LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-12-2009, 10:44 AM   #1
LinuxCowboy03
LQ Newbie
 
Registered: Dec 2004
Location: Pennsylvania's Silicon Valley
Distribution: PCLinuxOS 2007 (my fav), OpenSuSe, LinuxMint
Posts: 18

Rep: Reputation: 0
Linux LDAP Authentication?


Howdy,

So I've got a Max OSX 10.5 Server running OpenDirectory. It's based on OpenLDAP. So I thought it would be a pretty easy process to have a Linux client authenticate against it. Wrong!
Any helpful advice? I haven't found too much on the web about Apples implementation of OpenLDAP and Linux clients.
On a related note, I've got SMB running on that Mac server too, and Windows XP clients authenticating against it, but I can't get any Linux clients to authenticate against it.

Come to think of it, I've never actually seen Linux authenticate against anything!!!
I am a Network Admin at a school, and I want to use Linux on some of our desktops. But authentication is a huge problem. Can't get it to authenticate against my Mac server or my Windows server!

As far as what I'm using, right now I've got a laptop set up with OpenSuse 11.1.

Any help would be appreciated! Linux is never going to see an increase in use in schools if all IT people run into the problems that I'm seeing. Bout ready to just give up on it. I've been trying for years to get something like this going. First tried to get Linux to login to my Windows 2003 server a couple years ago, and then tried it again earlier this year with the new Windows 2008 server. Then I just decided try it now that I have a Mac server, thought it would work better being LDAP?

Sorry to rant. Please help out a school that wants to use Linux! If I can just get it to reliably log into the server and map a network drive, then we can start using it on our workstations!
 
Old 02-13-2009, 04:33 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977
Personally I wouldn't use samba domains for authentication, just direct ldap, which is pretty easy. You've not said what distro you're using, but distro's like redhat have tools to automatically configure nsswitch.conf, ldap.conf and such to connect on ldap. If you have specific bind dn's and such then you would need to probably modify ldap.conf to add these extra details. The best advice is probably to divide and conquer. First get comfortable with an ldapsearch of the servers, then get to a stage where you can run "getent passwd" and get a valid list of accounts including the ldap ones, and then try to authenticate etc...
 
Old 02-13-2009, 09:21 AM   #3
LinuxCowboy03
LQ Newbie
 
Registered: Dec 2004
Location: Pennsylvania's Silicon Valley
Distribution: PCLinuxOS 2007 (my fav), OpenSuSe, LinuxMint
Posts: 18

Original Poster
Rep: Reputation: 0
I'm running OpenSuse 11.1 at the moment.

I've tried to set it up to use LDAP for authentication, and I got the LDAP info from my server, and entered it in.
After doing that, I guess I assumed that I would just be able to reboot the computer, and at the login screen, login with a network account. Doesn't seem to go though.

FYI - I can browse my LDAP, so I know that it's able to communicate with the server, and I can see accounts, etc. Just can't get the computer to log in.

Any ideas?
 
Old 02-13-2009, 10:03 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977
ok, define "see accounts" please. note you'll need fully valid posix entires for group, shadow and passwd to log in
 
Old 02-13-2009, 03:06 PM   #5
LinuxCowboy03
LQ Newbie
 
Registered: Dec 2004
Location: Pennsylvania's Silicon Valley
Distribution: PCLinuxOS 2007 (my fav), OpenSuSe, LinuxMint
Posts: 18

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by acid_kewpie View Post
ok, define "see accounts" please. note you'll need fully valid posix entires for group, shadow and passwd to log in
I must confess I'm a total LDAP newbie. I've been a network administrator for a couple years now, but I've mainly worked with Active Directory. My experience with Linux is using it run some servers at work (which I didn't have the need to authenticate). Anyways, this Mac server is LDAP-based, so I assumed that Linux could authenticate against it.

When I say that I can browse the LDAP, I mean that OpenSuSe has a tool that lets you do that, and with the proper credentials, you can see everything contained in LDAP (excuse me if my terminology is way off) What I'm trying to say is that I can connect to the server and access some sort of directory. hah.

Anyways, I'm not totally sure what you mean by fully valid posix entries.

Can you give me an example of what I would type in to log in then? Say that I've done everything right, which I think I have, because like I said I can see stuff on the server, it's obviously authenticating me at some point, I gave the client all the information and what not, and I'm sitting at the login screen. What would I type in to tell it to log me in authenticating against the LDAP server.
It's not going to do my any good to log in, and THEN authenticate, and THEN map a network drive. I can't see our students doing that. So naturally, I want to make the log in just like it is on our Macs and Windows machines.

Of course, it's easy as heck on the Windows and Mac machines to join! On the Mac, I just type in the name of the server into the directory utility, reboot and log in. Windows, I just join it to the Samba PDC running on the Mac server, reboot, and voila! I only wish Linux was this easy!
 
Old 02-13-2009, 03:59 PM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977
a posix user is what is defined in each line in /etc/passwd. If you cna't obtain all the essential parts for an entry like that from ldap, you can't use it as a valid account. Again, divide and conquer... can you do a getent passwd and get VALID entries back? It may be the case that you get invalid entries, e.g. a username but no shell, and that's a pretty good start still, compared to getting nothing.
 
  


Reply

Tags
openldap


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Ldap authentication Error OES linux hswilliams143 SUSE / openSUSE 3 08-08-2010 04:44 AM
LXer: LDAP Authentication In Linux LXer Syndicated Linux News 0 09-03-2006 12:21 PM
LDAP authentication + Redhat Linux rockage2001 Linux - Networking 0 12-05-2003 03:45 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration