2 (though i have no
> reason but still).....
>
> and really want to give you big thank for helping me ...you are kind......
> will keep posted with the results....
>
> [root@client ~]# ldapsearch -x -h  192.168.5.1 -b "dc=vfds,dc=local"
> -D "cn=Directory Manager"  -W
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <dc=vfds,dc=local> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 32 No such object
>
> # numResponses: 1
> [root@client ~]#
>
>
> On Wed, Jun 17, 2009 at 11:25 PM, Jean-Noel
> Chardron<Jean-Noel.Chardron@xxxxxxxxxxxx> wrote:
>> Hakuna Matata a écrit :
>>>
>>> Still no luck....
>>> i have added the below entry in my ldap.conf file
>>> base dc=vfds,dc=local
>>>
>>>
>>
>> hum,
>> does your fds answers to a request of ldapsearch ?
>> you can try sommething like this from the server and from the client :
>> without credentials:
>> ldapsearch -x -h  192.168.5.1 -b "dc=vfds,dc=local" ''
>> with credentials :
>> ldapsearch -x -h  192.168.5.1 -b "dc=vfds,dc=local" -D "cn=Directory Manager
>>  ''  -W
>>>
>>> --H
>>>
>>> On Wed, Jun 17, 2009 at 9:44 PM, Hakuna Matata<narender.hooda@xxxxxxxxx>
>>> wrote:
>>>
>>>>>>>>
>>>>>>>> grep base /etc/ldap.conf
>>>>>>>>
>>>>
>>>> ----------------------------------
>>>> #scope base
>>>> # nss_base_XXX          base?scope?filter
>>>> # where scope is {base,one,sub}
>>>> # nss_base_passwd       ou=People,
>>>> # to append the default base DN but this
>>>> #nss_base_passwd        ou=People,dc=example,dc=com?one
>>>> #nss_base_shadow        ou=People,dc=example,dc=com?one
>>>> #nss_base_group         ou=Group,dc=example,dc=com?one
>>>> #nss_base_hosts         ou=Hosts,dc=example,dc=com?one
>>>> #nss_base_services      ou=Services,dc=example,dc=com?one
>>>> #nss_base_networks      ou=Networks,dc=example,dc=com?one
>>>> #nss_base_protocols     ou=Protocols,dc=example,dc=com?one
>>>> #nss_base_rpc           ou=Rpc,dc=example,dc=com?one
>>>> #nss_base_ethers        ou=Ethers,dc=example,dc=com?one
>>>> #nss_base_netmasks      ou=Networks,dc=example,dc=com?ne
>>>> #nss_base_bootparams    ou=Ethers,dc=example,dc=com?one
>>>> #nss_base_aliases       ou=Aliases,dc=example,dc=com?one
>>>> #nss_base_netgroup      ou=Netgroup,dc=example,dc=com?one
>>>> #nss_base_passwd ou=aixaccount,?one
>>>> #nss_base_group ou=aixgroup,?one
>>>>
>>>> ---------------------------------------------------------------------------
>>>>
>>>> OK, so i was expecting some base which are binding it to FDS.....but did
>>>> not
>>>> find here any such thing...which gives an impression that
>>>> system-config-authentication is not working proberly in CentOS5.3. My
>>>> assumption may be wrong....
>>>>
>>>> so if i put some entry in this like (base dc=vfds,dc=local)...and then
>>>> boot
>>>> the client machine... can i expect it workin then.....
>>>>
>>>> waiting for the advise....in the mean time i am rebooting the machine....
>>>>
>>>> many thanks in advance...
>>>>
>>>>
>>>> --H
>>>>
>>>> On Wed, Jun 17, 2009 at 6:15 PM, jean-Noël Chardron
>>>> <Jean-Noel.Chardron@xxxxxxxxxxxx> wrote:
>>>>
>>>>>
>>>>> Hakuna Matata a écrit :
>>>>>
>>>>>>
>>>>>> Jean
>>>>>> Thanks for a quick reply.
>>>>>>
>>>>>> Client IP address is 192.168.5.4
>>>>>> yes these files are from client only.
>>>>>>
>>>>>>
>>>>>
>>>>> all files seem correct , (in system-auth the interresting line are with
>>>>> pam_ldap.so)
>>>>> So may be, the base to search in the tree are misconfigured in the
>>>>> /etc/ldap.conf
>>>>>
>>>>> you previously show the /etc/ldap.conf :
>>>>> uri ldap://192.168.5.1 <http://192.168.5.1>
>>>>> ssl no
>>>>> tls_cacertdir /etc/openldap/cacerts
>>>>> pam_password md5
>>>>>
>>>>> can you show the ouptut of the command :
>>>>> grep base /etc/ldap.conf
>>>>> with only the line that are uncommented , normaly this will show the
>>>>> distinguished name of the search base.
>>>>> and this must correspond with the tree in your FDS
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>
>>>>>> */etc/pam.d/system-auth *
>>>>>> ------------------------------------------------
>>>>>>  This file is auto-generated.
>>>>>> # User changes will be destroyed the next time authconfig is run.
>>>>>> auth        required      pam_env.so
>>>>>> auth        sufficient    pam_unix.so nullok try_first_pass
>>>>>> auth        requisite     pam_succeed_if.so uid >= 500 quiet
>>>>>> auth        sufficient    pam_ldap.so use_first_pass
>>>>>> auth        required      pam_deny.so
>>>>>>
>>>>>> account     required      pam_unix.so broken_shadow
>>>>>> account     sufficient    pam_succeed_if.so uid < 500 quiet
>>>>>> account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
>>>>>> account     required      pam_permit.so
>>>>>>
>>>>>> password    requisite     pam_cracklib.so try_first_pass retry=3
>>>>>> password    sufficient    pam_unix.so md5 shadow nullok try_first_pass
>>>>>> use_authtok
>>>>>> password    sufficient    pam_ldap.so use_authtok
>>>>>> password    required      pam_deny.so
>>>>>>
>>>>>> session     optional      pam_keyinit.so revoke
>>>>>> session     required      pam_limits.so
>>>>>> session     optional      pam_keyinit.so revoke
>>>>>> session     required      pam_limits.so
>>>>>> session     [success=1 default=ignore] pam_succeed_if.so service in
>>>>>> crond
>>>>>> quiet use_uid
>>>>>> session     required      pam_unix.so
>>>>>> session     optional      pam_ldap.so
>>>>>> -----------------------------------------------------------------------
>>>>>>
>>>>>> and* /etc/pam.d/login  *
>>>>>>
>>>>>> #%PAM-1.0
>>>>>> auth [user_unknown=ignore success=ok ignore=ignore default=bad]
>>>>>> pam_securetty.so
>>>>>> auth       include      system-auth
>>>>>> account    required     pam_nologin.so
>>>>>> account    include      system-auth
>>>>>> password   include      system-auth
>>>>>> # pam_selinux.so close should be the first session rule
>>>>>> session    required     pam_selinux.so close
>>>>>> session    include      system-auth
>>>>>> session    required     pam_loginuid.so
>>>>>> session    optional     pam_console.so
>>>>>> # pam_selinux.so open should only be followed by sessions to be
>>>>>> executed
>>>>>> in the user context
>>>>>> session    required     pam_selinux.so open
>>>>>> session    optional     pam_keyinit.so force revoke
>>>>>> ~
>>>>>>
>>>>>>  ----------------------------------------------------------------------------------
>>>>>>
>>>>>>  what is the *uid of the user test01 in the FDS*
>>>>>>
>>>>>> uid is t01
>>>>>>
>>>>>> and under Posix user
>>>>>>
>>>>>> uid numbe  =2223                                (i manually gave this)
>>>>>> gid number=2223
>>>>>> home dire = /home/test
>>>>>> login shell=/bin/test
>>>>>>
>>>>>>
>>>>>> and then i create a directory with name "test" under /home
>>>>>> ...........eg.
>>>>>> mkdir /home/test
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Best Regards
>>>>>> --H
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Jun 17, 2009 at 4:33 PM, jean-Noël Chardron
>>>>>> <Jean-Noel.Chardron@xxxxxxxxxxxx
>>>>>> <mailto:Jean-Noel.Chardron@xxxxxxxxxxxx>>
>>>>>> wrote:
>>>>>>
>>>>>>   hi,
>>>>>>
>>>>>>   ok , I suppose the ip adress of the server is  192.168.5.1 (right ?)
>>>>>>   and you have a client (a centos 5.3)  with unknow to us  ip address.
>>>>>>
>>>>>>   I suppose the nsswitch.conf and /etc/ldap.conf below is on the
>>>>>>   client so it is correct
>>>>>>
>>>>>>   Then can you show the files /etc/pam.d/system-auth and
>>>>>>   /etc/pam.d/login  that are on the client please
>>>>>>
>>>>>>   then can you tell us  what is the uid of the user test01 in the FDS
>>>>>>
>>>>>>
>>>>>>
>>>>>>   Hakuna Matata a écrit :
>>>>>>
>>>>>>
>>>>>>       yes, my nsswitch.conf file is as below.
>>>>>>       passwd:     files ldap
>>>>>>       shadow:     files ldap
>>>>>>       group:      files ldap
>>>>>>
>>>>>>       ethers:     files
>>>>>>       netmasks:   files
>>>>>>       networks:   files
>>>>>>       protocols:  files
>>>>>>       rpc:        files
>>>>>>       services:   files
>>>>>>
>>>>>>       netgroup:   files ldap
>>>>>>
>>>>>>       publickey:  nisplus
>>>>>>
>>>>>>       automount:  files ldap
>>>>>>       aliases:    files nisplus
>>>>>>
>>>>>>
>>>>>>       and /etc/ldap.conf file contains
>>>>>>       uri ldap://192.168.5.1 <http://192.168.5.1> <http://192.168.5.1>
>>>>>>
>>>>>>       ssl no
>>>>>>       tls_cacertdir /etc/openldap/cacerts
>>>>>>       pam_password md5
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>       ----i am still not able to authenticate.......
>>>>>>
>>>>>>
>>>>>>       -best Regards
>>>>>>       --H
>>>>>>
>>>>>>       On Wed, Jun 17, 2009 at 12:21 PM, Dmitry Amirov
>>>>>>       <amirov@xxxxxxxxxx <mailto:amirov@xxxxxxxxxx>
>>>>>>       <mailto:amirov@xxxxxxxxxx <mailto:amirov@xxxxxxxxxx>>> wrote:
>>>>>>
>>>>>>          Hello
>>>>>>
>>>>>>          Is it ldap://ldap.vfds.local correct?
>>>>>>          Please, try this command:
>>>>>>
>>>>>>          ping ldap.vfds.local
>>>>>>
>>>>>>          If pinging then try to use command getent to check that
>>>>>>       ldap users are
>>>>>>          present in your system.
>>>>>>          getent passwd
>>>>>>
>>>>>>          If not pinging, then you need to use FQDN or ip-address,
>>>>>>       like this:
>>>>>>
>>>>>>          ldap://1.2.3.4 <http://1.2.3.4> <http://1.2.3.4>
>>>>>>          ldap://example.com <http://example.com> <http://example.com>
>>>>>>
>>>>>>
>>>>>>
>>>>>>          Hakuna Matata wrote:
>>>>>>          > Hi,
>>>>>>          >
>>>>>>          > I am new to FDS, i have set this up as per the
>>>>>>       documentation . It is
>>>>>>          > working fine .
>>>>>>          > Now want that linux client (CentOS 5.3) to authenticate
>>>>>>       with FDS.
>>>>>>          >
>>>>>>          > hostname of FDS = ldap.fds.local
>>>>>>          >
>>>>>>          > i create a user test01 and fill the posix information
>>>>>>          >
>>>>>>          > on client machine i am using system-config-authentiation
>>>>>>          > 1. check the LDAP box and filled the details as .
>>>>>>          > LDAP search base dn =                          dc=vfds,
>>>>>>       dc=local
>>>>>>          > LDAP Server =
>>>>>>     ldap://ldap.vfds.local
>>>>>>          >
>>>>>>          > then i rebooted the machine and trying to login via user
>>>>>>       test01. now
>>>>>>          > it is showing error as username or password incorrect.
>>>>>>          >
>>>>>>          >
>>>>>>          > i would really appreciate if someone can give me some
>>>>>>       pointer or
>>>>>>          help
>>>>>>          > where i am doing wrong.
>>>>>>          >
>>>>>>          > Many Thanks in advance
>>>>>>          > Best regards
>>>>>>          > --H
>>>>>>          >
>>>>>>          > --
>>>>>>          > 389 users mailing list
>>>>>>          > 389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>
>>>>>>       <mailto:389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>>
>>>>>>
>>>>>>          >
>>>>>>       https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>          >
>>>>>>
>>>>>>          --
>>>>>>          389 users mailing list
>>>>>>          389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>
>>>>>>       <mailto:389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>>
>>>>>>
>>>>>>          https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>  ------------------------------------------------------------------------
>>>>>>
>>>>>>       --
>>>>>>       389 users mailing list
>>>>>>       389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>
>>>>>>       https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>   --
>>>>>>   389 users mailing list
>>>>>>   389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>
>>>>>>   https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------
>>>>>>
>>>>>> --
>>>>>> 389 users mailing list
>>>>>> 389-users@xxxxxxxxxx
>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> Jean-Noel Chardron
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> 389 users mailing list
>>>>> 389-users@xxxxxxxxxx
>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>>
>>>>
>>>
>>> --
>>> 389 users mailing list
>>> 389-users@xxxxxxxxxx
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>
>>
>> --
>> 389 users mailing list
>> 389-users@xxxxxxxxxx
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>

--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux