LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 03-25-2009, 05:34 PM   #1
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Installed CentOS Directory Server...what now?


Hello,

So I'm venturing off into LDAP land, and trying to learn about it using CentOS 5.2 and CentOS Directory Server.

I successfully installed CentOS Directory Server following this...

http://www.howtoforge.com/centos-dir...r-on-centos5.2

I haven't done anything else (yet), and am interesting in...

1) Join other Linux (CentOS) clients to this server
2) Join XP clients to this server

I've read once that you don't necessarily need samba for XP clients (using pGina if I remember correctly)...can that still be done? I know that you can intagrate Samba with the directory server, but I don't think that I want to do that yet

If I add a user on the Directory Server; can I just use system-config-authentication on the Linux (CentOS) client, then use the login I created? Or are there other steps that I need to do first?

How can I do the same on the XP client?

I've been looking on google but haven't found much information :/

Any help/guidance/suggestions would be most helpful :-)

Thanks,

-C
 
Old 03-25-2009, 05:54 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
Well you don't add clients to a directory server instance. "Joining" is normally with regards to windows AD domains, done under Linux via Samba. DS is just a generic LDAP server, to do whatever you want to with, including storing user accounts IF that's what you want. Alternatively you could store just about any arbitrary data in it instead of user accounts.

If your LDAP server contains posix users and groups then any posix compliant system which can get a userbase from it can use it for that purpose. The sys-conf-auth tool is pretty noddy, and you'd normally need to configure proper bind and base dn's and such in /etc/ldap.conf to actually get things going properly.

The XP side is really off on it's own. you've a common protocol connecting the two, so yeah pGina supports LDAP so that should be fine.

Last edited by acid_kewpie; 03-25-2009 at 05:56 PM.
 
Old 03-25-2009, 06:42 PM   #3
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979

Original Poster
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Quote:
Originally Posted by acid_kewpie View Post
Well you don't add clients to a directory server instance. "Joining" is normally with regards to windows AD domains, done under Linux via Samba. DS is just a generic LDAP server, to do whatever you want to with, including storing user accounts IF that's what you want. Alternatively you could store just about any arbitrary data in it instead of user accounts.

If your LDAP server contains posix users and groups then any posix compliant system which can get a userbase from it can use it for that purpose. The sys-conf-auth tool is pretty noddy, and you'd normally need to configure proper bind and base dn's and such in /etc/ldap.conf to actually get things going properly.

The XP side is really off on it's own. you've a common protocol connecting the two, so yeah pGina supports LDAP so that should be fine.
Not really concerned with "Joining" machines to the LDAP (like you stated; that's more of a AD or Linux/Samba thing).

What I want to accomplish (initially) is this...

1) Add user to Directory Server
2) Be able to log into either XP and/or Linux Machine using that 1 login

Basically a "single sign on" thing...

Been trying to look for a how to or something on google...no luck :/

-C
 
Old 03-25-2009, 06:45 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
Well I'm only familiar with RHDS, which I assume is the same thing. You have the centos-idm-console don't you? Got your Directory Manager account all sorted?
 
Old 03-25-2009, 07:07 PM   #5
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979

Original Poster
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Quote:
Originally Posted by acid_kewpie View Post
Well I'm only familiar with RHDS, which I assume is the same thing. You have the centos-idm-console don't you? Got your Directory Manager account all sorted?
Yes...I'm able to connect with centos-idm-console and I am able to login.

I loggedin just to "take a look" ; but I haven't done anything other than just look around.

-C
 
Old 03-28-2009, 01:45 PM   #6
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979

Original Poster
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Update....


So I added a user and installed pGina...but I cannot login using the user I created...

Looking at the Windows XP "Event Viewer" I keep getting these messages...

Quote:
Event Type: Error
Event Source: pGina
Event Category: None
Event ID: 0
Date: 3/28/2009
Time: 9:57:15 AM
User: N/A
Computer: XP-2C70C5
Description:
The description for Event ID ( 0 ) in Source ( pGina ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Error reading registry entry reqDom..
I have a few of these...not sure what they mean...

-C

(again sorry...but I'm new to this "directory" server" thing )
 
Old 03-28-2009, 03:32 PM   #7
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
don't walk before you can run. Get your ldap server running first. make sure you can bind against it using your new account with a tool like ldapsearch. When that is completely up and functioning, THEN worry about actually making use of it.
 
Old 03-28-2009, 03:36 PM   #8
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979

Original Poster
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Quote:
Originally Posted by acid_kewpie View Post
don't walk before you can run. Get your ldap server running first. make sure you can bind against it using your new account with a tool like ldapsearch. When that is completely up and functioning, THEN worry about actually making use of it.
You're right...I should be taking baby steps

And judging from the logs, I don't think that I set up the server right...

Quote:
[28/Mar/2009:12:31:55 -0700] conn=31 fd=68 slot=68 connection from 192.168.1.67 to 192.168.1.248
[28/Mar/2009:12:31:55 -0700] conn=31 op=0 BIND dn="" method=128 version=3
[28/Mar/2009:12:31:55 -0700] conn=31 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[28/Mar/2009:12:31:55 -0700] conn=31 op=1 SRCH base="dc=ldap,dc=domain,dc=tld" scope=2 filter="(&(objectClass=posixAccount)(uid=psmurf))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass"
[28/Mar/2009:12:31:55 -0700] conn=31 op=1 RESULT err=32 tag=101 nentries=0 etime=0
[28/Mar/2009:12:31:55 -0700] conn=31 op=2 SRCH base="dc=ldap,dc=domain,dc=tld" scope=2 filter="(&(objectClass=posixAccount)(uid=psmurf))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass"
[28/Mar/2009:12:31:55 -0700] conn=31 op=2 RESULT err=32 tag=101 nentries=0 etime=0
[28/Mar/2009:12:32:01 -0700] conn=31 op=3 SRCH base="dc=ldap,dc=domain,dc=tld" scope=2 filter="(&(objectClass=posixAccount)(uid=psmurf))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass"
[28/Mar/2009:12:32:01 -0700] conn=31 op=3 RESULT err=32 tag=101 nentries=0 etime=0
[28/Mar/2009:12:32:01 -0700] conn=31 op=4 SRCH base="dc=ldap,dc=domain,dc=tld" scope=2 filter="(&(objectClass=posixAccount)(uid=psmurf))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass"
[28/Mar/2009:12:32:01 -0700] conn=31 op=4 RESULT err=32 tag=101 nentries=0 etime=0
[28/Mar/2009:12:32:03 -0700] conn=31 op=6 SRCH base="dc=ldap,dc=domain,dc=tld" scope=2 filter="(&(objectClass=posixAccount)(uid=psmurf))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass"
[28/Mar/2009:12:32:03 -0700] conn=31 op=6 RESULT err=32 tag=101 nentries=0 etime=0
Ok...starting over now *sigh*

-C
 
Old 04-11-2009, 12:59 AM   #9
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979

Original Poster
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Ok so I got the directory server installed and running...

I added a user "christian"

I ran this command

Code:
authconfig --enableldap --enableldapauth --enablemkhomedir --ldapserver=127.0.0.1 --ldapbasedn="dc=example,dc=org" --update
I am able to "su" as the user...but now I am getting this error...
Code:
[root@ldap ~]# su - christian
id: cannot find name for group ID 637
[christian@ldap ~]$
It looks like it's "working" but keep getting this error...when I look at the directory server...there is no where (at least in the web interface) where I can specify what POSIX GID I want the "group" to be (screen shots attached)

Getting the same error when I ssh in (not really an error since I can login...but still...)

-C
Attached Thumbnails
Click image for larger version

Name:	Screenshot-Edit Entry.png
Views:	32
Size:	14.6 KB
ID:	441   Click image for larger version

Name:	Screenshot-Edit Entry-1.png
Views:	35
Size:	17.5 KB
ID:	442  
 
Old 04-11-2009, 04:58 AM   #10
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
You need to make it a posix group by adding the posixGroup objectType. thingy form the course... posixGroup is STRUCTURAL, not an ABSTRACT object so should not be able to added to an object with a defined type already, but due to the fact that RHDS doesn't correctly enforce this, you can. Really worth your while finding out what the arse i'm talking about if you daon't already know. read the schema LDIF's for the objectTypes defined etc.
 
Old 04-11-2009, 01:05 PM   #11
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979

Original Poster
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Quote:
Originally Posted by acid_kewpie View Post
You need to make it a posix group by adding the posixGroup objectType. thingy form the course... posixGroup is STRUCTURAL, not an ABSTRACT object so should not be able to added to an object with a defined type already, but due to the fact that RHDS doesn't correctly enforce this, you can. Really worth your while finding out what the arse i'm talking about if you daon't already know. read the schema LDIF's for the objectTypes defined etc.
Sadly...I don't know "what the arse" you're talking about...sinceI don't already know

This LDAP/RHDS is all new to me, so it's a bit over my head...

-C
 
Old 04-11-2009, 01:47 PM   #12
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
hit advanced and go down to the objectTypes values, add attribute select posixGroup. That will give you the extra attributes you need.
 
Old 04-11-2009, 02:12 PM   #13
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979

Original Poster
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Quote:
Originally Posted by acid_kewpie View Post
hit advanced and go down to the objectTypes values, add attribute select posixGroup. That will give you the extra attributes you need.
Ok...got it!

So what I did basically is I changed she schema? Or...sorry for the ignorance since I'm new to this...but from a high level...

I added a value to the "Object Class" Attribute...correct?

Sorry again for the ignorance...just trying to get the knowledge

-C

Last edited by custangro; 04-11-2009 at 02:21 PM.
 
Old 04-11-2009, 04:13 PM   #14
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
duuuuh yes, objectClass, not objectType. You didn't change the schema. The schema is what makes that possible in the first place.if you read some of the schema ldifs in /etc/dirsrv/slapd-whatever you can see where each of these attributes come from and do some background reading on what that's all about.
 
Old 04-11-2009, 07:05 PM   #15
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979

Original Poster
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Quote:
Originally Posted by acid_kewpie View Post
duuuuh yes, objectClass, not objectType. You didn't change the schema. The schema is what makes that possible in the first place.if you read some of the schema ldifs in /etc/dirsrv/slapd-whatever you can see where each of these attributes come from and do some background reading on what that's all about.
Thanks, I'll do some poking around.

-C
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
CentOS 4 or CentOS 5 for Production Server shamimzaki Linux - Server 6 10-05-2008 02:35 AM
LXer: CentOS Directory Server On CentOS 5.2 LXer Syndicated Linux News 0 08-06-2008 10:20 PM
need to dual boot centos 5.1 with xp but centos is already installed. extendedping Linux - Software 4 05-13-2008 09:40 PM
installed centos 5 sivaraman Linux - Newbie 1 03-03-2008 03:26 AM
Samba installed on centos or not? Heba Ezzat Red Hat 8 02-12-2007 09:53 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 09:12 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration