[389-users] Help Needed -----Linux Ldap Client machine unable to login Fedors DS
Hakuna Matata
narender.hooda at gmail.com
Wed Jun 17 11:31:23 UTC 2009
Jean
Thanks for a quick reply.
Client IP address is 192.168.5.4
yes these files are from client only.
*/etc/pam.d/system-auth *
------------------------------------------------
This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass
use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond
quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
-----------------------------------------------------------------------
and* /etc/pam.d/login *
#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad]
pam_securetty.so
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session include system-auth
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in
the user context
session required pam_selinux.so open
session optional pam_keyinit.so force revoke
~
----------------------------------------------------------------------------------
what is the *uid of the user test01 in the FDS*
uid is t01
and under Posix user
uid numbe =2223 (i manually gave this)
gid number=2223
home dire = /home/test
login shell=/bin/test
and then i create a directory with name "test" under /home ...........eg.
mkdir /home/test
Best Regards
--H
On Wed, Jun 17, 2009 at 4:33 PM, jean-Noël Chardron <
Jean-Noel.Chardron at dr15.cnrs.fr> wrote:
> hi,
>
> ok , I suppose the ip adress of the server is 192.168.5.1 (right ?)
> and you have a client (a centos 5.3) with unknow to us ip address.
>
> I suppose the nsswitch.conf and /etc/ldap.conf below is on the client so it
> is correct
>
> Then can you show the files /etc/pam.d/system-auth and /etc/pam.d/login
> that are on the client please
>
> then can you tell us what is the uid of the user test01 in the FDS
>
>
>
> Hakuna Matata a écrit :
>
>>
>> yes, my nsswitch.conf file is as below.
>> passwd: files ldap
>> shadow: files ldap
>> group: files ldap
>>
>> ethers: files
>> netmasks: files
>> networks: files
>> protocols: files
>> rpc: files
>> services: files
>>
>> netgroup: files ldap
>>
>> publickey: nisplus
>>
>> automount: files ldap
>> aliases: files nisplus
>>
>>
>> and /etc/ldap.conf file contains
>> uri ldap://192.168.5.1 <http://192.168.5.1>
>> ssl no
>> tls_cacertdir /etc/openldap/cacerts
>> pam_password md5
>>
>>
>>
>>
>> ----i am still not able to authenticate.......
>>
>>
>> -best Regards
>> --H
>>
>> On Wed, Jun 17, 2009 at 12:21 PM, Dmitry Amirov <amirov at infinet.ru<mailto:
>> amirov at infinet.ru>> wrote:
>>
>> Hello
>>
>> Is it ldap://ldap.vfds.local correct?
>> Please, try this command:
>>
>> ping ldap.vfds.local
>>
>> If pinging then try to use command getent to check that ldap users are
>> present in your system.
>> getent passwd
>>
>> If not pinging, then you need to use FQDN or ip-address, like this:
>>
>> ldap://1.2.3.4 <http://1.2.3.4>
>> ldap://example.com <http://example.com>
>>
>>
>> Hakuna Matata wrote:
>> > Hi,
>> >
>> > I am new to FDS, i have set this up as per the documentation . It is
>> > working fine .
>> > Now want that linux client (CentOS 5.3) to authenticate with FDS.
>> >
>> > hostname of FDS = ldap.fds.local
>> >
>> > i create a user test01 and fill the posix information
>> >
>> > on client machine i am using system-config-authentiation
>> > 1. check the LDAP box and filled the details as .
>> > LDAP search base dn = dc=vfds, dc=local
>> > LDAP Server =
>> ldap://ldap.vfds.local
>> >
>> > then i rebooted the machine and trying to login via user test01. now
>> > it is showing error as username or password incorrect.
>> >
>> >
>> > i would really appreciate if someone can give me some pointer or
>> help
>> > where i am doing wrong.
>> >
>> > Many Thanks in advance
>> > Best regards
>> > --H
>> >
>> > --
>> > 389 users mailing list
>> > 389-users at redhat.com <mailto:389-users at redhat.com>
>> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
>> >
>>
>> --
>> 389 users mailing list
>> 389-users at redhat.com <mailto:389-users at redhat.com>
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>> ------------------------------------------------------------------------
>>
>> --
>> 389 users mailing list
>> 389-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>
>
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20090617/335a801f/attachment.html>
More information about the 389-users
mailing list