Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
|
03-25-2009, 05:34 PM
|
#1
|
Senior Member
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979
|
Installed CentOS Directory Server...what now?
Hello,
So I'm venturing off into LDAP land, and trying to learn about it using CentOS 5.2 and CentOS Directory Server.
I successfully installed CentOS Directory Server following this...
http://www.howtoforge.com/centos-dir...r-on-centos5.2
I haven't done anything else (yet), and am interesting in...
1) Join other Linux (CentOS) clients to this server
2) Join XP clients to this server
I've read once that you don't necessarily need samba for XP clients (using pGina if I remember correctly)...can that still be done? I know that you can intagrate Samba with the directory server, but I don't think that I want to do that yet
If I add a user on the Directory Server; can I just use system-config-authentication on the Linux (CentOS) client, then use the login I created? Or are there other steps that I need to do first?
How can I do the same on the XP client?
I've been looking on google but haven't found much information :/
Any help/guidance/suggestions would be most helpful :-)
Thanks,
-C
|
|
|
03-25-2009, 05:54 PM
|
#2
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
Well you don't add clients to a directory server instance. "Joining" is normally with regards to windows AD domains, done under Linux via Samba. DS is just a generic LDAP server, to do whatever you want to with, including storing user accounts IF that's what you want. Alternatively you could store just about any arbitrary data in it instead of user accounts.
If your LDAP server contains posix users and groups then any posix compliant system which can get a userbase from it can use it for that purpose. The sys-conf-auth tool is pretty noddy, and you'd normally need to configure proper bind and base dn's and such in /etc/ldap.conf to actually get things going properly.
The XP side is really off on it's own. you've a common protocol connecting the two, so yeah pGina supports LDAP so that should be fine.
Last edited by acid_kewpie; 03-25-2009 at 05:56 PM.
|
|
|
03-25-2009, 06:42 PM
|
#3
|
Senior Member
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979
Original Poster
|
Quote:
Originally Posted by acid_kewpie
Well you don't add clients to a directory server instance. "Joining" is normally with regards to windows AD domains, done under Linux via Samba. DS is just a generic LDAP server, to do whatever you want to with, including storing user accounts IF that's what you want. Alternatively you could store just about any arbitrary data in it instead of user accounts.
If your LDAP server contains posix users and groups then any posix compliant system which can get a userbase from it can use it for that purpose. The sys-conf-auth tool is pretty noddy, and you'd normally need to configure proper bind and base dn's and such in /etc/ldap.conf to actually get things going properly.
The XP side is really off on it's own. you've a common protocol connecting the two, so yeah pGina supports LDAP so that should be fine.
|
Not really concerned with "Joining" machines to the LDAP (like you stated; that's more of a AD or Linux/Samba thing).
What I want to accomplish (initially) is this...
1) Add user to Directory Server
2) Be able to log into either XP and/or Linux Machine using that 1 login
Basically a "single sign on" thing...
Been trying to look for a how to or something on google...no luck :/
-C
|
|
|
03-25-2009, 06:45 PM
|
#4
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
Well I'm only familiar with RHDS, which I assume is the same thing. You have the centos-idm-console don't you? Got your Directory Manager account all sorted?
|
|
|
03-25-2009, 07:07 PM
|
#5
|
Senior Member
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979
Original Poster
|
Quote:
Originally Posted by acid_kewpie
Well I'm only familiar with RHDS, which I assume is the same thing. You have the centos-idm-console don't you? Got your Directory Manager account all sorted?
|
Yes...I'm able to connect with centos-idm-console and I am able to login.
I loggedin just to "take a look" ; but I haven't done anything other than just look around.
-C
|
|
|
03-28-2009, 01:45 PM
|
#6
|
Senior Member
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979
Original Poster
|
Update....
So I added a user and installed pGina...but I cannot login using the user I created...
Looking at the Windows XP "Event Viewer" I keep getting these messages...
Quote:
Event Type: Error
Event Source: pGina
Event Category: None
Event ID: 0
Date: 3/28/2009
Time: 9:57:15 AM
User: N/A
Computer: XP-2C70C5
Description:
The description for Event ID ( 0 ) in Source ( pGina ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Error reading registry entry reqDom..
|
I have a few of these...not sure what they mean...
-C
(again sorry...but I'm new to this "directory" server" thing  )
|
|
|
03-28-2009, 03:32 PM
|
#7
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
don't walk before you can run. Get your ldap server running first. make sure you can bind against it using your new account with a tool like ldapsearch. When that is completely up and functioning, THEN worry about actually making use of it.
|
|
|
03-28-2009, 03:36 PM
|
#8
|
Senior Member
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979
Original Poster
|
Quote:
Originally Posted by acid_kewpie
don't walk before you can run. Get your ldap server running first. make sure you can bind against it using your new account with a tool like ldapsearch. When that is completely up and functioning, THEN worry about actually making use of it.
|
You're right...I should be taking baby steps
And judging from the logs, I don't think that I set up the server right...
Quote:
[28/Mar/2009:12:31:55 -0700] conn=31 fd=68 slot=68 connection from 192.168.1.67 to 192.168.1.248
[28/Mar/2009:12:31:55 -0700] conn=31 op=0 BIND dn="" method=128 version=3
[28/Mar/2009:12:31:55 -0700] conn=31 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[28/Mar/2009:12:31:55 -0700] conn=31 op=1 SRCH base="dc=ldap,dc=domain,dc=tld" scope=2 filter="(&(objectClass=posixAccount)(uid=psmurf))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass"
[28/Mar/2009:12:31:55 -0700] conn=31 op=1 RESULT err=32 tag=101 nentries=0 etime=0
[28/Mar/2009:12:31:55 -0700] conn=31 op=2 SRCH base="dc=ldap,dc=domain,dc=tld" scope=2 filter="(&(objectClass=posixAccount)(uid=psmurf))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass"
[28/Mar/2009:12:31:55 -0700] conn=31 op=2 RESULT err=32 tag=101 nentries=0 etime=0
[28/Mar/2009:12:32:01 -0700] conn=31 op=3 SRCH base="dc=ldap,dc=domain,dc=tld" scope=2 filter="(&(objectClass=posixAccount)(uid=psmurf))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass"
[28/Mar/2009:12:32:01 -0700] conn=31 op=3 RESULT err=32 tag=101 nentries=0 etime=0
[28/Mar/2009:12:32:01 -0700] conn=31 op=4 SRCH base="dc=ldap,dc=domain,dc=tld" scope=2 filter="(&(objectClass=posixAccount)(uid=psmurf))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass"
[28/Mar/2009:12:32:01 -0700] conn=31 op=4 RESULT err=32 tag=101 nentries=0 etime=0
[28/Mar/2009:12:32:03 -0700] conn=31 op=6 SRCH base="dc=ldap,dc=domain,dc=tld" scope=2 filter="(&(objectClass=posixAccount)(uid=psmurf))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass"
[28/Mar/2009:12:32:03 -0700] conn=31 op=6 RESULT err=32 tag=101 nentries=0 etime=0
|
Ok...starting over now *sigh*
-C
|
|
|
04-11-2009, 12:59 AM
|
#9
|
Senior Member
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979
Original Poster
|
Ok so I got the directory server installed and running...
I added a user "christian"
I ran this command
Code:
authconfig --enableldap --enableldapauth --enablemkhomedir --ldapserver=127.0.0.1 --ldapbasedn="dc=example,dc=org" --update
I am able to "su" as the user...but now I am getting this error...
Code:
[root@ldap ~]# su - christian
id: cannot find name for group ID 637
[christian@ldap ~]$
It looks like it's "working" but keep getting this error...when I look at the directory server...there is no where (at least in the web interface) where I can specify what POSIX GID I want the "group" to be (screen shots attached)
Getting the same error when I ssh in (not really an error since I can login...but still...)
-C
|
|
|
04-11-2009, 04:58 AM
|
#10
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
You need to make it a posix group by adding the posixGroup objectType. thingy form the course... posixGroup is STRUCTURAL, not an ABSTRACT object so should not be able to added to an object with a defined type already, but due to the fact that RHDS doesn't correctly enforce this, you can. Really worth your while finding out what the arse i'm talking about if you daon't already know. read the schema LDIF's for the objectTypes defined etc.
|
|
|
04-11-2009, 01:05 PM
|
#11
|
Senior Member
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979
Original Poster
|
Quote:
Originally Posted by acid_kewpie
You need to make it a posix group by adding the posixGroup objectType. thingy form the course... posixGroup is STRUCTURAL, not an ABSTRACT object so should not be able to added to an object with a defined type already, but due to the fact that RHDS doesn't correctly enforce this, you can. Really worth your while finding out what the arse i'm talking about if you daon't already know. read the schema LDIF's for the objectTypes defined etc.
|
Sadly...I don't know "what the arse" you're talking about...sinceI don't already know
This LDAP/RHDS is all new to me, so it's a bit over my head...
-C
|
|
|
04-11-2009, 01:47 PM
|
#12
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
hit advanced and go down to the objectTypes values, add attribute select posixGroup. That will give you the extra attributes you need.
|
|
|
04-11-2009, 02:12 PM
|
#13
|
Senior Member
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979
Original Poster
|
Quote:
Originally Posted by acid_kewpie
hit advanced and go down to the objectTypes values, add attribute select posixGroup. That will give you the extra attributes you need.
|
Ok...got it!
So what I did basically is I changed she schema? Or...sorry for the ignorance since I'm new to this...but from a high level...
I added a value to the "Object Class" Attribute...correct?
Sorry again for the ignorance...just trying to get the knowledge
-C
Last edited by custangro; 04-11-2009 at 02:21 PM.
|
|
|
04-11-2009, 04:13 PM
|
#14
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
duuuuh yes, objectClass, not objectType. You didn't change the schema. The schema is what makes that possible in the first place.if you read some of the schema ldifs in /etc/dirsrv/slapd-whatever you can see where each of these attributes come from and do some background reading on what that's all about.
|
|
|
04-11-2009, 07:05 PM
|
#15
|
Senior Member
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979
Original Poster
|
Quote:
Originally Posted by acid_kewpie
duuuuh yes, objectClass, not objectType. You didn't change the schema. The schema is what makes that possible in the first place.if you read some of the schema ldifs in /etc/dirsrv/slapd-whatever you can see where each of these attributes come from and do some background reading on what that's all about.
|
Thanks, I'll do some poking around.
-C
|
|
|
All times are GMT -5. The time now is 09:12 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|