[389-users] Help Needed -----Linux Ldap Client machine unable to login Fedors DS
Hakuna Matata
narender.hooda at gmail.com
Wed Jun 17 18:25:10 UTC 2009
This is what it is returning....
i guess i have to rebuild the client with CentOS 5.2 (though i have no
reason but still).....
and really want to give you big thank for helping me ...you are kind......
will keep posted with the results....
[root at client ~]# ldapsearch -x -h 192.168.5.1 -b "dc=vfds,dc=local"
-D "cn=Directory Manager" -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=vfds,dc=local> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
[root at client ~]#
On Wed, Jun 17, 2009 at 11:25 PM, Jean-Noel
Chardron<Jean-Noel.Chardron at dr15.cnrs.fr> wrote:
> Hakuna Matata a écrit :
>>
>> Still no luck....
>> i have added the below entry in my ldap.conf file
>> base dc=vfds,dc=local
>>
>>
>
> hum,
> does your fds answers to a request of ldapsearch ?
> you can try sommething like this from the server and from the client :
> without credentials:
> ldapsearch -x -h 192.168.5.1 -b "dc=vfds,dc=local" ''
> with credentials :
> ldapsearch -x -h 192.168.5.1 -b "dc=vfds,dc=local" -D "cn=Directory Manager
> '' -W
>>
>> --H
>>
>> On Wed, Jun 17, 2009 at 9:44 PM, Hakuna Matata<narender.hooda at gmail.com>
>> wrote:
>>
>>>>>>>
>>>>>>> grep base /etc/ldap.conf
>>>>>>>
>>>
>>> ----------------------------------
>>> #scope base
>>> # nss_base_XXX base?scope?filter
>>> # where scope is {base,one,sub}
>>> # nss_base_passwd ou=People,
>>> # to append the default base DN but this
>>> #nss_base_passwd ou=People,dc=example,dc=com?one
>>> #nss_base_shadow ou=People,dc=example,dc=com?one
>>> #nss_base_group ou=Group,dc=example,dc=com?one
>>> #nss_base_hosts ou=Hosts,dc=example,dc=com?one
>>> #nss_base_services ou=Services,dc=example,dc=com?one
>>> #nss_base_networks ou=Networks,dc=example,dc=com?one
>>> #nss_base_protocols ou=Protocols,dc=example,dc=com?one
>>> #nss_base_rpc ou=Rpc,dc=example,dc=com?one
>>> #nss_base_ethers ou=Ethers,dc=example,dc=com?one
>>> #nss_base_netmasks ou=Networks,dc=example,dc=com?ne
>>> #nss_base_bootparams ou=Ethers,dc=example,dc=com?one
>>> #nss_base_aliases ou=Aliases,dc=example,dc=com?one
>>> #nss_base_netgroup ou=Netgroup,dc=example,dc=com?one
>>> #nss_base_passwd ou=aixaccount,?one
>>> #nss_base_group ou=aixgroup,?one
>>>
>>> ---------------------------------------------------------------------------
>>>
>>> OK, so i was expecting some base which are binding it to FDS.....but did
>>> not
>>> find here any such thing...which gives an impression that
>>> system-config-authentication is not working proberly in CentOS5.3. My
>>> assumption may be wrong....
>>>
>>> so if i put some entry in this like (base dc=vfds,dc=local)...and then
>>> boot
>>> the client machine... can i expect it workin then.....
>>>
>>> waiting for the advise....in the mean time i am rebooting the machine....
>>>
>>> many thanks in advance...
>>>
>>>
>>> --H
>>>
>>> On Wed, Jun 17, 2009 at 6:15 PM, jean-Noël Chardron
>>> <Jean-Noel.Chardron at dr15.cnrs.fr> wrote:
>>>
>>>>
>>>> Hakuna Matata a écrit :
>>>>
>>>>>
>>>>> Jean
>>>>> Thanks for a quick reply.
>>>>>
>>>>> Client IP address is 192.168.5.4
>>>>> yes these files are from client only.
>>>>>
>>>>>
>>>>
>>>> all files seem correct , (in system-auth the interresting line are with
>>>> pam_ldap.so)
>>>> So may be, the base to search in the tree are misconfigured in the
>>>> /etc/ldap.conf
>>>>
>>>> you previously show the /etc/ldap.conf :
>>>> uri ldap://192.168.5.1 <http://192.168.5.1>
>>>> ssl no
>>>> tls_cacertdir /etc/openldap/cacerts
>>>> pam_password md5
>>>>
>>>> can you show the ouptut of the command :
>>>> grep base /etc/ldap.conf
>>>> with only the line that are uncommented , normaly this will show the
>>>> distinguished name of the search base.
>>>> and this must correspond with the tree in your FDS
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>> */etc/pam.d/system-auth *
>>>>> ------------------------------------------------
>>>>> This file is auto-generated.
>>>>> # User changes will be destroyed the next time authconfig is run.
>>>>> auth required pam_env.so
>>>>> auth sufficient pam_unix.so nullok try_first_pass
>>>>> auth requisite pam_succeed_if.so uid >= 500 quiet
>>>>> auth sufficient pam_ldap.so use_first_pass
>>>>> auth required pam_deny.so
>>>>>
>>>>> account required pam_unix.so broken_shadow
>>>>> account sufficient pam_succeed_if.so uid < 500 quiet
>>>>> account [default=bad success=ok user_unknown=ignore] pam_ldap.so
>>>>> account required pam_permit.so
>>>>>
>>>>> password requisite pam_cracklib.so try_first_pass retry=3
>>>>> password sufficient pam_unix.so md5 shadow nullok try_first_pass
>>>>> use_authtok
>>>>> password sufficient pam_ldap.so use_authtok
>>>>> password required pam_deny.so
>>>>>
>>>>> session optional pam_keyinit.so revoke
>>>>> session required pam_limits.so
>>>>> session optional pam_keyinit.so revoke
>>>>> session required pam_limits.so
>>>>> session [success=1 default=ignore] pam_succeed_if.so service in
>>>>> crond
>>>>> quiet use_uid
>>>>> session required pam_unix.so
>>>>> session optional pam_ldap.so
>>>>> -----------------------------------------------------------------------
>>>>>
>>>>> and* /etc/pam.d/login *
>>>>>
>>>>> #%PAM-1.0
>>>>> auth [user_unknown=ignore success=ok ignore=ignore default=bad]
>>>>> pam_securetty.so
>>>>> auth include system-auth
>>>>> account required pam_nologin.so
>>>>> account include system-auth
>>>>> password include system-auth
>>>>> # pam_selinux.so close should be the first session rule
>>>>> session required pam_selinux.so close
>>>>> session include system-auth
>>>>> session required pam_loginuid.so
>>>>> session optional pam_console.so
>>>>> # pam_selinux.so open should only be followed by sessions to be
>>>>> executed
>>>>> in the user context
>>>>> session required pam_selinux.so open
>>>>> session optional pam_keyinit.so force revoke
>>>>> ~
>>>>>
>>>>> ----------------------------------------------------------------------------------
>>>>>
>>>>> what is the *uid of the user test01 in the FDS*
>>>>>
>>>>> uid is t01
>>>>>
>>>>> and under Posix user
>>>>>
>>>>> uid numbe =2223 (i manually gave this)
>>>>> gid number=2223
>>>>> home dire = /home/test
>>>>> login shell=/bin/test
>>>>>
>>>>>
>>>>> and then i create a directory with name "test" under /home
>>>>> ...........eg.
>>>>> mkdir /home/test
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Best Regards
>>>>> --H
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Jun 17, 2009 at 4:33 PM, jean-Noël Chardron
>>>>> <Jean-Noel.Chardron at dr15.cnrs.fr
>>>>> <mailto:Jean-Noel.Chardron at dr15.cnrs.fr>>
>>>>> wrote:
>>>>>
>>>>> hi,
>>>>>
>>>>> ok , I suppose the ip adress of the server is 192.168.5.1 (right ?)
>>>>> and you have a client (a centos 5.3) with unknow to us ip address.
>>>>>
>>>>> I suppose the nsswitch.conf and /etc/ldap.conf below is on the
>>>>> client so it is correct
>>>>>
>>>>> Then can you show the files /etc/pam.d/system-auth and
>>>>> /etc/pam.d/login that are on the client please
>>>>>
>>>>> then can you tell us what is the uid of the user test01 in the FDS
>>>>>
>>>>>
>>>>>
>>>>> Hakuna Matata a écrit :
>>>>>
>>>>>
>>>>> yes, my nsswitch.conf file is as below.
>>>>> passwd: files ldap
>>>>> shadow: files ldap
>>>>> group: files ldap
>>>>>
>>>>> ethers: files
>>>>> netmasks: files
>>>>> networks: files
>>>>> protocols: files
>>>>> rpc: files
>>>>> services: files
>>>>>
>>>>> netgroup: files ldap
>>>>>
>>>>> publickey: nisplus
>>>>>
>>>>> automount: files ldap
>>>>> aliases: files nisplus
>>>>>
>>>>>
>>>>> and /etc/ldap.conf file contains
>>>>> uri ldap://192.168.5.1 <http://192.168.5.1> <http://192.168.5.1>
>>>>>
>>>>> ssl no
>>>>> tls_cacertdir /etc/openldap/cacerts
>>>>> pam_password md5
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ----i am still not able to authenticate.......
>>>>>
>>>>>
>>>>> -best Regards
>>>>> --H
>>>>>
>>>>> On Wed, Jun 17, 2009 at 12:21 PM, Dmitry Amirov
>>>>> <amirov at infinet.ru <mailto:amirov at infinet.ru>
>>>>> <mailto:amirov at infinet.ru <mailto:amirov at infinet.ru>>> wrote:
>>>>>
>>>>> Hello
>>>>>
>>>>> Is it ldap://ldap.vfds.local correct?
>>>>> Please, try this command:
>>>>>
>>>>> ping ldap.vfds.local
>>>>>
>>>>> If pinging then try to use command getent to check that
>>>>> ldap users are
>>>>> present in your system.
>>>>> getent passwd
>>>>>
>>>>> If not pinging, then you need to use FQDN or ip-address,
>>>>> like this:
>>>>>
>>>>> ldap://1.2.3.4 <http://1.2.3.4> <http://1.2.3.4>
>>>>> ldap://example.com <http://example.com> <http://example.com>
>>>>>
>>>>>
>>>>>
>>>>> Hakuna Matata wrote:
>>>>> > Hi,
>>>>> >
>>>>> > I am new to FDS, i have set this up as per the
>>>>> documentation . It is
>>>>> > working fine .
>>>>> > Now want that linux client (CentOS 5.3) to authenticate
>>>>> with FDS.
>>>>> >
>>>>> > hostname of FDS = ldap.fds.local
>>>>> >
>>>>> > i create a user test01 and fill the posix information
>>>>> >
>>>>> > on client machine i am using system-config-authentiation
>>>>> > 1. check the LDAP box and filled the details as .
>>>>> > LDAP search base dn = dc=vfds,
>>>>> dc=local
>>>>> > LDAP Server =
>>>>> ldap://ldap.vfds.local
>>>>> >
>>>>> > then i rebooted the machine and trying to login via user
>>>>> test01. now
>>>>> > it is showing error as username or password incorrect.
>>>>> >
>>>>> >
>>>>> > i would really appreciate if someone can give me some
>>>>> pointer or
>>>>> help
>>>>> > where i am doing wrong.
>>>>> >
>>>>> > Many Thanks in advance
>>>>> > Best regards
>>>>> > --H
>>>>> >
>>>>> > --
>>>>> > 389 users mailing list
>>>>> > 389-users at redhat.com <mailto:389-users at redhat.com>
>>>>> <mailto:389-users at redhat.com <mailto:389-users at redhat.com>>
>>>>>
>>>>> >
>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>> >
>>>>>
>>>>> --
>>>>> 389 users mailing list
>>>>> 389-users at redhat.com <mailto:389-users at redhat.com>
>>>>> <mailto:389-users at redhat.com <mailto:389-users at redhat.com>>
>>>>>
>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------
>>>>>
>>>>> --
>>>>> 389 users mailing list
>>>>> 389-users at redhat.com <mailto:389-users at redhat.com>
>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> 389 users mailing list
>>>>> 389-users at redhat.com <mailto:389-users at redhat.com>
>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------
>>>>>
>>>>> --
>>>>> 389 users mailing list
>>>>> 389-users at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>>>
>>>>
>>>> --
>>>> Jean-Noel Chardron
>>>>
>>>>
>>>>
>>>> --
>>>> 389 users mailing list
>>>> 389-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>>
>>>
>>
>> --
>> 389 users mailing list
>> 389-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
More information about the Fedora-directory-users
mailing list