Re: [389-users] Help Needed -----Linux Ldap Client machine unable to login Fedors DS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I've not been following this thread very closely but we are using CentOS
5.3 very happily - John

On Wed, 2009-06-17 at 23:55 +0530, Hakuna Matata wrote:
> This is what it is returning....
> 
> i guess i have to rebuild the client with CentOS 5.2 (though i have no
> reason but still).....
> 
> and really want to give you big thank for helping me ...you are kind......
> will keep posted with the results....
> 
> [root@client ~]# ldapsearch -x -h  192.168.5.1 -b "dc=vfds,dc=local"
> -D "cn=Directory Manager"  -W
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <dc=vfds,dc=local> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
> 
> # search result
> search: 2
> result: 32 No such object
> 
> # numResponses: 1
> [root@client ~]#
> 
> 
> On Wed, Jun 17, 2009 at 11:25 PM, Jean-Noel
> Chardron<Jean-Noel.Chardron@xxxxxxxxxxxx> wrote:
> > Hakuna Matata a écrit :
> >>
> >> Still no luck....
> >> i have added the below entry in my ldap.conf file
> >> base dc=vfds,dc=local
> >>
> >>
> >
> > hum,
> > does your fds answers to a request of ldapsearch ?
> > you can try sommething like this from the server and from the client :
> > without credentials:
> > ldapsearch -x -h  192.168.5.1 -b "dc=vfds,dc=local" ''
> > with credentials :
> > ldapsearch -x -h  192.168.5.1 -b "dc=vfds,dc=local" -D "cn=Directory Manager
> >  ''  -W
> >>
> >> --H
> >>
> >> On Wed, Jun 17, 2009 at 9:44 PM, Hakuna Matata<narender.hooda@xxxxxxxxx>
> >> wrote:
> >>
> >>>>>>>
> >>>>>>> grep base /etc/ldap.conf
> >>>>>>>
> >>>
> >>> ----------------------------------
> >>> #scope base
> >>> # nss_base_XXX          base?scope?filter
> >>> # where scope is {base,one,sub}
> >>> # nss_base_passwd       ou=People,
> >>> # to append the default base DN but this
> >>> #nss_base_passwd        ou=People,dc=example,dc=com?one
> >>> #nss_base_shadow        ou=People,dc=example,dc=com?one
> >>> #nss_base_group         ou=Group,dc=example,dc=com?one
> >>> #nss_base_hosts         ou=Hosts,dc=example,dc=com?one
> >>> #nss_base_services      ou=Services,dc=example,dc=com?one
> >>> #nss_base_networks      ou=Networks,dc=example,dc=com?one
> >>> #nss_base_protocols     ou=Protocols,dc=example,dc=com?one
> >>> #nss_base_rpc           ou=Rpc,dc=example,dc=com?one
> >>> #nss_base_ethers        ou=Ethers,dc=example,dc=com?one
> >>> #nss_base_netmasks      ou=Networks,dc=example,dc=com?ne
> >>> #nss_base_bootparams    ou=Ethers,dc=example,dc=com?one
> >>> #nss_base_aliases       ou=Aliases,dc=example,dc=com?one
> >>> #nss_base_netgroup      ou=Netgroup,dc=example,dc=com?one
> >>> #nss_base_passwd ou=aixaccount,?one
> >>> #nss_base_group ou=aixgroup,?one
> >>>
> >>> ---------------------------------------------------------------------------
> >>>
> >>> OK, so i was expecting some base which are binding it to FDS.....but did
> >>> not
> >>> find here any such thing...which gives an impression that
> >>> system-config-authentication is not working proberly in CentOS5.3. My
> >>> assumption may be wrong....
> >>>
> >>> so if i put some entry in this like (base dc=vfds,dc=local)...and then
> >>> boot
> >>> the client machine... can i expect it workin then.....
> >>>
> >>> waiting for the advise....in the mean time i am rebooting the machine....
> >>>
> >>> many thanks in advance...
> >>>
> >>>
> >>> --H
> >>>
> >>> On Wed, Jun 17, 2009 at 6:15 PM, jean-Noël Chardron
> >>> <Jean-Noel.Chardron@xxxxxxxxxxxx> wrote:
> >>>
> >>>>
> >>>> Hakuna Matata a écrit :
> >>>>
> >>>>>
> >>>>> Jean
> >>>>> Thanks for a quick reply.
> >>>>>
> >>>>> Client IP address is 192.168.5.4
> >>>>> yes these files are from client only.
> >>>>>
> >>>>>
> >>>>
> >>>> all files seem correct , (in system-auth the interresting line are with
> >>>> pam_ldap.so)
> >>>> So may be, the base to search in the tree are misconfigured in the
> >>>> /etc/ldap.conf
> >>>>
> >>>> you previously show the /etc/ldap.conf :
> >>>> uri ldap://192.168.5.1 <http://192.168.5.1>
> >>>> ssl no
> >>>> tls_cacertdir /etc/openldap/cacerts
> >>>> pam_password md5
> >>>>
> >>>> can you show the ouptut of the command :
> >>>> grep base /etc/ldap.conf
> >>>> with only the line that are uncommented , normaly this will show the
> >>>> distinguished name of the search base.
> >>>> and this must correspond with the tree in your FDS
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>
> >>>>> */etc/pam.d/system-auth *
> >>>>> ------------------------------------------------
> >>>>>  This file is auto-generated.
> >>>>> # User changes will be destroyed the next time authconfig is run.
> >>>>> auth        required      pam_env.so
> >>>>> auth        sufficient    pam_unix.so nullok try_first_pass
> >>>>> auth        requisite     pam_succeed_if.so uid >= 500 quiet
> >>>>> auth        sufficient    pam_ldap.so use_first_pass
> >>>>> auth        required      pam_deny.so
> >>>>>
> >>>>> account     required      pam_unix.so broken_shadow
> >>>>> account     sufficient    pam_succeed_if.so uid < 500 quiet
> >>>>> account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
> >>>>> account     required      pam_permit.so
> >>>>>
> >>>>> password    requisite     pam_cracklib.so try_first_pass retry=3
> >>>>> password    sufficient    pam_unix.so md5 shadow nullok try_first_pass
> >>>>> use_authtok
> >>>>> password    sufficient    pam_ldap.so use_authtok
> >>>>> password    required      pam_deny.so
> >>>>>
> >>>>> session     optional      pam_keyinit.so revoke
> >>>>> session     required      pam_limits.so
> >>>>> session     optional      pam_keyinit.so revoke
> >>>>> session     required      pam_limits.so
> >>>>> session     [success=1 default=ignore] pam_succeed_if.so service in
> >>>>> crond
> >>>>> quiet use_uid
> >>>>> session     required      pam_unix.so
> >>>>> session     optional      pam_ldap.so
> >>>>> -----------------------------------------------------------------------
> >>>>>
> >>>>> and* /etc/pam.d/login  *
> >>>>>
> >>>>> #%PAM-1.0
> >>>>> auth [user_unknown=ignore success=ok ignore=ignore default=bad]
> >>>>> pam_securetty.so
> >>>>> auth       include      system-auth
> >>>>> account    required     pam_nologin.so
> >>>>> account    include      system-auth
> >>>>> password   include      system-auth
> >>>>> # pam_selinux.so close should be the first session rule
> >>>>> session    required     pam_selinux.so close
> >>>>> session    include      system-auth
> >>>>> session    required     pam_loginuid.so
> >>>>> session    optional     pam_console.so
> >>>>> # pam_selinux.so open should only be followed by sessions to be
> >>>>> executed
> >>>>> in the user context
> >>>>> session    required     pam_selinux.so open
> >>>>> session    optional     pam_keyinit.so force revoke
> >>>>> ~
> >>>>>
> >>>>>  ----------------------------------------------------------------------------------
> >>>>>
> >>>>>  what is the *uid of the user test01 in the FDS*
> >>>>>
> >>>>> uid is t01
> >>>>>
> >>>>> and under Posix user
> >>>>>
> >>>>> uid numbe  =2223                                (i manually gave this)
> >>>>> gid number=2223
> >>>>> home dire = /home/test
> >>>>> login shell=/bin/test
> >>>>>
> >>>>>
> >>>>> and then i create a directory with name "test" under /home
> >>>>> ...........eg.
> >>>>> mkdir /home/test
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> Best Regards
> >>>>> --H
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> On Wed, Jun 17, 2009 at 4:33 PM, jean-Noël Chardron
> >>>>> <Jean-Noel.Chardron@xxxxxxxxxxxx
> >>>>> <mailto:Jean-Noel.Chardron@xxxxxxxxxxxx>>
> >>>>> wrote:
> >>>>>
> >>>>>   hi,
> >>>>>
> >>>>>   ok , I suppose the ip adress of the server is  192.168.5.1 (right ?)
> >>>>>   and you have a client (a centos 5.3)  with unknow to us  ip address.
> >>>>>
> >>>>>   I suppose the nsswitch.conf and /etc/ldap.conf below is on the
> >>>>>   client so it is correct
> >>>>>
> >>>>>   Then can you show the files /etc/pam.d/system-auth and
> >>>>>   /etc/pam.d/login  that are on the client please
> >>>>>
> >>>>>   then can you tell us  what is the uid of the user test01 in the FDS
> >>>>>
> >>>>>
> >>>>>
> >>>>>   Hakuna Matata a écrit :
> >>>>>
> >>>>>
> >>>>>       yes, my nsswitch.conf file is as below.
> >>>>>       passwd:     files ldap
> >>>>>       shadow:     files ldap
> >>>>>       group:      files ldap
> >>>>>
> >>>>>       ethers:     files
> >>>>>       netmasks:   files
> >>>>>       networks:   files
> >>>>>       protocols:  files
> >>>>>       rpc:        files
> >>>>>       services:   files
> >>>>>
> >>>>>       netgroup:   files ldap
> >>>>>
> >>>>>       publickey:  nisplus
> >>>>>
> >>>>>       automount:  files ldap
> >>>>>       aliases:    files nisplus
> >>>>>
> >>>>>
> >>>>>       and /etc/ldap.conf file contains
> >>>>>       uri ldap://192.168.5.1 <http://192.168.5.1> <http://192.168.5.1>
> >>>>>
> >>>>>       ssl no
> >>>>>       tls_cacertdir /etc/openldap/cacerts
> >>>>>       pam_password md5
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>       ----i am still not able to authenticate.......
> >>>>>
> >>>>>
> >>>>>       -best Regards
> >>>>>       --H
> >>>>>
> >>>>>       On Wed, Jun 17, 2009 at 12:21 PM, Dmitry Amirov
> >>>>>       <amirov@xxxxxxxxxx <mailto:amirov@xxxxxxxxxx>
> >>>>>       <mailto:amirov@xxxxxxxxxx <mailto:amirov@xxxxxxxxxx>>> wrote:
> >>>>>
> >>>>>          Hello
> >>>>>
> >>>>>          Is it ldap://ldap.vfds.local correct?
> >>>>>          Please, try this command:
> >>>>>
> >>>>>          ping ldap.vfds.local
> >>>>>
> >>>>>          If pinging then try to use command getent to check that
> >>>>>       ldap users are
> >>>>>          present in your system.
> >>>>>          getent passwd
> >>>>>
> >>>>>          If not pinging, then you need to use FQDN or ip-address,
> >>>>>       like this:
> >>>>>
> >>>>>          ldap://1.2.3.4 <http://1.2.3.4> <http://1.2.3.4>
> >>>>>          ldap://example.com <http://example.com> <http://example.com>
> >>>>>
> >>>>>
> >>>>>
> >>>>>          Hakuna Matata wrote:
> >>>>>          > Hi,
> >>>>>          >
> >>>>>          > I am new to FDS, i have set this up as per the
> >>>>>       documentation . It is
> >>>>>          > working fine .
> >>>>>          > Now want that linux client (CentOS 5.3) to authenticate
> >>>>>       with FDS.
> >>>>>          >
> >>>>>          > hostname of FDS = ldap.fds.local
> >>>>>          >
> >>>>>          > i create a user test01 and fill the posix information
> >>>>>          >
> >>>>>          > on client machine i am using system-config-authentiation
> >>>>>          > 1. check the LDAP box and filled the details as .
> >>>>>          > LDAP search base dn =                          dc=vfds,
> >>>>>       dc=local
> >>>>>          > LDAP Server =
> >>>>>     ldap://ldap.vfds.local
> >>>>>          >
> >>>>>          > then i rebooted the machine and trying to login via user
> >>>>>       test01. now
> >>>>>          > it is showing error as username or password incorrect.
> >>>>>          >
> >>>>>          >
> >>>>>          > i would really appreciate if someone can give me some
> >>>>>       pointer or
> >>>>>          help
> >>>>>          > where i am doing wrong.
> >>>>>          >
> >>>>>          > Many Thanks in advance
> >>>>>          > Best regards
> >>>>>          > --H
> >>>>>          >
> >>>>>          > --
> >>>>>          > 389 users mailing list
> >>>>>          > 389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>
> >>>>>       <mailto:389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>>
> >>>>>
> >>>>>          >
> >>>>>       https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>>>          >
> >>>>>
> >>>>>          --
> >>>>>          389 users mailing list
> >>>>>          389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>
> >>>>>       <mailto:389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>>
> >>>>>
> >>>>>          https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>  ------------------------------------------------------------------------
> >>>>>
> >>>>>       --
> >>>>>       389 users mailing list
> >>>>>       389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>
> >>>>>       https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>   --
> >>>>>   389 users mailing list
> >>>>>   389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>
> >>>>>   https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>>>
> >>>>>
> >>>>>
> >>>>> ------------------------------------------------------------------------
> >>>>>
> >>>>> --
> >>>>> 389 users mailing list
> >>>>> 389-users@xxxxxxxxxx
> >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>>>
> >>>>>
> >>>>
> >>>> --
> >>>> Jean-Noel Chardron
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> 389 users mailing list
> >>>> 389-users@xxxxxxxxxx
> >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>>
> >>>
> >>>
> >>
> >> --
> >> 389 users mailing list
> >> 389-users@xxxxxxxxxx
> >> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>
> >
> >
> > --
> > 389 users mailing list
> > 389-users@xxxxxxxxxx
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> 
> --
> 389 users mailing list
> 389-users@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@xxxxxxxxxxxxxxxxxxx

http://www.spiritualoutreach.com
Making Christianity intelligible to secular society


--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux