LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-07-2008, 01:19 PM   #1
al.lmco
LQ Newbie
 
Registered: Jul 2008
Posts: 13

Rep: Reputation: 0
LDAP automount


Hello,

I am trying to get the automounts to work with LDAP. The client can bind to the server but I cannot login as myself. I have configure the auto.master and auto.home to get the home directories to mount. I have also configured /etc/dfs/dfstab on the machine where the home directories are sitting. From the client machine, I can cd into any home directory as root, but if I try to su to myself nothing happens, the id is still root. I did cat /var/log/messages file and the error I got was:

localhost automount[4107]: lookup (ldap): failed to get query dn

Is there another file I that I need to configure in order to get this to work?

Thanks,
Al
 
Old 07-07-2008, 01:23 PM   #2
simonapnic
Member
 
Registered: Jul 2008
Posts: 70

Rep: Reputation: 16
Post

I don't have much experience when it comes to LDAP, but I advise you to check this:
http://publib.boulder.ibm.com/infoce...a/nfs_ldap.htm
It should provide you with some of the needed info to fix your issue.
Also, what LDAP daemon are you using ? OpenLDAP ?
 
Old 07-07-2008, 01:46 PM   #3
kenoshi
Member
 
Registered: Sep 2007
Location: SF Bay Area, CA
Distribution: CentOS, SLES 10+, RHEL 3+, Debian Sarge
Posts: 159

Rep: Reputation: 32
It would be nice to know:

1. what LDAP server are you using?
2. what distro are you using?
3. did you configure /etc/nsswitch.conf accordingly?
4. did you configure files under /etc/pam.d accordingly per your distro?
 
Old 07-07-2008, 04:09 PM   #4
al.lmco
LQ Newbie
 
Registered: Jul 2008
Posts: 13

Original Poster
Rep: Reputation: 0
1. what LDAP server are you using?

The LDAP server is DSEE 6.2 running on Solaris 10

2. what distro are you using?

Not sure what you mean on distro

3. did you configure /etc/nsswitch.conf accordingly?

I have files ldap for passwd, shadow, group, protocols, services, netgroup, and automount

4. did you configure files under /etc/pam.d accordingly per your distro?

I did not modify anything in /etc/pam.d but I did look at /etc/pam.d/system-auth
Here are the line entries I saw pertaining to ldap:

auth sufficient pam_ldap.so use_first_pass
account sufficient pam_ldap.so use_authtok
passwd [default=bad success=ok user_unknown=ignore] pam_ldap.so
session optional pam_ldap.so
 
Old 07-07-2008, 05:12 PM   #5
al.lmco
LQ Newbie
 
Registered: Jul 2008
Posts: 13

Original Poster
Rep: Reputation: 0
I am now able to su to myself. I had to modify /etc/autofs_ldap_auth.conf file and set usetls="yes". But now when I try to login the linux client the message that I get is

You are required to change your password immediately (password aged).
You are required to change your LDAP password immediately.

I suppose that the linux client is not actually getting my password from the server. I am able to login on a solaris workstation bound to the same LDAP server.

Is there something in the pam stack that needs to be configured that I am missing?

Thanks
 
Old 07-08-2008, 01:48 PM   #6
kenoshi
Member
 
Registered: Sep 2007
Location: SF Bay Area, CA
Distribution: CentOS, SLES 10+, RHEL 3+, Debian Sarge
Posts: 159

Rep: Reputation: 32
Are you actually using encryption with DSEE? If not you might wanna turn that off.

BTW what is the content of your /etc/ldap.conf? Few things to check:

- are you using posix group/accounts? If so is that mapped correctly?
- is the binddn set up correctly?
- is the bindpw set up correctly?
- is the passwd/group base set up correctly?
- since you are using DSEE if I rememeber correctly (sorry, been a while) you have to map automountMap to nisMap, automount to nisObject etc etc...has that been done in ldap.conf?

Hope this helps.
 
Old 07-08-2008, 04:04 PM   #7
al.lmco
LQ Newbie
 
Registered: Jul 2008
Posts: 13

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by kenoshi View Post
Are you actually using encryption with DSEE? If not you might wanna turn that off.

BTW what is the content of your /etc/ldap.conf? Few things to check:

- are you using posix group/accounts? If so is that mapped correctly?
- is the binddn set up correctly?
- is the bindpw set up correctly?
- is the passwd/group base set up correctly?
- since you are using DSEE if I rememeber correctly (sorry, been a while) you have to map automountMap to nisMap, automount to nisObject etc etc...has that been done in ldap.conf?

Hope this helps.
Encryption is being used through ssl. I know we are using posix accounts but I am not sure if it is mapped correctly. Here are the lines in the /etc/ldap.conf file I have turned on or uncommented:

base o=systems,dc=dcgs,dc=ic,dc=gov
ldap_version 3
binddn cn=proxyagent,ou=profile,o=systems,dc=dcgs,dc=ic,dc=gov
bindpw <correct password>
rootbinddn cn=ldapmgr,ou=profile,o=systems,dc=dcgs,dc=ic,dc=gov
port 389
timelimit 120
bind_timelimit 120
idle_timelimit 3600
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberUid
pam_password crypt
nss_base_passwd ou=people,o=systems,dc=dcgs,dc=ic,dc=gov?one
nss_base_shadow ou=people,o=systems,dc=dcgs,dc=ic,dc=gov?one
nss_base_group ou=group,o=systems,dc=dcgs,dc=ic,dc=gov?one
nss_base_netgroup ou=Netgroup,o=systems,dc=dcgs,dc=ic,dc=gov?one
ssl start_tls
tls_checkpeer yes
tls_cacertdir /etc/openldap/cacerts
uri ldap://ldap1.dmf.lmco ldap://ldap2.dmf.lmco

This how I have ldap.conf file configured. I do not know how or know about autmountMap to nisMap or automount to nisObject. There was a section in the ldap.conf file about "Services for Unix 3.5 Mapping" this secion was completely commented out. Not sure if there is something in that section that needs to be uncommented with the correct information. I believe I will need some assistance with autmountMap to nisMap and automount to nisObject.

Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Change Default Home Directory with LDAP and Automount greslore Linux - General 3 06-23-2009 04:32 PM
LXer: LDAP Series Part IV - Installing OpenLDAP on Debian Plus Some LDAP Commentary LXer Syndicated Linux News 0 10-31-2006 07:54 PM
LDAP rfc2307bis.schema automount Bikerpete Linux - Networking 0 01-08-2006 06:10 AM
Automount -LDAP schemas naveenlinux SUSE / openSUSE 0 11-21-2005 01:37 AM
Automount NFS from LDAP info not working klnasveschuk Linux - Networking 2 07-26-2005 02:04 PM


All times are GMT -5. The time now is 02:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration