<p>Do you have nss_ldap installed?<br>
</p>
<div class="gmail_quote">28-07-2012 18:58, "Fosiul Alam" <<a href="mailto:fosiul@gmail.com">fosiul@gmail.com</a>> napisał(a):<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
hi yes.. i am not using ip . i am using fully host name<br>
<br>
this is my nsswitch<br>
<br>
cat /etc/nsswitch.conf<br>
#<br>
# /etc/nsswitch.conf<br>
#<br>
# An example Name Service Switch config file. This file should be<br>
# sorted with the most-used services at the beginning.<br>
#<br>
# The entry '[NOTFOUND=return]' means that the search for an<br>
# entry should stop if the search in the previous entry turned<br>
# up nothing. Note that if the search failed due to some other reason<br>
# (like no NIS server responding) then the search continues with the<br>
# next entry.<br>
#<br>
# Legal entries are:<br>
#<br>
# nisplus or nis+ Use NIS+ (NIS version 3)<br>
# nis or yp Use NIS (NIS version 2), also called YP<br>
# dns Use DNS (Domain Name Service)<br>
# files Use the local files<br>
# db Use the local database (.db) files<br>
# compat Use NIS on compat mode<br>
# hesiod Use Hesiod for user lookups<br>
# [NOTFOUND=return] Stop searching if not found so far<br>
#<br>
<br>
# To use db, put the "db" in front of "files" for entries you want to be<br>
# looked up first in the databases<br>
#<br>
# Example:<br>
#passwd: db files nisplus nis<br>
#shadow: db files nisplus nis<br>
#group: db files nisplus nis<br>
<br>
passwd: files ldap<br>
shadow: files ldap<br>
group: files ldap<br>
<br>
#hosts: db files nisplus nis dns<br>
hosts: files dns<br>
<br>
# Example - obey only what nisplus tells us...<br>
#services: nisplus [NOTFOUND=return] files<br>
#networks: nisplus [NOTFOUND=return] files<br>
#protocols: nisplus [NOTFOUND=return] files<br>
#rpc: nisplus [NOTFOUND=return] files<br>
#ethers: nisplus [NOTFOUND=return] files<br>
#netmasks: nisplus [NOTFOUND=return] files<br>
<br>
bootparams: nisplus [NOTFOUND=return] files<br>
<br>
ethers: files<br>
netmasks: files<br>
networks: files<br>
protocols: files<br>
rpc: files<br>
services: files<br>
<br>
netgroup: files ldap<br>
<br>
publickey: nisplus<br>
<br>
automount: files ldap<br>
aliases: files nisplus<br>
<br>
sudoers: files ldap<br>
<br>
<br>
and /etc/ldap<br>
<br>
[root@home cacerts]# grep -v "^#" /etc/ldap.conf | sed -e '/^$/d'<br>
base dc=fosiul,dc=lan<br>
<br>
timelimit 120<br>
bind_timelimit 120<br>
idle_timelimit 3600<br>
#nss_base_passwd ou=users,l=uk,dc=fosiul,dc=lan,?one<br>
nss_initgroups_ignoreusers<br>
root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm<br>
uri ldap://ldap-2.fosiul.lan/<br>
ssl start_tls<br>
tls_cacertfile /etc/openldap/cacerts/ds-ca.crt<br>
pam_password clear<br>
<br>
<br>
On Sat, Jul 28, 2012 at 5:23 PM, Grzegorz Dwornicki <<a href="mailto:gd1100@gmail.com">gd1100@gmail.com</a>> wrote:<br>
> I assume you are using TLS. You need to use fqdn not ip of centos directory<br>
> server, configure firewall for 389 or 636 port.<br>
><br>
> Please send content of /etc/nsswitch.conf and /etc/ldap.conf<br>
><br>
> 28-07-2012 18:13, "Fosiul Alam" <<a href="mailto:fosiul@gmail.com">fosiul@gmail.com</a>> napisał(a):<br>
><br>
>> Hi<br>
>> I configured another pc<br>
>> with authconfig-tui<br>
>> but there is not any luck<br>
>> its same thing ..<br>
>><br>
>> Fosiul<br>
>><br>
>> On Sat, Jul 28, 2012 at 4:04 PM, Grzegorz Dwornicki <<a href="mailto:gd1100@gmail.com">gd1100@gmail.com</a>><br>
>> wrote:<br>
>> > In other mail I've told you: use authconfig or authconfig-tui or<br>
>> > system-config-authentication to setup system for ldap authentication.<br>
>> > For<br>
>> > example authconfig-tui has simple text-based interface, authconfig is<br>
>> > CLI<br>
>> > based and require arguments. Finally system-config-authentication has<br>
>> > gui.<br>
>> ><br>
>> > 28-07-2012 16:50, "Fosiul Alam" <<a href="mailto:fosiul@gmail.com">fosiul@gmail.com</a>> napisał(a):<br>
>> >><br>
>> >> Hi<br>
>> >> I have setup ldap server and from client its returning example :<br>
>> >><br>
>> >> [root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx -h<br>
>> >> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"<br>
>> >> # extended LDIF<br>
>> >> #<br>
>> >> # LDAPv3<br>
>> >> # base <dc=fosiul,dc=lan> with scope subtree<br>
>> >> # filter: (cn=Fosiul Alam)<br>
>> >> # requesting: ALL<br>
>> >> #<br>
>> >><br>
>> >> # falam, users, uk, fosiul.lan<br>
>> >> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan<br>
>> >> givenName: Fosiul<br>
>> >> sn: Alam<br>
>> >> loginShell: /bin/bash/bash<br>
>> >> uidNumber: 1000<br>
>> >> gidNumber: 3000<br>
>> >> objectClass: top<br>
>> >> objectClass: person<br>
>> >> objectClass: organizationalPerson<br>
>> >> objectClass: inetorgperson<br>
>> >> objectClass: posixAccount<br>
>> >> uid: falam<br>
>> >> cn: Fosiul Alam<br>
>> >> homeDirectory: /home/falam<br>
>> >> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ=<br>
>> >> =<br>
>> >><br>
>> >> # search result<br>
>> >> search: 3<br>
>> >> result: 0 Success<br>
>> >><br>
>> >> # numResponses: 2<br>
>> >> # numEntries: 1<br>
>> >><br>
>> >> and in the access log :<br>
>> >><br>
>> >> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from<br>
>> >> 192.0.0.4 to 192.0.0.9<br>
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT<br>
>> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS"<br>
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120<br>
>> >> nentries=0 etime=0<br>
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES<br>
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory<br>
>> >> manager" method=128 version=3<br>
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97<br>
>> >> nentries=0 etime=0 dn="cn=directory manager"<br>
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH<br>
>> >> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL<br>
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101<br>
>> >> nentries=1 etime=0<br>
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND<br>
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1<br>
>> >><br>
>> >><br>
>> >> But From command line , when i do<br>
>> >> [root@home ~]# id falam<br>
>> >> id: falam: No such user<br>
>> >><br>
>> >><br>
>> >><br>
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from<br>
>> >> 192.0.0.4 to 192.0.0.9<br>
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT<br>
>> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS"<br>
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120<br>
>> >> nentries=0 etime=0<br>
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES<br>
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128<br>
>> >> version=3<br>
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97<br>
>> >> nentries=0 etime=0 dn=""<br>
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH<br>
>> >> base="dc=fosiul,dc=lan" scope=2<br>
>> >> filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid<br>
>> >> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos<br>
>> >> description objectClass"<br>
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101<br>
>> >> nentries=0 etime=0<br>
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1<br>
>> >><br>
>> >><br>
>> >> So basically, ldapsearch is working but authentication is not working<br>
>> >> ..<br>
>> >><br>
>> >> Can any one please help me with this .<br>
>> >> and i am using Centos 5.8<br>
>> >><br>
>> >> Fosiul.<br>
>> >> --<br>
>> >> 389 users mailing list<br>
>> >> <a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
>> >> <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
>> ><br>
>> ><br>
>> > --<br>
>> > 389 users mailing list<br>
>> > <a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
>> > <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
>><br>
>><br>
>><br>
>> --<br>
>> Regards<br>
>> Fosiul Alam<br>
>> 07877100621<br>
>> <a href="http://www.fosiul.co.uk" target="_blank">http://www.fosiul.co.uk</a><br>
>> --<br>
>> 389 users mailing list<br>
>> <a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
>> <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
><br>
><br>
> --<br>
> 389 users mailing list<br>
> <a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
> <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
<br>
<br>
<br>
--<br>
Regards<br>
Fosiul Alam<br>
07877100621<br>
<a href="http://www.fosiul.co.uk" target="_blank">http://www.fosiul.co.uk</a><br>
--<br>
389 users mailing list<br>
<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></blockquote></div>