[389-users] Help Needed -----Linux Ldap Client machine unable to login Fedors DS
Jean-Noel Chardron
Jean-Noel.Chardron at dr15.cnrs.fr
Wed Jun 17 19:58:10 UTC 2009
Hakuna Matata a écrit :
> This is what it is returning....
>
> i guess i have to rebuild the client with CentOS 5.2 (though i have no
> reason but still).....
>
> and really want to give you big thank for helping me ...you are kind......
> will keep posted with the results....
>
> [root at client ~]# ldapsearch -x -h 192.168.5.1 -b "dc=vfds,dc=local"
> -D "cn=Directory Manager" -W
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <dc=vfds,dc=local> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 32 No such object
>
> # numResponses: 1
>
I don't know exactly the syntax of ldapsearch but I can say that the
request is not correct, you forget the quote at the end of the line to
have the full answer (see man ldapsearch).
and what else if you try without bind the dn : ldapsearch -x -h
192.168.5.1 -b "dc=vfds,dc=local" ''
> [root at client ~]#
>
>
> On Wed, Jun 17, 2009 at 11:25 PM, Jean-Noel
> Chardron<Jean-Noel.Chardron at dr15.cnrs.fr> wrote:
>
>> Hakuna Matata a écrit :
>>
>>> Still no luck....
>>> i have added the below entry in my ldap.conf file
>>> base dc=vfds,dc=local
>>>
>>>
>>>
>> hum,
>> does your fds answers to a request of ldapsearch ?
>> you can try sommething like this from the server and from the client :
>> without credentials:
>> ldapsearch -x -h 192.168.5.1 -b "dc=vfds,dc=local" ''
>> with credentials :
>> ldapsearch -x -h 192.168.5.1 -b "dc=vfds,dc=local" -D "cn=Directory Manager
>> '' -W
>>
>>> --H
>>>
>>> On Wed, Jun 17, 2009 at 9:44 PM, Hakuna Matata<narender.hooda at gmail.com>
>>> wrote:
>>>
>>>
>>>>>>>> grep base /etc/ldap.conf
>>>>>>>>
>>>>>>>>
>>>> ----------------------------------
>>>> #scope base
>>>> # nss_base_XXX base?scope?filter
>>>> # where scope is {base,one,sub}
>>>> # nss_base_passwd ou=People,
>>>> # to append the default base DN but this
>>>> #nss_base_passwd ou=People,dc=example,dc=com?one
>>>> #nss_base_shadow ou=People,dc=example,dc=com?one
>>>> #nss_base_group ou=Group,dc=example,dc=com?one
>>>> #nss_base_hosts ou=Hosts,dc=example,dc=com?one
>>>> #nss_base_services ou=Services,dc=example,dc=com?one
>>>> #nss_base_networks ou=Networks,dc=example,dc=com?one
>>>> #nss_base_protocols ou=Protocols,dc=example,dc=com?one
>>>> #nss_base_rpc ou=Rpc,dc=example,dc=com?one
>>>> #nss_base_ethers ou=Ethers,dc=example,dc=com?one
>>>> #nss_base_netmasks ou=Networks,dc=example,dc=com?ne
>>>> #nss_base_bootparams ou=Ethers,dc=example,dc=com?one
>>>> #nss_base_aliases ou=Aliases,dc=example,dc=com?one
>>>> #nss_base_netgroup ou=Netgroup,dc=example,dc=com?one
>>>> #nss_base_passwd ou=aixaccount,?one
>>>> #nss_base_group ou=aixgroup,?one
>>>>
>>>> ---------------------------------------------------------------------------
>>>>
>>>> OK, so i was expecting some base which are binding it to FDS.....but did
>>>> not
>>>> find here any such thing...which gives an impression that
>>>> system-config-authentication is not working proberly in CentOS5.3. My
>>>> assumption may be wrong....
>>>>
>>>> so if i put some entry in this like (base dc=vfds,dc=local)...and then
>>>> boot
>>>> the client machine... can i expect it workin then.....
>>>>
>>>> waiting for the advise....in the mean time i am rebooting the machine....
>>>>
>>>> many thanks in advance...
>>>>
>>>>
>>>> --H
>>>>
>>>> On Wed, Jun 17, 2009 at 6:15 PM, jean-Noël Chardron
>>>> <Jean-Noel.Chardron at dr15.cnrs.fr> wrote:
>>>>
>>>>
>>>>> Hakuna Matata a écrit :
>>>>>
>>>>>
>>>>>> Jean
>>>>>> Thanks for a quick reply.
>>>>>>
>>>>>> Client IP address is 192.168.5.4
>>>>>> yes these files are from client only.
>>>>>>
>>>>>>
>>>>>>
>>>>> all files seem correct , (in system-auth the interresting line are with
>>>>> pam_ldap.so)
>>>>> So may be, the base to search in the tree are misconfigured in the
>>>>> /etc/ldap.conf
>>>>>
>>>>> you previously show the /etc/ldap.conf :
>>>>> uri ldap://192.168.5.1 <http://192.168.5.1>
>>>>> ssl no
>>>>> tls_cacertdir /etc/openldap/cacerts
>>>>> pam_password md5
>>>>>
>>>>> can you show the ouptut of the command :
>>>>> grep base /etc/ldap.conf
>>>>> with only the line that are uncommented , normaly this will show the
>>>>> distinguished name of the search base.
>>>>> and this must correspond with the tree in your FDS
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> */etc/pam.d/system-auth *
>>>>>> ------------------------------------------------
>>>>>> This file is auto-generated.
>>>>>> # User changes will be destroyed the next time authconfig is run.
>>>>>> auth required pam_env.so
>>>>>> auth sufficient pam_unix.so nullok try_first_pass
>>>>>> auth requisite pam_succeed_if.so uid >= 500 quiet
>>>>>> auth sufficient pam_ldap.so use_first_pass
>>>>>> auth required pam_deny.so
>>>>>>
>>>>>> account required pam_unix.so broken_shadow
>>>>>> account sufficient pam_succeed_if.so uid < 500 quiet
>>>>>> account [default=bad success=ok user_unknown=ignore] pam_ldap.so
>>>>>> account required pam_permit.so
>>>>>>
>>>>>> password requisite pam_cracklib.so try_first_pass retry=3
>>>>>> password sufficient pam_unix.so md5 shadow nullok try_first_pass
>>>>>> use_authtok
>>>>>> password sufficient pam_ldap.so use_authtok
>>>>>> password required pam_deny.so
>>>>>>
>>>>>> session optional pam_keyinit.so revoke
>>>>>> session required pam_limits.so
>>>>>> session optional pam_keyinit.so revoke
>>>>>> session required pam_limits.so
>>>>>> session [success=1 default=ignore] pam_succeed_if.so service in
>>>>>> crond
>>>>>> quiet use_uid
>>>>>> session required pam_unix.so
>>>>>> session optional pam_ldap.so
>>>>>> -----------------------------------------------------------------------
>>>>>>
>>>>>> and* /etc/pam.d/login *
>>>>>>
>>>>>> #%PAM-1.0
>>>>>> auth [user_unknown=ignore success=ok ignore=ignore default=bad]
>>>>>> pam_securetty.so
>>>>>> auth include system-auth
>>>>>> account required pam_nologin.so
>>>>>> account include system-auth
>>>>>> password include system-auth
>>>>>> # pam_selinux.so close should be the first session rule
>>>>>> session required pam_selinux.so close
>>>>>> session include system-auth
>>>>>> session required pam_loginuid.so
>>>>>> session optional pam_console.so
>>>>>> # pam_selinux.so open should only be followed by sessions to be
>>>>>> executed
>>>>>> in the user context
>>>>>> session required pam_selinux.so open
>>>>>> session optional pam_keyinit.so force revoke
>>>>>> ~
>>>>>>
>>>>>> ----------------------------------------------------------------------------------
>>>>>>
>>>>>> what is the *uid of the user test01 in the FDS*
>>>>>>
>>>>>> uid is t01
>>>>>>
>>>>>> and under Posix user
>>>>>>
>>>>>> uid numbe =2223 (i manually gave this)
>>>>>> gid number=2223
>>>>>> home dire = /home/test
>>>>>> login shell=/bin/test
>>>>>>
>>>>>>
>>>>>> and then i create a directory with name "test" under /home
>>>>>> ...........eg.
>>>>>> mkdir /home/test
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Best Regards
>>>>>> --H
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Jun 17, 2009 at 4:33 PM, jean-Noël Chardron
>>>>>> <Jean-Noel.Chardron at dr15.cnrs.fr
>>>>>> <mailto:Jean-Noel.Chardron at dr15.cnrs.fr>>
>>>>>> wrote:
>>>>>>
>>>>>> hi,
>>>>>>
>>>>>> ok , I suppose the ip adress of the server is 192.168.5.1 (right ?)
>>>>>> and you have a client (a centos 5.3) with unknow to us ip address.
>>>>>>
>>>>>> I suppose the nsswitch.conf and /etc/ldap.conf below is on the
>>>>>> client so it is correct
>>>>>>
>>>>>> Then can you show the files /etc/pam.d/system-auth and
>>>>>> /etc/pam.d/login that are on the client please
>>>>>>
>>>>>> then can you tell us what is the uid of the user test01 in the FDS
>>>>>>
>>>>>>
>>>>>>
>>>>>> Hakuna Matata a écrit :
>>>>>>
>>>>>>
>>>>>> yes, my nsswitch.conf file is as below.
>>>>>> passwd: files ldap
>>>>>> shadow: files ldap
>>>>>> group: files ldap
>>>>>>
>>>>>> ethers: files
>>>>>> netmasks: files
>>>>>> networks: files
>>>>>> protocols: files
>>>>>> rpc: files
>>>>>> services: files
>>>>>>
>>>>>> netgroup: files ldap
>>>>>>
>>>>>> publickey: nisplus
>>>>>>
>>>>>> automount: files ldap
>>>>>> aliases: files nisplus
>>>>>>
>>>>>>
>>>>>> and /etc/ldap.conf file contains
>>>>>> uri ldap://192.168.5.1 <http://192.168.5.1> <http://192.168.5.1>
>>>>>>
>>>>>> ssl no
>>>>>> tls_cacertdir /etc/openldap/cacerts
>>>>>> pam_password md5
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> ----i am still not able to authenticate.......
>>>>>>
>>>>>>
>>>>>> -best Regards
>>>>>> --H
>>>>>>
>>>>>> On Wed, Jun 17, 2009 at 12:21 PM, Dmitry Amirov
>>>>>> <amirov at infinet.ru <mailto:amirov at infinet.ru>
>>>>>> <mailto:amirov at infinet.ru <mailto:amirov at infinet.ru>>> wrote:
>>>>>>
>>>>>> Hello
>>>>>>
>>>>>> Is it ldap://ldap.vfds.local correct?
>>>>>> Please, try this command:
>>>>>>
>>>>>> ping ldap.vfds.local
>>>>>>
>>>>>> If pinging then try to use command getent to check that
>>>>>> ldap users are
>>>>>> present in your system.
>>>>>> getent passwd
>>>>>>
>>>>>> If not pinging, then you need to use FQDN or ip-address,
>>>>>> like this:
>>>>>>
>>>>>> ldap://1.2.3.4 <http://1.2.3.4> <http://1.2.3.4>
>>>>>> ldap://example.com <http://example.com> <http://example.com>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Hakuna Matata wrote:
>>>>>> > Hi,
>>>>>> >
>>>>>> > I am new to FDS, i have set this up as per the
>>>>>> documentation . It is
>>>>>> > working fine .
>>>>>> > Now want that linux client (CentOS 5.3) to authenticate
>>>>>> with FDS.
>>>>>> >
>>>>>> > hostname of FDS = ldap.fds.local
>>>>>> >
>>>>>> > i create a user test01 and fill the posix information
>>>>>> >
>>>>>> > on client machine i am using system-config-authentiation
>>>>>> > 1. check the LDAP box and filled the details as .
>>>>>> > LDAP search base dn = dc=vfds,
>>>>>> dc=local
>>>>>> > LDAP Server =
>>>>>> ldap://ldap.vfds.local
>>>>>> >
>>>>>> > then i rebooted the machine and trying to login via user
>>>>>> test01. now
>>>>>> > it is showing error as username or password incorrect.
>>>>>> >
>>>>>> >
>>>>>> > i would really appreciate if someone can give me some
>>>>>> pointer or
>>>>>> help
>>>>>> > where i am doing wrong.
>>>>>> >
>>>>>> > Many Thanks in advance
>>>>>> > Best regards
>>>>>> > --H
>>>>>> >
>>>>>> > --
>>>>>> > 389 users mailing list
>>>>>> > 389-users at redhat.com <mailto:389-users at redhat.com>
>>>>>> <mailto:389-users at redhat.com <mailto:389-users at redhat.com>>
>>>>>>
>>>>>> >
>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>> >
>>>>>>
>>>>>> --
>>>>>> 389 users mailing list
>>>>>> 389-users at redhat.com <mailto:389-users at redhat.com>
>>>>>> <mailto:389-users at redhat.com <mailto:389-users at redhat.com>>
>>>>>>
>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------
>>>>>>
>>>>>> --
>>>>>> 389 users mailing list
>>>>>> 389-users at redhat.com <mailto:389-users at redhat.com>
>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> 389 users mailing list
>>>>>> 389-users at redhat.com <mailto:389-users at redhat.com>
>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------
>>>>>>
>>>>>> --
>>>>>> 389 users mailing list
>>>>>> 389-users at redhat.com
>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>
>>>>>>
>>>>>>
>>>>> --
>>>>> Jean-Noel Chardron
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> 389 users mailing list
>>>>> 389-users at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>>>
>>>>
>>> --
>>> 389 users mailing list
>>> 389-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>> --
>> 389 users mailing list
>> 389-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
More information about the 389-users
mailing list