[389-users] Stucked with Client Setup?
Thorsten Scherf
tscherf at redhat.com
Thu Jan 14 08:25:00 UTC 2010
On [Thu, 14.01.2010 10:17], Ajeet S Raina wrote:
> have been stucked with the following points:
>
> 1. Authenticating Linux Client with ldaps://
Please read the already mentioned HowTo to setup SSL. Everything is
described there in great detail. Again the link:
http://directory.fedoraproject.org/wiki/Howto:SSL
A short summary:
You have to either setup a new CA or use an already existing CA.
Create a certificate request for your server. Send this request
(csr-file) to the CA and let the CA sign the request. Import the
signed certificate (crt-file) into your DS. Make also the CA certificate
available to the client, either via certutil or the console. Both
certificates (from the server and the CA) should be visible with
certutil -d /etc/dirsrv/slapd-instancename -L) and/or via the console.
If this is not the case, don't move on, search the problem until you see
both certificates. Make sure the trust flags were set correctly.
Next step is to configure the client. Run system-config-authentication to
provide the necessary information to NSS and PAM. Specifiy a location
where the CA certificate can be found. After that, try to search the DS
with "ldapsearch -ZZ". If this is not working, don't move on, search the
problem until ldapsearch returns ldap objects from your DS. The logs files
with the error codes are always a good start point to troubleshoot problems.
If this is working, try to authenticate as a ldap user. If this works,
great, if not, check the logs, re-check the HOWTO. Try again. If it is
still not working, ask again.
> 2. Auto create home directory ( I will look into what you sent)
man pam_mkhomedir
> 3. Auto-Increment UserID
http://directory.fedoraproject.org/wiki/DNA_Plugin
hth.
Happy Day.
Thorsten
--
"Eternity is a very long time, especially towards the end."
— Stephen Hawking
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3894 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20100114/1f4da9cd/attachment.bin>
More information about the 389-users
mailing list