LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices



Reply
 
Search this Thread
Old 07-28-2011, 12:25 PM   #1
pdean712
LQ Newbie
 
Registered: Dec 2008
Posts: 11

Rep: Reputation: 0
Slackware 13.37 + NSS_LDAP; i can getent and su to user from root,but not usr 2 usr?


Hi everybody, i have a Slackware LDAP server working fine, i can connect to it with a redhat client just fine. I also have a Slackware client that i want to get working, it is a fresh install of 13.37 with a nss_ldap package installed, i have the /etc/ldap.conf configured correctly and nsswitch.conf with ldap before files on the passwd,shadow,and group. I can su to my 2 ldap test users when i am root, but i cant switch from user to user, i get Authentication Failed....any ideas? thanks alot.

---------- Post added 07-28-11 at 11:26 AM ----------

sorry, i forgot to mention that getent passwd retrieves the 2 ldap users information correctly.
 
Old 07-29-2011, 08:22 AM   #2
Dinithion
Member
 
Registered: Oct 2007
Location: Norway
Distribution: Slackware 14.1
Posts: 443

Rep: Reputation: 56
Did you follow a particular guide when configuring your client? I have never used slackware as a client, because I thought the lack of pam in slack would need a little touch of good old know how to install.
 
Old 07-29-2011, 09:56 AM   #3
pdean712
LQ Newbie
 
Registered: Dec 2008
Posts: 11

Original Poster
Rep: Reputation: 0
Hi, thanks for the reply, no i didnt follow a particular tutorial just took something from every tutorial i read. Im whondering now if it is impossible to login to a LDAP user without pam?
 
Old 07-29-2011, 10:15 AM   #4
Dinithion
Member
 
Registered: Oct 2007
Location: Norway
Distribution: Slackware 14.1
Posts: 443

Rep: Reputation: 56
According to Alien Bob it's not necessary to use pam with ldap, however, the tutorial he is refering to, is no longer existing. But there might be others laying around.

Also, this was for slackware 9.0, things might have changed, but I guess the principle will still work.
 
Old 07-29-2011, 04:21 PM   #5
pdean712
LQ Newbie
 
Registered: Dec 2008
Posts: 11

Original Poster
Rep: Reputation: 0
Hi, thanks for the reply Dinithon!, the nss_ldap package i installed was by alien. If anyone knows what i am missing i would really appreciate it, Thanks everyone!
 
Old 07-30-2011, 04:00 PM   #6
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 139Reputation: 139
The FAQ entry AlienBOB is referring to is below.

Code:
How can I authenticate a Slackware client against an LDAP server without PAM?

    If you've read above, you know that Slackware doesn't support PAM,
    but the most common way of configuring a linux client to authenticate
    against an LDAP server is to use PAM.  What to do?

    Well, one method is to use the nss_ldap software provided by PADL
    (http://www.padl.com).  You'll need to obtain and install the
    software yourself, but it's a lot easier than installing PAM.
    The basic procedure follows:

    - Install nss_ldap on the client.
    [FIX ME: some LDAP directories can be configured to permit anonymous
             binding for the purpose of authenticating users.  The
             following steps should not be necessary in those cases]
    [--------------------------------------------------------------]
    - Obtain from your LDAP server admin an LDAP account that has the
      ability to read (at least, write is helpful) all of the appropriate
      login information.  In particular, this account must have at least
      read access to the userPassword attribute of all accounts to be used
      on the Slackware client.
    - Configure this DN in ldap.conf as rootbinddn.
    - Create a file, /etc/ldap.secret, and add the rootbinddn's password
      (cleartext!) to the first line of the file.  Add a trailing newline
      to the password.
    [--------------------------------------------------------------]
    - Modify /etc/nsswitch.conf to authenticate against LDAP.  You'll
      probably want to modify at least passwd, group, and shadow.  It's
      best to add ldap after the files entry for each database (or in an
      appropriate order, if you use things like nis).  (Personally, I don't
      recommend using compat mode if also using nis or ldap.)

    That's all you should need to do - no restarting of daemons should be
    needed.
The entire FAQ can now be found at: http://www.therockgarden.ca/aolsfaq.txt as referenced from the root of the old faq site.
 
1 members found this post helpful.
Old 07-30-2011, 08:36 PM   #7
pdean712
LQ Newbie
 
Registered: Dec 2008
Posts: 11

Original Poster
Rep: Reputation: 0
Nyte Owl thanks alot man!, im about to go fishing right now but i will try it when i get back, thanks for your input , very informative!
 
Old 08-07-2011, 08:55 AM   #8
m-h
LQ Newbie
 
Registered: May 2010
Location: Hamburg, Germany
Distribution: Slackware
Posts: 10

Rep: Reputation: 3
PAM is definitely not needed. But beware of running the LDAP server and nss_ldap on the same machine, as this could make udev to fail when booting (see http://www.linuxquestions.org/questi...nymore-817791/).

Personally I switched from nss_ldap to nss-pam-ldapd a while ago, because it has some advantages over nss_ldap (see http://arthurdejong.org/nss-pam-ldapd/) and I highly recommmend to give it a try.

Although the name suggests it, it doesn't require PAM. There's no package availabe, but a simple "./configure --disable-pam --mandir=/usr/man;make;make install" will do.

Mike
 
1 members found this post helpful.
Old 08-08-2011, 11:41 PM   #9
pdean712
LQ Newbie
 
Registered: Dec 2008
Posts: 11

Original Poster
Rep: Reputation: 0
Ok thanks Mike, ill try that in the morning, im currently working on Active Directory scenario for class :/. Thanks!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
echo $PATH = /home/g3rc4n/bin:/usr/local/bin:/usr/bin:/bin:/usr/games ? i_heart_pandas Linux - Software 7 09-18-2009 09:33 AM
/usr/bin/ld: skipping incompatible /usr/lib/libXpm.so when searching for -lXpm sqn Linux - Server 2 05-12-2009 04:53 AM
FreeBSD 6.2, no /usr/src/tools and /usr/src/usr.bin, failed to build world. Mr_Shameless *BSD 4 05-16-2008 09:43 AM
Failed to run/usr/bin/x-terminal-emulator as user root hongnguyen70 Linux - Newbie 3 01-23-2008 06:13 PM
nss_ldap not working (getent passwd) WindowBreaker Slackware 2 06-27-2006 03:19 AM


All times are GMT -5. The time now is 03:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration