LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Chown fails in client login for user defined in ldap server (https://www.linuxquestions.org/questions/linux-server-73/chown-fails-in-client-login-for-user-defined-in-ldap-server-508416/)

jpsingh 12-07-2006 10:19 PM
Chown fails in client login for user defined in ldap server
 
Hi All,

I am trying to build a system authentication system using openldap.
What I have done:?

1. Configured Ldap Server .
2. Added /etc/passwd data to ldap. ( of the server machine)
3. Ldap is running.
4. Configured client, nsswitch.conf and pam etc.
5. On server I have two users userA and UserB
6. On client I have userA with different password than the UserA on server.
7. I don't have userB in client.
8. On client machine /home/userA and /home/UserB are created.
9. /home/userA is owned by userA
10./home/UserB is owned by root.

Current status:

1. I am able to login as userA with both passwords 1 in server and other in client.

2. I am able to login to client with UserB as failsafe mode.

Problem:

I want to login in normal mode for UserB. For that I need ownership of /home/UserB in the name of UserB.

I am not able to do it with chown command.

Its complaining UserB not found.

I have tried following step already:

# cp /etc/skel/.* /home/UserB/
cp: omitting directory `/etc/skel/.'
cp: omitting directory `/etc/skel/..'
cp: omitting directory `/etc/skel/.kde'

This does not solve my problem.
Can any one please tell me any document how to build a "system authentication framework". The framework is desired to have all users and password in ldap server and any user can login to any machine using ldap user id( i.e. stored in ldap server) and passwd .

If any one has done it successfuly please help me.
My efforts are partially successful only.
I am at Red Hat Linux 9 ( shrike release)

Thanks & Regards
JP

xjlittle 12-14-2006 09:15 PM
Without know anymore than this about your setup:
If you issue the command:
Code:
getent passwd
on the client machine does it show user a and b? If you can't see both users then the client machine is not looking at the ldap server for authentication. If not take a look at your nsswitch.conf and /etc/ldap.conf files on the client. The ldap.conf file should contain information similar to the following:
Code:
URI    ldap://cancun.yourdomain.org
base    dc=yourdomain,dc=org
nss_map_attribute      uniqueMember uniquemember
ldap_version    3
ssl    off
bindpw yourpasswordhere
binddn cn=youradministratoruser,dc=yourdomain,dc=org
timelimit = 50
#pam_password  crypt
pam_password    exop
pam_filter      objectclass=posixAccount
nss_base_passwd ou=People,dc=yourdomain,dc=org?one
nss_base_shadow ou=People,dc=yourdomain,dc=org?one
nss_base_group  ou=Groups,dc=yourdomain,dc=org?one
and the nsswitch.conf
Code:
passwd: files ldap winbind
shadow: files ldap winbind
group:  files ldap winbind
Note that both of these are from a samba+ldap domain but your should be very close to the same. If you make a change to the nsswitch.conf you will most like need to reboot for those changes to become effective. Any ldap changes just restart the ldap service.

hth

jpsingh 12-19-2006 10:26 PM
Hi

Thanks a lot for reply.
getent passwd is showing local as well as ldap users.

Thanks & Regards
JP


All times are GMT -5. The time now is 05:07 PM.