LDAP authentication on FC3

Mark msalists at gmx.net
Mon Jun 13 17:36:57 UTC 2005


Ok, that indeed seems to be the problem.

But even though "ssl no" works when using "host 192.168.1.20", it does not work when I use "URI ldap://192.168.1.20"

Why is this? What's the difference in how the two parameters are processed?

Thanks,

MARK


> -----Original Message-----
> From: fedora-list-bounces at redhat.com 
> [mailto:fedora-list-bounces at redhat.com] On Behalf Of Nigel Wade
> Sent: Monday, June 13, 2005 1:38 AM
> To: For users of Fedora Core releases
> Subject: Re: LDAP authentication on FC3
> 
> 
> Mark wrote:
> > Hi,
> > 
> > I have a problem using LDAP on FC3 for authentication and login.
> > 
> > So far it worked on FC1 without problem, but the same ldap.conf, 
> > nsswitch.conf and system-auth won't work under FC3.
> > 
> > ldap.conf looks like this:
> > 
> > base dc=mydomain,dc=com
> > host 192.168.1.20
> > pam_password md5
> > ssl yes
> > 
> > 
> > This gives me the following messages in /var/log/message:
> > Jun 12 23:48:27 infra1 sshd(pam_unix)[2716]: check pass; 
> user unknown 
> > Jun 12 23:48:27 infra1 sshd[2716]: pam_ldap: ldap_simple_bind Can't 
> > contact LDAP server Jun 12 23:48:27 infra1 sshd[2716]: pam_ldap: 
> > ldap_simple_bind Can't contact LDAP server
> > 
> > 
> > Changing the host parameter in ldap.conf to
> > URI ldaps://192.168.1.20
> > 
> > then gives me a different error message:
> > Jun 12 23:54:37 infra1 sshd(pam_unix)[2732]: check pass; 
> user unknown 
> > Jun 12 23:54:37 infra1 sshd(pam_unix)[2732]: authentication 
> failure; 
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.29
> > 
> > nscd is NOT running
> > Also, I disabled SELINUX
> > 
> > At the same time, finger and groups commands work, I can 
> also pull up 
> > the record using ldapsearch...
> > 
> > Any ideas what could be the problem?
> > 
> > Thanks,
> > 
> > MARK
> > 
> 
> Don't forget that ldapsearch and nss_ldap/pam_ldap use 
> different copies of 
> ldap.conf. One uses /etc/ldap.conf and the other uses 
> /etc/openldap/ldap.conf (can't remember which offhand). Make 
> sure both are 
> updated correctly, or symlink them. Also, at some stage PAM 
> attempts to bind 
> as the rootbinddn using the password in /etc/ldap.secret. Is 
> that setup?
> 
> I'd try getting the system working without SSL to begin with 
> (if that's an 
> option). At least then you can monitor the network traffic to 
> see what's 
> happening. Once LDAP works you can re-introduce the encryption.
> 
> -- 
> Nigel Wade, System Administrator, Space Plasma Physics Group,
>              University of Leicester, Leicester, LE1 7RH, UK
> E-mail :    nmw at ion.le.ac.uk
> Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555
> 
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
> 




More information about the users mailing list