LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 04-29-2004, 05:02 AM   #1
nielchiano
Member
 
Registered: Feb 2004
Location: 50N 3E
Distribution: Gentoo
Posts: 64

Rep: Reputation: 15
LDAP trouble: login on server OK, remote fails


Hi,

I have an LDAP problem. First to sketch the situation:


* The LDAP server is a Gentoo machine (recently updated, so should not be the problem).
* LDAP contains all account info for the users: passwd, login shell, ... and some Samba stuff (NTLM passwd hash etc.)
* The server is configured to allow both unix (/etc/passwd) and LDAP users to login.
* I checked this using "su - some-user" from a non-root account. su asks the password and authenticates me.
* My computer is also a Gentoo box, running inside a VMWare workstation, but that should be totally transparent
* Networking, DNS, and all that stuff works
* LDAP is contacted over (preferably) a (self-signed) SSL connection; but I tried a non-encrypted LDAP also
* I want to allow unix and LDAP logins.



Ok, now the problems:


* I think I set up all ldap-config files to (almost) the same values as the server (I changed the address, since unix-sockets won't do when working remote). These files include PAM settings
* on the server I can get a list of users with "getent passwd"; get the groups with "getent group". When I try to retrieve the shadow passwords (as root) with "getent shadow", it gives "x"-es instead of the desired hashed. This is not a problem, but it might add to the situation
* on the client machine, identical behavior: passwd and group works fine, shadow doesn't.
* the real problem: I can't log in on the client



I think the problem is the client, since when I sniff the traffic I don't see it trying to bind with the supplied username (it does search for it, and results are send back).

any ideas what might be wrong? or where I can get more info?

if you need any of my files, ask and I'll post them! (just too lazy to do it now )

PS: this message is also posted at http://forums.gentoo.org/viewtopic.php?t=166761
 
Old 04-29-2004, 07:07 AM   #2
leckie
Member
 
Registered: Dec 2003
Location: Australia
Distribution: Mandrake 9.2
Posts: 151

Rep: Reputation: 30
well if you think it is the client test the server by install a more complete client distro like suse or mandrake which can be configured on install to authenticate with ldap.

this way you rule out any server errors and have a working client to test.
 
Old 04-29-2004, 07:47 AM   #3
nielchiano
Member
 
Registered: Feb 2004
Location: 50N 3E
Distribution: Gentoo
Posts: 64

Original Poster
Rep: Reputation: 15
the server works... ( i think ) :
I can get my LDAP users with "getent passwd" just fine.
The problem is loging in... So I think it must be a PAM or ldap.conf problem of some kind...

Also when I sniff the network: every request made by the client is replied as I think it should; he just doesn't request the right things
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LDAP: Can't contact master ldap server rulirahm Linux - Networking 2 07-14-2014 03:02 AM
LDAP server not starting as user LDAP klnasveschuk Fedora 1 02-15-2007 05:49 AM
remote login to windows server Darkfalz Linux - Networking 1 09-22-2005 09:10 AM
Login fails - being taken back to login screen donhare Mandriva 3 11-11-2004 05:53 PM
Remote login to an intranet server behind firewall? J_Szucs Linux - Newbie 3 07-20-2002 12:49 PM


All times are GMT -5. The time now is 06:32 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration