just one more file contents ---authconfig , [root@client ~]# authconfig --test caching is enabled nss_files is always enabled nss_compat is disabled nss_db is disabled nss_hesiod is disabled hesiod LHS = "" hesiod RHS = "" nss_ldap is enabled LDAP+TLS is disabled LDAP server = "ldap://192.168.5.1"; LDAP base DN = "dc=vfds,dc=local" nss_nis is disabled NIS server = "" NIS domain = "" nss_nisplus is disabled nss_winbind is disabled SMB workgroup = "MYGROUP" SMB servers = "" SMB security = "user" SMB realm = "" Winbind template shell = "/bin/false" SMB idmap uid = "16777216-33554431" SMB idmap gid = "16777216-33554431" nss_wins is disabled pam_unix is always enabled shadow passwords are enabled password hashing algorithm is md5 pam_krb5 is disabled krb5 realm = "VFDS.VAD.COM" krb5 realm via dns is enabled krb5 kdc = "kerberos.vfds.vad.com:88" krb5 kdc via dns is disabled krb5 admin server = "kerberos.vfds.vad.com:749" pam_ldap is enabled LDAP+TLS is disabled LDAP server = "ldap://192.168.5.1"; LDAP base DN = "dc=vfds,dc=local" pam_pkcs11 is disabled use only smartcard for login is disabled smartcard module = "coolkey" smartcard removal action = "Ignore" pam_smb_auth is disabled SMB workgroup = "MYGROUP" SMB servers = "" pam_winbind is disabled SMB workgroup = "MYGROUP" SMB servers = "" SMB security = "user" SMB realm = "" pam_cracklib is enabled (try_first_pass retry=3) pam_passwdqc is disabled () pam_access is disabled () pam_mkhomedir is disabled () Always authorize local users is disabled () Authenticate system accounts against network services is disabled ------------------------------------ On Wed, Jun 17, 2009 at 11:55 PM, Hakuna Matata<narender.hooda@xxxxxxxxx> wrote: > This is what it is returning.... > > i guess i have to rebuild the client with CentOS 5.2 (though i have no > reason but still)..... > > and really want to give you big thank for helping me ...you are kind...... > will keep posted with the results.... > > [root@client ~]# ldapsearch -x -h 192.168.5.1 -b "dc=vfds,dc=local" > -D "cn=Directory Manager" -W > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base <dc=vfds,dc=local> with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > # search result > search: 2 > result: 32 No such object > > # numResponses: 1 > [root@client ~]# > > > On Wed, Jun 17, 2009 at 11:25 PM, Jean-Noel > Chardron<Jean-Noel.Chardron@xxxxxxxxxxxx> wrote: >> Hakuna Matata a écrit : >>> >>> Still no luck.... >>> i have added the below entry in my ldap.conf file >>> base dc=vfds,dc=local >>> >>> >> >> hum, >> does your fds answers to a request of ldapsearch ? >> you can try sommething like this from the server and from the client : >> without credentials: >> ldapsearch -x -h 192.168.5.1 -b "dc=vfds,dc=local" '' >> with credentials : >> ldapsearch -x -h 192.168.5.1 -b "dc=vfds,dc=local" -D "cn=Directory Manager >> '' -W >>> >>> --H >>> >>> On Wed, Jun 17, 2009 at 9:44 PM, Hakuna Matata<narender.hooda@xxxxxxxxx> >>> wrote: >>> >>>>>>>> >>>>>>>> grep base /etc/ldap.conf >>>>>>>> >>>> >>>> ---------------------------------- >>>> #scope base >>>> # nss_base_XXX base?scope?filter >>>> # where scope is {base,one,sub} >>>> # nss_base_passwd ou=People, >>>> # to append the default base DN but this >>>> #nss_base_passwd ou=People,dc=example,dc=com?one >>>> #nss_base_shadow ou=People,dc=example,dc=com?one >>>> #nss_base_group ou=Group,dc=example,dc=com?one >>>> #nss_base_hosts ou=Hosts,dc=example,dc=com?one >>>> #nss_base_services ou=Services,dc=example,dc=com?one >>>> #nss_base_networks ou=Networks,dc=example,dc=com?one >>>> #nss_base_protocols ou=Protocols,dc=example,dc=com?one >>>> #nss_base_rpc ou=Rpc,dc=example,dc=com?one >>>> #nss_base_ethers ou=Ethers,dc=example,dc=com?one >>>> #nss_base_netmasks ou=Networks,dc=example,dc=com?ne >>>> #nss_base_bootparams ou=Ethers,dc=example,dc=com?one >>>> #nss_base_aliases ou=Aliases,dc=example,dc=com?one >>>> #nss_base_netgroup ou=Netgroup,dc=example,dc=com?one >>>> #nss_base_passwd ou=aixaccount,?one >>>> #nss_base_group ou=aixgroup,?one >>>> >>>> --------------------------------------------------------------------------- >>>> >>>> OK, so i was expecting some base which are binding it to FDS.....but did >>>> not >>>> find here any such thing...which gives an impression that >>>> system-config-authentication is not working proberly in CentOS5.3. My >>>> assumption may be wrong.... >>>> >>>> so if i put some entry in this like (base dc=vfds,dc=local)...and then >>>> boot >>>> the client machine... can i expect it workin then..... >>>> >>>> waiting for the advise....in the mean time i am rebooting the machine.... >>>> >>>> many thanks in advance... >>>> >>>> >>>> --H >>>> >>>> On Wed, Jun 17, 2009 at 6:15 PM, jean-Noël Chardron >>>> <Jean-Noel.Chardron@xxxxxxxxxxxx> wrote: >>>> >>>>> >>>>> Hakuna Matata a écrit : >>>>> >>>>>> >>>>>> Jean >>>>>> Thanks for a quick reply. >>>>>> >>>>>> Client IP address is 192.168.5.4 >>>>>> yes these files are from client only. >>>>>> >>>>>> >>>>> >>>>> all files seem correct , (in system-auth the interresting line are with >>>>> pam_ldap.so) >>>>> So may be, the base to search in the tree are misconfigured in the >>>>> /etc/ldap.conf >>>>> >>>>> you previously show the /etc/ldap.conf : >>>>> uri ldap://192.168.5.1 <http://192.168.5.1> >>>>> ssl no >>>>> tls_cacertdir /etc/openldap/cacerts >>>>> pam_password md5 >>>>> >>>>> can you show the ouptut of the command : >>>>> grep base /etc/ldap.conf >>>>> with only the line that are uncommented , normaly this will show the >>>>> distinguished name of the search base. >>>>> and this must correspond with the tree in your FDS >>>>> >>>>> >>>>> >>>>> >>>>>> >>>>>> */etc/pam.d/system-auth * >>>>>> ------------------------------------------------ >>>>>> This file is auto-generated. >>>>>> # User changes will be destroyed the next time authconfig is run. >>>>>> auth required pam_env.so >>>>>> auth sufficient pam_unix.so nullok try_first_pass >>>>>> auth requisite pam_succeed_if.so uid >= 500 quiet >>>>>> auth sufficient pam_ldap.so use_first_pass >>>>>> auth required pam_deny.so >>>>>> >>>>>> account required pam_unix.so broken_shadow >>>>>> account sufficient pam_succeed_if.so uid < 500 quiet >>>>>> account [default=bad success=ok user_unknown=ignore] pam_ldap.so >>>>>> account required pam_permit.so >>>>>> >>>>>> password requisite pam_cracklib.so try_first_pass retry=3 >>>>>> password sufficient pam_unix.so md5 shadow nullok try_first_pass >>>>>> use_authtok >>>>>> password sufficient pam_ldap.so use_authtok >>>>>> password required pam_deny.so >>>>>> >>>>>> session optional pam_keyinit.so revoke >>>>>> session required pam_limits.so >>>>>> session optional pam_keyinit.so revoke >>>>>> session required pam_limits.so >>>>>> session [success=1 default=ignore] pam_succeed_if.so service in >>>>>> crond >>>>>> quiet use_uid >>>>>> session required pam_unix.so >>>>>> session optional pam_ldap.so >>>>>> ----------------------------------------------------------------------- >>>>>> >>>>>> and* /etc/pam.d/login * >>>>>> >>>>>> #%PAM-1.0 >>>>>> auth [user_unknown=ignore success=ok ignore=ignore default=bad] >>>>>> pam_securetty.so >>>>>> auth include system-auth >>>>>> account required pam_nologin.so >>>>>> account include system-auth >>>>>> password include system-auth >>>>>> # pam_selinux.so close should be the first session rule >>>>>> session required pam_selinux.so close >>>>>> session include system-auth >>>>>> session required pam_loginuid.so >>>>>> session optional pam_console.so >>>>>> # pam_selinux.so open should only be followed by sessions to be >>>>>> executed >>>>>> in the user context >>>>>> session required pam_selinux.so open >>>>>> session optional pam_keyinit.so force revoke >>>>>> ~ >>>>>> >>>>>> ---------------------------------------------------------------------------------- >>>>>> >>>>>> what is the *uid of the user test01 in the FDS* >>>>>> >>>>>> uid is t01 >>>>>> >>>>>> and under Posix user >>>>>> >>>>>> uid numbe =2223 (i manually gave this) >>>>>> gid number=2223 >>>>>> home dire = /home/test >>>>>> login shell=/bin/test >>>>>> >>>>>> >>>>>> and then i create a directory with name "test" under /home >>>>>> ...........eg. >>>>>> mkdir /home/test >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Best Regards >>>>>> --H >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Wed, Jun 17, 2009 at 4:33 PM, jean-Noël Chardron >>>>>> <Jean-Noel.Chardron@xxxxxxxxxxxx >>>>>> <mailto:Jean-Noel.Chardron@xxxxxxxxxxxx>> >>>>>> wrote: >>>>>> >>>>>> hi, >>>>>> >>>>>> ok , I suppose the ip adress of the server is 192.168.5.1 (right ?) >>>>>> and you have a client (a centos 5.3) with unknow to us ip address. >>>>>> >>>>>> I suppose the nsswitch.conf and /etc/ldap.conf below is on the >>>>>> client so it is correct >>>>>> >>>>>> Then can you show the files /etc/pam.d/system-auth and >>>>>> /etc/pam.d/login that are on the client please >>>>>> >>>>>> then can you tell us what is the uid of the user test01 in the FDS >>>>>> >>>>>> >>>>>> >>>>>> Hakuna Matata a écrit : >>>>>> >>>>>> >>>>>> yes, my nsswitch.conf file is as below. >>>>>> passwd: files ldap >>>>>> shadow: files ldap >>>>>> group: files ldap >>>>>> >>>>>> ethers: files >>>>>> netmasks: files >>>>>> networks: files >>>>>> protocols: files >>>>>> rpc: files >>>>>> services: files >>>>>> >>>>>> netgroup: files ldap >>>>>> >>>>>> publickey: nisplus >>>>>> >>>>>> automount: files ldap >>>>>> aliases: files nisplus >>>>>> >>>>>> >>>>>> and /etc/ldap.conf file contains >>>>>> uri ldap://192.168.5.1 <http://192.168.5.1> <http://192.168.5.1> >>>>>> >>>>>> ssl no >>>>>> tls_cacertdir /etc/openldap/cacerts >>>>>> pam_password md5 >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ----i am still not able to authenticate....... >>>>>> >>>>>> >>>>>> -best Regards >>>>>> --H >>>>>> >>>>>> On Wed, Jun 17, 2009 at 12:21 PM, Dmitry Amirov >>>>>> <amirov@xxxxxxxxxx <mailto:amirov@xxxxxxxxxx> >>>>>> <mailto:amirov@xxxxxxxxxx <mailto:amirov@xxxxxxxxxx>>> wrote: >>>>>> >>>>>> Hello >>>>>> >>>>>> Is it ldap://ldap.vfds.local correct? >>>>>> Please, try this command: >>>>>> >>>>>> ping ldap.vfds.local >>>>>> >>>>>> If pinging then try to use command getent to check that >>>>>> ldap users are >>>>>> present in your system. >>>>>> getent passwd >>>>>> >>>>>> If not pinging, then you need to use FQDN or ip-address, >>>>>> like this: >>>>>> >>>>>> ldap://1.2.3.4 <http://1.2.3.4> <http://1.2.3.4> >>>>>> ldap://example.com <http://example.com> <http://example.com> >>>>>> >>>>>> >>>>>> >>>>>> Hakuna Matata wrote: >>>>>> > Hi, >>>>>> > >>>>>> > I am new to FDS, i have set this up as per the >>>>>> documentation . It is >>>>>> > working fine . >>>>>> > Now want that linux client (CentOS 5.3) to authenticate >>>>>> with FDS. >>>>>> > >>>>>> > hostname of FDS = ldap.fds.local >>>>>> > >>>>>> > i create a user test01 and fill the posix information >>>>>> > >>>>>> > on client machine i am using system-config-authentiation >>>>>> > 1. check the LDAP box and filled the details as . >>>>>> > LDAP search base dn = dc=vfds, >>>>>> dc=local >>>>>> > LDAP Server = >>>>>> ldap://ldap.vfds.local >>>>>> > >>>>>> > then i rebooted the machine and trying to login via user >>>>>> test01. now >>>>>> > it is showing error as username or password incorrect. >>>>>> > >>>>>> > >>>>>> > i would really appreciate if someone can give me some >>>>>> pointer or >>>>>> help >>>>>> > where i am doing wrong. >>>>>> > >>>>>> > Many Thanks in advance >>>>>> > Best regards >>>>>> > --H >>>>>> > >>>>>> > -- >>>>>> > 389 users mailing list >>>>>> > 389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx> >>>>>> <mailto:389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>> >>>>>> >>>>>> > >>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> > >>>>>> >>>>>> -- >>>>>> 389 users mailing list >>>>>> 389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx> >>>>>> <mailto:389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>> >>>>>> >>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------ >>>>>> >>>>>> -- >>>>>> 389 users mailing list >>>>>> 389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx> >>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> 389 users mailing list >>>>>> 389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx> >>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------ >>>>>> >>>>>> -- >>>>>> 389 users mailing list >>>>>> 389-users@xxxxxxxxxx >>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> >>>>>> >>>>> >>>>> -- >>>>> Jean-Noel Chardron >>>>> >>>>> >>>>> >>>>> -- >>>>> 389 users mailing list >>>>> 389-users@xxxxxxxxxx >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>> >>>> >>> >>> -- >>> 389 users mailing list >>> 389-users@xxxxxxxxxx >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> >> >> -- >> 389 users mailing list >> 389-users@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > -- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
