Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-05-2010, 07:15 AM
|
#1
|
Member
Registered: Mar 2010
Posts: 31
Rep:
|
config ldap client for slave ldap
hi there , i have successful secure ldap replication but i could not make ldap client to direct its authentication to slave ldap
here is my config file on ldap client (i am not sure if it is the right place though)
ip : 192.168.1.183 is master ldap
ip : 192.168.1.185 is slave ldap
pico /etc/ldap/ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=webon
URI ldaps://192.168.1.183 ldap://192.168.1.185
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
TLS_CACERT /etc/ldap/cacert.pem
TLS_REQCERT never
Here is log file
client:~# tail /var/log/auth.log
Apr 6 01:10:51 client sshd[2205]: pam_ldap: could not open secret file /etc/pam_ldap.secret (No such file or directory)
Apr 6 01:10:51 client sshd[2205]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Apr 6 01:10:51 client sshd[2205]: pam_ldap: reconnecting to LDAP server...
Apr 6 01:10:51 client sshd[2205]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Apr 6 01:10:53 client sshd[2205]: Failed password for invalid user nsomo from 192.168.1.118 port 49665 ssh2
Apr 6 01:10:56 client sshd[2205]: pam_unix(sshd:auth): check pass; user unknown
Apr 6 01:10:56 client sshd[2205]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Apr 6 01:10:56 client sshd[2205]: pam_ldap: reconnecting to LDAP server...
Apr 6 01:10:56 client sshd[2205]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Apr 6 01:10:57 client sshd[2205]: Failed password for invalid user nsomo from 192.168.1.118 port 49665 ssh2
|
|
|
04-05-2010, 05:09 PM
|
#2
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
right, well if it's working on the primary server, then there's very clearly an issue on the backup server, not the client, so there's no benefit in showing us the client side logs. Have you looked in the server logs for their take on this??
|
|
|
04-08-2010, 01:32 AM
|
#3
|
Member
Registered: Mar 2010
Posts: 31
Original Poster
Rep:
|
Quote:
Originally Posted by acid_kewpie
right, well if it's working on the primary server, then there's very clearly an issue on the backup server, not the client, so there's no benefit in showing us the client side logs. Have you looked in the server logs for their take on this??
|
what log I should put on here?
/var/log/auth.log? what else?
|
|
|
04-08-2010, 02:35 AM
|
#4
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
no, the logs for the ldap server itself, whatever it is.
|
|
|
04-08-2010, 06:35 AM
|
#5
|
Member
Registered: Mar 2010
Posts: 31
Original Poster
Rep:
|
Quote:
Originally Posted by acid_kewpie
no, the logs for the ldap server itself, whatever it is.
|
debian4:~# tail -f /var/log/auth.log
Apr 6 18:09:01 debian4 CRON[3016]: pam_unix(cron:session): session opened for u ser root by (uid=0)
Apr 6 18:09:01 debian4 CRON[3016]: pam_unix(cron:session): session closed for u ser root
Apr 6 18:17:01 debian4 CRON[3026]: pam_unix(cron:session): session opened for u ser root by (uid=0)
debian4:~# more /var/log/kern.log
Apr 6 06:25:04 debian4 kernel: imklog 3.18.6, log source = /proc/kmsg started.
debian4:~# more /var/log/apache2/access.log
::1 - - [06/Apr/2010:06:25:03 +0700] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.
9 (Debian) PHP/5.2.6-1+lenny6 with Suhosin-Patch (internal dummy connection)"
::1 - - [06/Apr/2010:06:25:03 +0700] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.
9 (Debian) PHP/5.2.6-1+lenny6 with Suhosin-Patch (internal dummy connection)"
debian4:~# more /var/log/apache2/error.log
[Tue Apr 06 06:25:03 2010] [notice] Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny6 wit
h Suhosin-Patch configured -- resuming normal operations
|
|
|
04-08-2010, 09:00 AM
|
#6
|
Member
Registered: Jan 2008
Distribution: RHEL, CentOS, Ubuntu
Posts: 379
Rep:
|
add local4.* to syslog.conf and point it to /var/log/ldap ...or something like that.
|
|
|
04-08-2010, 04:23 PM
|
#7
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
Apache logs?? what does this have to do with apache?? Again, you have an ldap server that your ldap clients are using, right? well you need to look at the logs for the actual ldap server (i.e. the ldap software, not just the machine it's running on).
|
|
|
04-08-2010, 10:20 PM
|
#8
|
Member
Registered: Jan 2008
Distribution: RHEL, CentOS, Ubuntu
Posts: 379
Rep:
|
And if your editing /etc/ldap/ldap.conf your machine may be (likely) looking at /etc/ldap.conf
I was assuming openldap, maybe assuming is a bad start.
|
|
|
04-09-2010, 05:31 AM
|
#9
|
Member
Registered: Mar 2010
Posts: 31
Original Poster
Rep:
|
Quote:
Originally Posted by frndrfoe
And if your editing /etc/ldap/ldap.conf your machine may be (likely) looking at /etc/ldap.conf
I was assuming openldap, maybe assuming is a bad start.
|
I use openldap (apt-get install) and debian lenny
|
|
|
04-09-2010, 05:32 AM
|
#10
|
Member
Registered: Mar 2010
Posts: 31
Original Poster
Rep:
|
Quote:
Originally Posted by acid_kewpie
Apache logs?? what does this have to do with apache?? Again, you have an ldap server that your ldap clients are using, right? well you need to look at the logs for the actual ldap server (i.e. the ldap software, not just the machine it's running on).
|
so u mean log file from ldap master?
|
|
|
All times are GMT -5. The time now is 12:51 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|