[389-users] Help Needed -----Linux Ldap Client machine unable to login Fedors DS

jean-Noël Chardron Jean-Noel.Chardron at dr15.cnrs.fr
Wed Jun 17 12:45:24 UTC 2009 

Hakuna Matata a écrit :
> Jean
> Thanks for a quick reply.
>
> Client IP address is 192.168.5.4
> yes these files are from client only.
>
all files seem correct , (in system-auth the interresting line are with 
pam_ldap.so)
So may be, the base to search in the tree are misconfigured in the 
/etc/ldap.conf

you previously show the /etc/ldap.conf :
uri ldap://192.168.5.1 <http://192.168.5.1>
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5

can you show the ouptut of the command :
grep base /etc/ldap.conf
with only the line that are uncommented , normaly this will show the 
distinguished name of the search base.
and this must correspond with the tree in your FDS



>
> */etc/pam.d/system-auth *
> ------------------------------------------------
>  This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth        required      pam_env.so
> auth        sufficient    pam_unix.so nullok try_first_pass
> auth        requisite     pam_succeed_if.so uid >= 500 quiet
> auth        sufficient    pam_ldap.so use_first_pass
> auth        required      pam_deny.so
>
> account     required      pam_unix.so broken_shadow
> account     sufficient    pam_succeed_if.so uid < 500 quiet
> account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
> account     required      pam_permit.so
>
> password    requisite     pam_cracklib.so try_first_pass retry=3
> password    sufficient    pam_unix.so md5 shadow nullok try_first_pass 
> use_authtok
> password    sufficient    pam_ldap.so use_authtok
> password    required      pam_deny.so
>
> session     optional      pam_keyinit.so revoke
> session     required      pam_limits.so
> session     optional      pam_keyinit.so revoke
> session     required      pam_limits.so
> session     [success=1 default=ignore] pam_succeed_if.so service in 
> crond quiet use_uid
> session     required      pam_unix.so
> session     optional      pam_ldap.so
> -----------------------------------------------------------------------
>
> and* /etc/pam.d/login  *
>
> #%PAM-1.0
> auth [user_unknown=ignore success=ok ignore=ignore default=bad] 
> pam_securetty.so
> auth       include      system-auth
> account    required     pam_nologin.so
> account    include      system-auth
> password   include      system-auth
> # pam_selinux.so close should be the first session rule
> session    required     pam_selinux.so close
> session    include      system-auth
> session    required     pam_loginuid.so
> session    optional     pam_console.so
> # pam_selinux.so open should only be followed by sessions to be 
> executed in the user context
> session    required     pam_selinux.so open
> session    optional     pam_keyinit.so force revoke
> ~                                                  
> ----------------------------------------------------------------------------------
>
>  what is the *uid of the user test01 in the FDS*
>
> uid is t01
>
> and under Posix user
>
> uid numbe  =2223                                (i manually gave this)
> gid number=2223
> home dire = /home/test
> login shell=/bin/test
>
>
> and then i create a directory with name "test" under /home 
> ...........eg. mkdir /home/test
>
>
>
>
> Best Regards
> --H
>
>
>
>
>
>
> On Wed, Jun 17, 2009 at 4:33 PM, jean-Noël Chardron 
> <Jean-Noel.Chardron at dr15.cnrs.fr 
> <mailto:Jean-Noel.Chardron at dr15.cnrs.fr>> wrote:
>
>     hi,
>
>     ok , I suppose the ip adress of the server is  192.168.5.1 (right ?)
>     and you have a client (a centos 5.3)  with unknow to us  ip address.
>
>     I suppose the nsswitch.conf and /etc/ldap.conf below is on the
>     client so it is correct
>
>     Then can you show the files /etc/pam.d/system-auth and
>     /etc/pam.d/login  that are on the client please
>
>     then can you tell us  what is the uid of the user test01 in the FDS
>
>
>
>     Hakuna Matata a écrit :
>
>
>         yes, my nsswitch.conf file is as below.
>         passwd:     files ldap
>         shadow:     files ldap
>         group:      files ldap
>
>         ethers:     files
>         netmasks:   files
>         networks:   files
>         protocols:  files
>         rpc:        files
>         services:   files
>
>         netgroup:   files ldap
>
>         publickey:  nisplus
>
>         automount:  files ldap
>         aliases:    files nisplus
>
>
>         and /etc/ldap.conf file contains
>         uri ldap://192.168.5.1 <http://192.168.5.1> <http://192.168.5.1>
>
>         ssl no
>         tls_cacertdir /etc/openldap/cacerts
>         pam_password md5
>
>
>
>
>         ----i am still not able to authenticate.......
>
>
>         -best Regards
>         --H
>
>         On Wed, Jun 17, 2009 at 12:21 PM, Dmitry Amirov
>         <amirov at infinet.ru <mailto:amirov at infinet.ru>
>         <mailto:amirov at infinet.ru <mailto:amirov at infinet.ru>>> wrote:
>
>            Hello
>
>            Is it ldap://ldap.vfds.local correct?
>            Please, try this command:
>
>            ping ldap.vfds.local
>
>            If pinging then try to use command getent to check that
>         ldap users are
>            present in your system.
>            getent passwd
>
>            If not pinging, then you need to use FQDN or ip-address,
>         like this:
>
>            ldap://1.2.3.4 <http://1.2.3.4> <http://1.2.3.4>
>            ldap://example.com <http://example.com> <http://example.com>
>
>
>
>            Hakuna Matata wrote:
>            > Hi,
>            >
>            > I am new to FDS, i have set this up as per the
>         documentation . It is
>            > working fine .
>            > Now want that linux client (CentOS 5.3) to authenticate
>         with FDS.
>            >
>            > hostname of FDS = ldap.fds.local
>            >
>            > i create a user test01 and fill the posix information
>            >
>            > on client machine i am using system-config-authentiation
>            > 1. check the LDAP box and filled the details as .
>            > LDAP search base dn =                          dc=vfds,
>         dc=local
>            > LDAP Server =                                            
>           ldap://ldap.vfds.local
>            >
>            > then i rebooted the machine and trying to login via user
>         test01. now
>            > it is showing error as username or password incorrect.
>            >
>            >
>            > i would really appreciate if someone can give me some
>         pointer or
>            help
>            > where i am doing wrong.
>            >
>            > Many Thanks in advance
>            > Best regards
>            > --H
>            >
>            > --
>            > 389 users mailing list
>            > 389-users at redhat.com <mailto:389-users at redhat.com>
>         <mailto:389-users at redhat.com <mailto:389-users at redhat.com>>
>
>            >
>         https://www.redhat.com/mailman/listinfo/fedora-directory-users
>            >
>
>            --
>            389 users mailing list
>            389-users at redhat.com <mailto:389-users at redhat.com>
>         <mailto:389-users at redhat.com <mailto:389-users at redhat.com>>
>
>            https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>         ------------------------------------------------------------------------
>
>         --
>         389 users mailing list
>         389-users at redhat.com <mailto:389-users at redhat.com>
>         https://www.redhat.com/mailman/listinfo/fedora-directory-users
>          
>
>
>
>
>     --
>     389 users mailing list
>     389-users at redhat.com <mailto:389-users at redhat.com>
>     https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   


-- 
Jean-Noel Chardron

More information about the 389-users mailing list