FedoraThis forum is for the discussion of the Fedora Project.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Objectives:
- Fedora 16 Desktop to authenticate using RHEL5 (control user access to the desktop)
- Upon successful logon, user will have a home drive to store his/her own files.
- Many different users will be using this Fedora 16 Desktop but only authorize user can login
What do I need to do on both Fedora and RHEL?
Fedora 16 Desktop
- Run "system-config-authentication"? (using what options? LDAP, FreeIPA, NIS, Winbind)
I would recommend LDAP & NFS all the way. No samba, no kerberos.
I would also veeeerrrrryyy strongly suggest you take the time out to appreciate the independent parts of a solution like this. It's lots of small things that just happen to coincidence with each other, not one large thing...
- setup and test openldap on rhel (slapd / ldapsearch)
- setup nfs on rhel
- obtain user information from ldap (nsswitch.conf / nslcd.conf / getent passwd)
- authenticate users against ldap (pam_ldap.conf / pam)
- mount network drives (nfs / maybe automount too)
- login
they build up to provide a user experience, but LDAP would never have anything to do with NFS, they just happen to both be there at the same time.
both the stages of ldap config can be started with the system-config-authentication tool if you wish, but it's very seldom up to the task of fully completing the job, so I'd recommend going direct to the pretty well commented config files.
Last edited by acid_kewpie; 05-04-2012 at 02:38 AM.
I will look into the directions that you pointed out.
I have limited knowledge on OpenLDAP, only got the basic configuration working, adding, modifying and deleting user.
Will explore more on this OpenLDAP and NFS.
See how it goes. I will re-post here if I encounter any specific problems.
- setup and test openldap on rhel (slapd / ldapsearch) (Done )
- setup nfs on rhel ( Done )
- mount network drives (nfs / maybe automount too) ( Done - but automount single line on fstab)
- obtain user information from ldap (nsswitch.conf / nslcd.conf / getent passwd)( Done - From Fedora, I am able to view the users on RHEL (using 'ldapsearch' or 'getent passwd' from Fedora))
- authenticate users against ldap (pam_ldap.conf / pam)
- login
I am having a minor issue on the auto mounting, it only mounted whichever the last line in the /etc/fstab.
No issue with manual mounting. Why doesn't it mount both?
mount -t nfs 192.168.229.134:/nfs-share /nfs-share
mount -t nfs 192.168.229.134:/nfs-ro /nfs-ro
Help Needed
-----------
I am stucked with authenticate user on ldap and login.
On my Fedora, when I tried to login using 'pc01' (a user on RHEL), I always get "Authentication failure".
Help Needed
------------
I am stucked with authenticate user on ldap and login.
On my Fedora, when I tried to login using 'pc01' (a user on RHEL).
I am able to use 'ldapsearch' or 'getent passwd' and view this 'pc01' user from Fedora.
So what is logged in /var/log/messages / /var/log/secure ? Is there an LDAP query happening here? tcpdump can be useful to ensure your ldap server is actually being hit, as well as loking at the ldap server logs of course.
I am truthfully sorry if I offended/annoyed anyone with these. (Removed Red Text and * and CAPS)
I was trying to be make it clear with red text of my reply in the jungle of black text, no other meaning.
---------------------------------------------------------------------------------------------
I have since install a brand new Fedora client and re-try, I thought I messed up the 1st one.
Strange, I am able to do a ldapsearch from Fedora to RHEL but got ldaps bind error on Fedora machine.
May 10 12:48:02 ds slapd[3834]: conn=30 fd=27 ACCEPT from IP=192.168.229.137:51943 (IP=0.0.0.0:389)
May 10 12:48:02 ds slapd[3834]: conn=30 op=0 BIND dn="" method=128
May 10 12:48:02 ds slapd[3834]: conn=30 op=0 RESULT tag=97 err=0 text=
May 10 12:48:02 ds slapd[3834]: conn=30 op=1 SRCH base="cn=pc01,dc=localdomain,dc=com" scope=2 deref=0 filter="(objectClass=*)"
May 10 12:48:02 ds slapd[3834]: conn=30 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
May 10 12:48:02 ds slapd[3834]: conn=30 op=2 UNBIND
May 10 12:48:02 ds slapd[3834]: conn=30 fd=27 closed
But on my Fedora /var/log/messages, I got the following.
On both Fedora and RHEL, I opened both TCP/UDP for ldap(389) and ldaps(636)
Code:
May 10 12:45:00 localhost getent: nss_ldap: failed to bind to LDAP server ldaps://192.168.229.134: Can't contact LDAP server
May 10 12:45:00 localhost getent: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)...
well the first log shows LDAP, the second shows LDAPS, so there's clearly a significant difference there, which could mean things like iptables not being open, or slapd not listening on 636. Generally STARTTLS is preferred over LDAPS these days, so you should only really need port 389 for plain and encrypted binds.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.