LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 11-26-2012, 02:45 AM   #1
decenter
Member
 
Registered: Sep 2011
Distribution: Ubuntu 12.04.4 LTS
Posts: 136

Rep: Reputation: 17
How to configure client machine to connect to LDAP server


Hi,

So I have configured LDAP server. Now, I'm using a Cent OS 6.3 box, that needs to be authenticated via LDAP. I have followed all the documents and modified ldap.conf and nssswitch.conf and made the client machine to look for LDAP server when a person logs in to the machine. But it is not working.

It says authentication error. But I tried via ssh and I can login to the LDAP server. But I need to login to the client's desktop via LDAP authentication.

How can I achieve this?
 
Old 11-26-2012, 03:10 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,373

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962
You need to give us more information about this. what do the server logs say? can you do a "getent passwd"? That's usually a great point to demarc things. You need to appreciate some of the stages involved in the end to end process, there's about 5 keys stages to be achieved between having nothing and having the full working solution.
 
Old 11-26-2012, 03:26 AM   #3
decenter
Member
 
Registered: Sep 2011
Distribution: Ubuntu 12.04.4 LTS
Posts: 136

Original Poster
Rep: Reputation: 17
Sure. Here is the getent passwd output of LDAP server.

Code:
[root@LDAPserver ~]# getent passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
avahi-autoipd:x:100:104:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
gdm:x:42:42::/var/gdm:/sbin/nologin
sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin
touchze:x:500:500:touchze:/home/touchze:/bin/bash
amandabackup:x:501:6:Amanda:/var/lib/amanda:/bin/bash
ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false
ldapuser:x:502:100::/home/ldapuser:/bin/bash
jane:*:55891:0:jane:/home/jane:/bin/bash
jimi:*:34761:0:jimi:/home/jimi:/bin/bash
Server logs doesn't say anything. I think the client machine doesn't even trying to contact LDAP server for authentication when in the desktop login prompt.
 
Old 11-26-2012, 03:36 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,373

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962
right, so it looks like the nsswitch.conf stuff is good, those ARE actually LDAP users at the bottom, right? so youre /etc/pam.d/system-auth (something like that) is configured with pam? If you run "tcpdump -vn port 389 or port 636" you shouold see the ldap requests firing across, so see if that happens or not.
 
Old 11-26-2012, 03:44 AM   #5
decenter
Member
 
Registered: Sep 2011
Distribution: Ubuntu 12.04.4 LTS
Posts: 136

Original Poster
Rep: Reputation: 17
Yes, they are the LDAP users at the bottom. The client machine's /etc/pam.d/system-auth file content:

Code:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_sss.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_sss.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    sufficient    pam_sss.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     optional      pam_oddjob_mkhomedir.so skel=/etc/skel umask=077
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_sss.so
I run even authconfig-tui and configured properly. After configuring it says, starting sssd and oddjobdaemon.
 
  


Reply

Tags
ldap


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
changing ldap password from client machine gettons1980 Linux - Server 4 04-16-2011 07:19 AM
[SOLVED] openldap client fails to connect ldap server 'ldap_bind: Can't contact LDAP server' JALITE Linux - Server 12 09-30-2010 08:17 AM
how to setup open ldap server and solaris 10 as ldap client maheshlad Linux - Software 1 10-10-2009 12:55 AM
configure as LDAP client mapster Ubuntu 0 06-04-2007 09:57 AM
Help me to Configure a Linux Client connect to Network with Windows Server! tthai01 Linux - Networking 1 11-05-2002 07:59 PM


All times are GMT -5. The time now is 09:59 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration