grep base /etc/ldap.conf
----------------------------------
#scope base
# nss_base_XXX base?scope?filter
# where scope is {base,one,sub}
# nss_base_passwd ou=People,
# to append the default base DN but this
#nss_base_passwd ou=People,dc=example,dc=com?one
#nss_base_shadow ou=People,dc=example,dc=com?one
#nss_base_group ou=Group,dc=example,dc=com?one
#nss_base_hosts ou=Hosts,dc=example,dc=com?one
#nss_base_services ou=Services,dc=example,dc=com?one
#nss_base_networks ou=Networks,dc=example,dc=com?one
#nss_base_protocols ou=Protocols,dc=example,dc=com?one
#nss_base_rpc ou=Rpc,dc=example,dc=com?one
#nss_base_ethers ou=Ethers,dc=example,dc=com?one
#nss_base_netmasks ou=Networks,dc=example,dc=com?ne
#nss_base_bootparams ou=Ethers,dc=example,dc=com?one
#nss_base_aliases ou=Aliases,dc=example,dc=com?one
#nss_base_netgroup ou=Netgroup,dc=example,dc=com?one
#nss_base_passwd ou=aixaccount,?one
#nss_base_group ou=aixgroup,?one
---------------------------------------------------------------------------
OK, so i was expecting some base which are binding it to FDS.....but did
not
find here any such thing...which gives an impression that
system-config-authentication is not working proberly in CentOS5.3. My
assumption may be wrong....
so if i put some entry in this like (base dc=vfds,dc=local)...and then
boot
the client machine... can i expect it workin then.....
waiting for the advise....in the mean time i am rebooting the machine....
many thanks in advance...
--H
On Wed, Jun 17, 2009 at 6:15 PM, jean-Noël Chardron
<Jean-Noel.Chardron@xxxxxxxxxxxx> wrote:
Hakuna Matata a écrit :
Jean
Thanks for a quick reply.
Client IP address is 192.168.5.4
yes these files are from client only.
all files seem correct , (in system-auth the interresting line are with
pam_ldap.so)
So may be, the base to search in the tree are misconfigured in the
/etc/ldap.conf
you previously show the /etc/ldap.conf :
uri ldap://192.168.5.1 <http://192.168.5.1>
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
can you show the ouptut of the command :
grep base /etc/ldap.conf
with only the line that are uncommented , normaly this will show the
distinguished name of the search base.
and this must correspond with the tree in your FDS
*/etc/pam.d/system-auth *
------------------------------------------------
This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass
use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in
crond
quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
-----------------------------------------------------------------------
and* /etc/pam.d/login *
#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad]
pam_securetty.so
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session include system-auth
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should only be followed by sessions to be
executed
in the user context
session required pam_selinux.so open
session optional pam_keyinit.so force revoke
~
----------------------------------------------------------------------------------
what is the *uid of the user test01 in the FDS*
uid is t01
and under Posix user
uid numbe =2223 (i manually gave this)
gid number=2223
home dire = /home/test
login shell=/bin/test
and then i create a directory with name "test" under /home
...........eg.
mkdir /home/test
Best Regards
--H
On Wed, Jun 17, 2009 at 4:33 PM, jean-Noël Chardron
<Jean-Noel.Chardron@xxxxxxxxxxxx
<mailto:Jean-Noel.Chardron@xxxxxxxxxxxx>>
wrote:
hi,
ok , I suppose the ip adress of the server is 192.168.5.1 (right ?)
and you have a client (a centos 5.3) with unknow to us ip address.
I suppose the nsswitch.conf and /etc/ldap.conf below is on the
client so it is correct
Then can you show the files /etc/pam.d/system-auth and
/etc/pam.d/login that are on the client please
then can you tell us what is the uid of the user test01 in the FDS
Hakuna Matata a écrit :
yes, my nsswitch.conf file is as below.
passwd: files ldap
shadow: files ldap
group: files ldap
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files ldap
publickey: nisplus
automount: files ldap
aliases: files nisplus
and /etc/ldap.conf file contains
uri ldap://192.168.5.1 <http://192.168.5.1> <http://192.168.5.1>
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
----i am still not able to authenticate.......
-best Regards
--H
On Wed, Jun 17, 2009 at 12:21 PM, Dmitry Amirov
<amirov@xxxxxxxxxx <mailto:amirov@xxxxxxxxxx>
<mailto:amirov@xxxxxxxxxx <mailto:amirov@xxxxxxxxxx>>> wrote:
Hello
Is it ldap://ldap.vfds.local correct?
Please, try this command:
ping ldap.vfds.local
If pinging then try to use command getent to check that
ldap users are
present in your system.
getent passwd
If not pinging, then you need to use FQDN or ip-address,
like this:
ldap://1.2.3.4 <http://1.2.3.4> <http://1.2.3.4>
ldap://example.com <http://example.com> <http://example.com>
Hakuna Matata wrote:
> Hi,
>
> I am new to FDS, i have set this up as per the
documentation . It is
> working fine .
> Now want that linux client (CentOS 5.3) to authenticate
with FDS.
>
> hostname of FDS = ldap.fds.local
>
> i create a user test01 and fill the posix information
>
> on client machine i am using system-config-authentiation
> 1. check the LDAP box and filled the details as .
> LDAP search base dn = dc=vfds,
dc=local
> LDAP Server =
ldap://ldap.vfds.local
>
> then i rebooted the machine and trying to login via user
test01. now
> it is showing error as username or password incorrect.
>
>
> i would really appreciate if someone can give me some
pointer or
help
> where i am doing wrong.
>
> Many Thanks in advance
> Best regards
> --H
>
> --
> 389 users mailing list
> 389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>
<mailto:389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>>
>
https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
--
389 users mailing list
389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>
<mailto:389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>>
https://www.redhat.com/mailman/listinfo/fedora-directory-users
------------------------------------------------------------------------
--
389 users mailing list
389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
389 users mailing list
389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>
https://www.redhat.com/mailman/listinfo/fedora-directory-users
------------------------------------------------------------------------
--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Jean-Noel Chardron
--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
