FedoraThis forum is for the discussion of the Fedora Project.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
- Fedora 16 Desktop to authenticate using RHEL5 (control user access to the desktop)
- Upon successful logon, user will have a home drive to store his/her own files.
- Many different users will be using this Fedora 16 Desktop but only authorize user can login
What do I need to do on both Fedora and RHEL?
Fedora 16 Desktop
- Run "system-config-authentication"? (using what options? LDAP, FreeIPA, NIS, Winbind)
I would recommend LDAP & NFS all the way. No samba, no kerberos.
I would also veeeerrrrryyy strongly suggest you take the time out to appreciate the independent parts of a solution like this. It's lots of small things that just happen to coincidence with each other, not one large thing...
- setup and test openldap on rhel (slapd / ldapsearch)
- setup nfs on rhel
- obtain user information from ldap (nsswitch.conf / nslcd.conf / getent passwd)
- authenticate users against ldap (pam_ldap.conf / pam)
- mount network drives (nfs / maybe automount too)
they build up to provide a user experience, but LDAP would never have anything to do with NFS, they just happen to both be there at the same time.
both the stages of ldap config can be started with the system-config-authentication tool if you wish, but it's very seldom up to the task of fully completing the job, so I'd recommend going direct to the pretty well commented config files.
Last edited by acid_kewpie; 05-04-2012 at 03:38 AM.
I will look into the directions that you pointed out.
I have limited knowledge on OpenLDAP, only got the basic configuration working, adding, modifying and deleting user.
Will explore more on this OpenLDAP and NFS.
See how it goes. I will re-post here if I encounter any specific problems.
- setup and test openldap on rhel (slapd / ldapsearch) (Done )
- setup nfs on rhel ( Done )
- mount network drives (nfs / maybe automount too) ( Done - but automount single line on fstab)
- obtain user information from ldap (nsswitch.conf / nslcd.conf / getent passwd)( Done - From Fedora, I am able to view the users on RHEL (using 'ldapsearch' or 'getent passwd' from Fedora))
- authenticate users against ldap (pam_ldap.conf / pam)
I am having a minor issue on the auto mounting, it only mounted whichever the last line in the /etc/fstab.
No issue with manual mounting. Why doesn't it mount both?
So what is logged in /var/log/messages / /var/log/secure ? Is there an LDAP query happening here? tcpdump can be useful to ensure your ldap server is actually being hit, as well as loking at the ldap server logs of course.
I am truthfully sorry if I offended/annoyed anyone with these. (Removed Red Text and * and CAPS)
I was trying to be make it clear with red text of my reply in the jungle of black text, no other meaning.
I have since install a brand new Fedora client and re-try, I thought I messed up the 1st one.
Strange, I am able to do a ldapsearch from Fedora to RHEL but got ldaps bind error on Fedora machine.
May 10 12:48:02 ds slapd: conn=30 fd=27 ACCEPT from IP=192.168.229.137:51943 (IP=0.0.0.0:389)
May 10 12:48:02 ds slapd: conn=30 op=0 BIND dn="" method=128
May 10 12:48:02 ds slapd: conn=30 op=0 RESULT tag=97 err=0 text=
May 10 12:48:02 ds slapd: conn=30 op=1 SRCH base="cn=pc01,dc=localdomain,dc=com" scope=2 deref=0 filter="(objectClass=*)"
May 10 12:48:02 ds slapd: conn=30 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
May 10 12:48:02 ds slapd: conn=30 op=2 UNBIND
May 10 12:48:02 ds slapd: conn=30 fd=27 closed
But on my Fedora /var/log/messages, I got the following.
On both Fedora and RHEL, I opened both TCP/UDP for ldap(389) and ldaps(636)
May 10 12:45:00 localhost getent: nss_ldap: failed to bind to LDAP server ldaps://192.168.229.134: Can't contact LDAP server
May 10 12:45:00 localhost getent: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)...
well the first log shows LDAP, the second shows LDAPS, so there's clearly a significant difference there, which could mean things like iptables not being open, or slapd not listening on 636. Generally STARTTLS is preferred over LDAPS these days, so you should only really need port 389 for plain and encrypted binds.