[389-users] How to set up 389 client
Grzegorz Dwornicki
gd1100 at gmail.com
Mon Jan 14 15:54:28 UTC 2013
I do not know what you mean in DIACAP... acl I assume that you mean local
permision on system: I used ldap accounts with local permissions and I did
not experience any problems AFAICT.
Greg.
14 sty 2013 16:48, "Chaudhari, Rohit K." <Rohit.Chaudhari at jhuapl.edu>
napisaĆ(a):
> Is this something that will cause an issue with ACL/DIACAP restrictions?
> I'm not sure if you know what those are, but correct me if I'm wrong.
>
> Thanks.
>
> On 1/14/13 10:44 AM, "Doug Tucker" <tuckerd at lyle.smu.edu> wrote:
>
> >It's not going to show you the ldap users only the local ones.
> >
> >Sincerely,
> >
> >Doug Tucker
> >
> >On 01/14/2013 09:17 AM, Chaudhari, Rohit K. wrote:
> >> The id <ldap-user-name> command works just fine. That is not where I
> >> am having the issue. The issue lies in the local Users and Groups
> >> list in the RHEL client.
> >>
> >> When I click through System->Administration->Users and Groups, the
> >> ldap-user-name is not showing up on that list. How do I get it to
> >> show up on that list? This is a concern to me because my bosses are
> >> questioning whether the ldap-user-name I created has proper ACL
> >> privileges and would meet DIACAP requirements.
> >>
> >> Thanks,
> >>
> >> Rohit
> >>
> >> From: Chandan Kumar <chandank.kumar at gmail.com
> >> <mailto:chandank.kumar at gmail.com>>
> >> Reply-To: "General discussion list for the 389 Directory server
> >> project." <389-users at lists.fedoraproject.org
> >> <mailto:389-users at lists.fedoraproject.org>>
> >> Date: Monday, January 7, 2013 1:43 PM
> >> To: "General discussion list for the 389 Directory server project."
> >> <389-users at lists.fedoraproject.org
> >> <mailto:389-users at lists.fedoraproject.org>>
> >> Subject: Re: [389-users] How to set up 389 client
> >>
> >> Sounds bit strange. what is out put of "id <ldap-user-name>". If sssd
> >> is configured properly this command has to work. Moreover, while you
> >> execute this command watch /var/log/secure.log for any error messages.
> >>
> >> Also disable selinux/Firewall and test.
> >>
> >> On Monday, January 7, 2013, Chaudhari, Rohit K. wrote:
> >>
> >> I configured everything with SSSD as you suggested. I'm able to
> >> do successful logins authenticating against the LDAP server, but
> >> when I check the Users and Groups list on the client machine, that
> >> newly created user isn't added. Thoughts?
> >>
> >> Thanks.
> >>
> >> From: Chandan Kumar <chandank.kumar at gmail.com <javascript:_e({},
> >> 'cvml', 'chandank.kumar at gmail.com');>>
> >> Reply-To: "General discussion list for the 389 Directory server
> >> project." <389-users at lists.fedoraproject.org <javascript:_e({},
> >> 'cvml', '389-users at lists.fedoraproject.org');>>
> >> Date: Monday, January 7, 2013 1:36 PM
> >> To: "General discussion list for the 389 Directory server
> >> project." <389-users at lists.fedoraproject.org <javascript:_e({},
> >> 'cvml', '389-users at lists.fedoraproject.org');>>
> >> Subject: Re: [389-users] How to set up 389 client
> >>
> >> are you using SSSD on client side or PADL/NSS?
> >>
> >> On Monday, January 7, 2013, Chaudhari, Rohit K. wrote:
> >>
> >> I do specify the POSIX properties on the LDAP side. But when
> >> I login with that created user on the client side and check
> >> the Users and Groups list on the client machine, it is not
> >> listed there. I did avoid the warning message by adding the
> >> LDAP user to a group that already exists. I want the user I
> >> create in LDAP to become listed in the Users and Groups list
> >> on the client (for ACL purposes, if you know anything
> >> regarding meeting DIACAP guidelines). Did I miss something?
> >>
> >> Thanks
> >>
> >> From: Chandan Kumar <chandank.kumar at gmail.com>
> >> Reply-To: "General discussion list for the 389 Directory
> >> server project." <389-users at lists.fedoraproject.org>
> >> Date: Monday, January 7, 2013 11:39 AM
> >> To: "General discussion list for the 389 Directory server
> >> project." <389-users at lists.fedoraproject.org>
> >> Subject: Re: [389-users] How to set up 389 client
> >>
> >> Hello Rohit,
> >>
> >> While creating users you also need to specify POSIX properties
> >> for the user.
> >>
> >> In admin console you need to fill out posix properties details
> >> while creating the user. Also make sure you create posix
> >> groups and associate these new users with the group ID
> >> otherwise while login time you may get some warning message
> >> like "id: Group does not exist".
> >>
> >>
> >>
> >>
> >> --
> >> http://about.me/chandank
> >>
> >>
> >> On Mon, Jan 7, 2013 at 7:27 AM, Chaudhari, Rohit K.
> >> <Rohit.Chaudhari at jhuapl.edu> wrote:
> >>
> >> Hey Chandan,
> >>
> >> So I got the RHEL client working, but I have an
> >> outstanding issue. When I look at the users/groups
> >> setting on the client machine, the newly created user that
> >> I made on the RHEL LDAP server does not show up on the
> >> list. Is this how it is supposed to work? If not, how do
> >> I get a LDAP user to become a part of the users and groups
> >> list on the RHEL client?
> >>
> >> Thanks,
> >>
> >> Rohit
> >>
> >> From: Chandan Kumar <chandank.kumar at gmail.com>
> >> Reply-To: "General discussion list for the 389 Directory
> >> server project." <389-users at lists.fedoraproject.org>
> >> Date: Thursday, December 20, 2012 6:21 PM
> >>
> >> To: "General discussion list for the 389 Directory server
> >> project." <389-users at lists.fedoraproject.org>
> >> Subject: Re: [389-users] How to set up 389 client
> >>
> >> Yes do need to replace it with SSSD. If you are having a
> >> fresh Centos install, by default it is sssd only.
> >>
> >> Best way would be to use the authconfig tool as it changes
> >> all related files and you don't have to manually change
> >> all of them. Moreover, you also need change the nss.conf
> >> file and make sure groups/users do have sssd instead of
> >>ldap.
> >>
> >> From RHEL 6.4 sssd will be fully supported and it gives
> >> better performance if you intend to integrate many
> >> applications with LDAP as it does not open multiple
> >> connections with the directory server.
> >>
> >> I will look that guide again and will try to improve it.
> >>
> >> On Thursday, December 20, 2012, Chaudhari, Rohit K. wrote:
> >>
> >> Okay I will try checking those parameters. I am doing
> >> sssd, I used ldap pan before in CentOS 6 and that ha
> >>
> >>
> >>
> >> --
> >>
> >> --
> >> http://about.me/chandank
> >>
> >>
> >>
> >> --
> >> 389 users mailing list
> >> 389-users at lists.fedoraproject.org
> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> >--
> >389 users mailing list
> >389-users at lists.fedoraproject.org
> >https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20130114/f14af35b/attachment.html>
More information about the 389-users
mailing list