LDAP authentication on FC3
msalists at gmx.net
Mon Jun 13 17:36:57 UTC 2005
Ok, that indeed seems to be the problem.
But even though "ssl no" works when using "host 192.168.1.20", it does not work when I use "URI ldap://192.168.1.20"
Why is this? What's the difference in how the two parameters are processed?
> -----Original Message-----
> From: fedora-list-bounces at redhat.com
> [mailto:fedora-list-bounces at redhat.com] On Behalf Of Nigel Wade
> Sent: Monday, June 13, 2005 1:38 AM
> To: For users of Fedora Core releases
> Subject: Re: LDAP authentication on FC3
> Mark wrote:
> > Hi,
> > I have a problem using LDAP on FC3 for authentication and login.
> > So far it worked on FC1 without problem, but the same ldap.conf,
> > nsswitch.conf and system-auth won't work under FC3.
> > ldap.conf looks like this:
> > base dc=mydomain,dc=com
> > host 192.168.1.20
> > pam_password md5
> > ssl yes
> > This gives me the following messages in /var/log/message:
> > Jun 12 23:48:27 infra1 sshd(pam_unix): check pass;
> user unknown
> > Jun 12 23:48:27 infra1 sshd: pam_ldap: ldap_simple_bind Can't
> > contact LDAP server Jun 12 23:48:27 infra1 sshd: pam_ldap:
> > ldap_simple_bind Can't contact LDAP server
> > Changing the host parameter in ldap.conf to
> > URI ldaps://192.168.1.20
> > then gives me a different error message:
> > Jun 12 23:54:37 infra1 sshd(pam_unix): check pass;
> user unknown
> > Jun 12 23:54:37 infra1 sshd(pam_unix): authentication
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.29
> > nscd is NOT running
> > Also, I disabled SELINUX
> > At the same time, finger and groups commands work, I can
> also pull up
> > the record using ldapsearch...
> > Any ideas what could be the problem?
> > Thanks,
> > MARK
> Don't forget that ldapsearch and nss_ldap/pam_ldap use
> different copies of
> ldap.conf. One uses /etc/ldap.conf and the other uses
> /etc/openldap/ldap.conf (can't remember which offhand). Make
> sure both are
> updated correctly, or symlink them. Also, at some stage PAM
> attempts to bind
> as the rootbinddn using the password in /etc/ldap.secret. Is
> that setup?
> I'd try getting the system working without SSL to begin with
> (if that's an
> option). At least then you can monitor the network traffic to
> see what's
> happening. Once LDAP works you can re-introduce the encryption.
> Nigel Wade, System Administrator, Space Plasma Physics Group,
> University of Leicester, Leicester, LE1 7RH, UK
> E-mail : nmw at ion.le.ac.uk
> Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
More information about the users