Re: [389-users] Help Needed -----Linux Ldap Client machine unable to login Fedors DS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hakuna Matata a écrit :
This is what it is returning....

i guess i have to rebuild the client with CentOS 5.2 (though i have no
reason but still).....

and really want to give you big thank for helping me ...you are kind......
will keep posted with the results....

[root@client ~]# ldapsearch -x -h  192.168.5.1 -b "dc=vfds,dc=local"
-D "cn=Directory Manager"  -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=vfds,dc=local> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1
I don't know exactly the syntax of ldapsearch but I can say that the request is not correct, you forget the quote at the end of the line to have the full answer (see man ldapsearch). and what else if you try without bind the dn : ldapsearch -x -h 192.168.5.1 -b "dc=vfds,dc=local" ''
[root@client ~]#


On Wed, Jun 17, 2009 at 11:25 PM, Jean-Noel
Chardron<Jean-Noel.Chardron@xxxxxxxxxxxx> wrote:
Hakuna Matata a écrit :
Still no luck....
i have added the below entry in my ldap.conf file
base dc=vfds,dc=local


hum,
does your fds answers to a request of ldapsearch ?
you can try sommething like this from the server and from the client :
without credentials:
ldapsearch -x -h  192.168.5.1 -b "dc=vfds,dc=local" ''
with credentials :
ldapsearch -x -h  192.168.5.1 -b "dc=vfds,dc=local" -D "cn=Directory Manager
 ''  -W
--H

On Wed, Jun 17, 2009 at 9:44 PM, Hakuna Matata<narender.hooda@xxxxxxxxx>
wrote:

grep base /etc/ldap.conf

----------------------------------
#scope base
# nss_base_XXX          base?scope?filter
# where scope is {base,one,sub}
# nss_base_passwd       ou=People,
# to append the default base DN but this
#nss_base_passwd        ou=People,dc=example,dc=com?one
#nss_base_shadow        ou=People,dc=example,dc=com?one
#nss_base_group         ou=Group,dc=example,dc=com?one
#nss_base_hosts         ou=Hosts,dc=example,dc=com?one
#nss_base_services      ou=Services,dc=example,dc=com?one
#nss_base_networks      ou=Networks,dc=example,dc=com?one
#nss_base_protocols     ou=Protocols,dc=example,dc=com?one
#nss_base_rpc           ou=Rpc,dc=example,dc=com?one
#nss_base_ethers        ou=Ethers,dc=example,dc=com?one
#nss_base_netmasks      ou=Networks,dc=example,dc=com?ne
#nss_base_bootparams    ou=Ethers,dc=example,dc=com?one
#nss_base_aliases       ou=Aliases,dc=example,dc=com?one
#nss_base_netgroup      ou=Netgroup,dc=example,dc=com?one
#nss_base_passwd ou=aixaccount,?one
#nss_base_group ou=aixgroup,?one

---------------------------------------------------------------------------

OK, so i was expecting some base which are binding it to FDS.....but did
not
find here any such thing...which gives an impression that
system-config-authentication is not working proberly in CentOS5.3. My
assumption may be wrong....

so if i put some entry in this like (base dc=vfds,dc=local)...and then
boot
the client machine... can i expect it workin then.....

waiting for the advise....in the mean time i am rebooting the machine....

many thanks in advance...


--H

On Wed, Jun 17, 2009 at 6:15 PM, jean-Noël Chardron
<Jean-Noel.Chardron@xxxxxxxxxxxx> wrote:

Hakuna Matata a écrit :

Jean
Thanks for a quick reply.

Client IP address is 192.168.5.4
yes these files are from client only.


all files seem correct , (in system-auth the interresting line are with
pam_ldap.so)
So may be, the base to search in the tree are misconfigured in the
/etc/ldap.conf

you previously show the /etc/ldap.conf :
uri ldap://192.168.5.1 <http://192.168.5.1>
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5

can you show the ouptut of the command :
grep base /etc/ldap.conf
with only the line that are uncommented , normaly this will show the
distinguished name of the search base.
and this must correspond with the tree in your FDS




*/etc/pam.d/system-auth *
------------------------------------------------
 This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_ldap.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass
use_authtok
password    sufficient    pam_ldap.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in
crond
quiet use_uid
session     required      pam_unix.so
session     optional      pam_ldap.so
-----------------------------------------------------------------------

and* /etc/pam.d/login  *

#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad]
pam_securetty.so
auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    include      system-auth
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should only be followed by sessions to be
executed
in the user context
session    required     pam_selinux.so open
session    optional     pam_keyinit.so force revoke
~

 ----------------------------------------------------------------------------------

 what is the *uid of the user test01 in the FDS*

uid is t01

and under Posix user

uid numbe  =2223                                (i manually gave this)
gid number=2223
home dire = /home/test
login shell=/bin/test


and then i create a directory with name "test" under /home
...........eg.
mkdir /home/test




Best Regards
--H






On Wed, Jun 17, 2009 at 4:33 PM, jean-Noël Chardron
<Jean-Noel.Chardron@xxxxxxxxxxxx
<mailto:Jean-Noel.Chardron@xxxxxxxxxxxx>>
wrote:

  hi,

  ok , I suppose the ip adress of the server is  192.168.5.1 (right ?)
  and you have a client (a centos 5.3)  with unknow to us  ip address.

  I suppose the nsswitch.conf and /etc/ldap.conf below is on the
  client so it is correct

  Then can you show the files /etc/pam.d/system-auth and
  /etc/pam.d/login  that are on the client please

  then can you tell us  what is the uid of the user test01 in the FDS



  Hakuna Matata a écrit :


      yes, my nsswitch.conf file is as below.
      passwd:     files ldap
      shadow:     files ldap
      group:      files ldap

      ethers:     files
      netmasks:   files
      networks:   files
      protocols:  files
      rpc:        files
      services:   files

      netgroup:   files ldap

      publickey:  nisplus

      automount:  files ldap
      aliases:    files nisplus


      and /etc/ldap.conf file contains
      uri ldap://192.168.5.1 <http://192.168.5.1> <http://192.168.5.1>

      ssl no
      tls_cacertdir /etc/openldap/cacerts
      pam_password md5




      ----i am still not able to authenticate.......


      -best Regards
      --H

      On Wed, Jun 17, 2009 at 12:21 PM, Dmitry Amirov
      <amirov@xxxxxxxxxx <mailto:amirov@xxxxxxxxxx>
      <mailto:amirov@xxxxxxxxxx <mailto:amirov@xxxxxxxxxx>>> wrote:

         Hello

         Is it ldap://ldap.vfds.local correct?
         Please, try this command:

         ping ldap.vfds.local

         If pinging then try to use command getent to check that
      ldap users are
         present in your system.
         getent passwd

         If not pinging, then you need to use FQDN or ip-address,
      like this:

         ldap://1.2.3.4 <http://1.2.3.4> <http://1.2.3.4>
         ldap://example.com <http://example.com> <http://example.com>



         Hakuna Matata wrote:
         > Hi,
         >
         > I am new to FDS, i have set this up as per the
      documentation . It is
         > working fine .
         > Now want that linux client (CentOS 5.3) to authenticate
      with FDS.
         >
         > hostname of FDS = ldap.fds.local
         >
         > i create a user test01 and fill the posix information
         >
         > on client machine i am using system-config-authentiation
         > 1. check the LDAP box and filled the details as .
         > LDAP search base dn =                          dc=vfds,
      dc=local
         > LDAP Server =
    ldap://ldap.vfds.local
         >
         > then i rebooted the machine and trying to login via user
      test01. now
         > it is showing error as username or password incorrect.
         >
         >
         > i would really appreciate if someone can give me some
      pointer or
         help
         > where i am doing wrong.
         >
         > Many Thanks in advance
         > Best regards
         > --H
         >
         > --
         > 389 users mailing list
         > 389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>
      <mailto:389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>>

         >
      https://www.redhat.com/mailman/listinfo/fedora-directory-users
         >

         --
         389 users mailing list
         389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>
      <mailto:389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>>

         https://www.redhat.com/mailman/listinfo/fedora-directory-users




 ------------------------------------------------------------------------

      --
      389 users mailing list
      389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>
      https://www.redhat.com/mailman/listinfo/fedora-directory-users




  --
  389 users mailing list
  389-users@xxxxxxxxxx <mailto:389-users@xxxxxxxxxx>
  https://www.redhat.com/mailman/listinfo/fedora-directory-users



------------------------------------------------------------------------

--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users


--
Jean-Noel Chardron



--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users


--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users


--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux