LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 04-05-2010, 07:15 AM   #1
neverland
Member
 
Registered: Mar 2010
Posts: 31

Rep: Reputation: 15
config ldap client for slave ldap


hi there , i have successful secure ldap replication but i could not make ldap client to direct its authentication to slave ldap

here is my config file on ldap client (i am not sure if it is the right place though)

ip : 192.168.1.183 is master ldap
ip : 192.168.1.185 is slave ldap

pico /etc/ldap/ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE dc=webon
URI ldaps://192.168.1.183 ldap://192.168.1.185
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
TLS_CACERT /etc/ldap/cacert.pem
TLS_REQCERT never

Here is log file

client:~# tail /var/log/auth.log
Apr 6 01:10:51 client sshd[2205]: pam_ldap: could not open secret file /etc/pam_ldap.secret (No such file or directory)
Apr 6 01:10:51 client sshd[2205]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Apr 6 01:10:51 client sshd[2205]: pam_ldap: reconnecting to LDAP server...
Apr 6 01:10:51 client sshd[2205]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Apr 6 01:10:53 client sshd[2205]: Failed password for invalid user nsomo from 192.168.1.118 port 49665 ssh2
Apr 6 01:10:56 client sshd[2205]: pam_unix(sshd:auth): check pass; user unknown
Apr 6 01:10:56 client sshd[2205]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Apr 6 01:10:56 client sshd[2205]: pam_ldap: reconnecting to LDAP server...
Apr 6 01:10:56 client sshd[2205]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Apr 6 01:10:57 client sshd[2205]: Failed password for invalid user nsomo from 192.168.1.118 port 49665 ssh2
 
Old 04-05-2010, 05:09 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
right, well if it's working on the primary server, then there's very clearly an issue on the backup server, not the client, so there's no benefit in showing us the client side logs. Have you looked in the server logs for their take on this??
 
Old 04-08-2010, 01:32 AM   #3
neverland
Member
 
Registered: Mar 2010
Posts: 31

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by acid_kewpie View Post
right, well if it's working on the primary server, then there's very clearly an issue on the backup server, not the client, so there's no benefit in showing us the client side logs. Have you looked in the server logs for their take on this??
what log I should put on here?
/var/log/auth.log? what else?
 
Old 04-08-2010, 02:35 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
no, the logs for the ldap server itself, whatever it is.
 
Old 04-08-2010, 06:35 AM   #5
neverland
Member
 
Registered: Mar 2010
Posts: 31

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by acid_kewpie View Post
no, the logs for the ldap server itself, whatever it is.
debian4:~# tail -f /var/log/auth.log
Apr 6 18:09:01 debian4 CRON[3016]: pam_unix(cron:session): session opened for u ser root by (uid=0)
Apr 6 18:09:01 debian4 CRON[3016]: pam_unix(cron:session): session closed for u ser root
Apr 6 18:17:01 debian4 CRON[3026]: pam_unix(cron:session): session opened for u ser root by (uid=0)

debian4:~# more /var/log/kern.log
Apr 6 06:25:04 debian4 kernel: imklog 3.18.6, log source = /proc/kmsg started.

debian4:~# more /var/log/apache2/access.log
::1 - - [06/Apr/2010:06:25:03 +0700] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.
9 (Debian) PHP/5.2.6-1+lenny6 with Suhosin-Patch (internal dummy connection)"
::1 - - [06/Apr/2010:06:25:03 +0700] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.
9 (Debian) PHP/5.2.6-1+lenny6 with Suhosin-Patch (internal dummy connection)"

debian4:~# more /var/log/apache2/error.log
[Tue Apr 06 06:25:03 2010] [notice] Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny6 wit
h Suhosin-Patch configured -- resuming normal operations
 
Old 04-08-2010, 09:00 AM   #6
frndrfoe
Member
 
Registered: Jan 2008
Distribution: RHEL, CentOS, Ubuntu
Posts: 379

Rep: Reputation: 38
add local4.* to syslog.conf and point it to /var/log/ldap ...or something like that.
 
Old 04-08-2010, 04:23 PM   #7
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
Apache logs?? what does this have to do with apache?? Again, you have an ldap server that your ldap clients are using, right? well you need to look at the logs for the actual ldap server (i.e. the ldap software, not just the machine it's running on).
 
Old 04-08-2010, 10:20 PM   #8
frndrfoe
Member
 
Registered: Jan 2008
Distribution: RHEL, CentOS, Ubuntu
Posts: 379

Rep: Reputation: 38
And if your editing /etc/ldap/ldap.conf your machine may be (likely) looking at /etc/ldap.conf

I was assuming openldap, maybe assuming is a bad start.
 
Old 04-09-2010, 05:31 AM   #9
neverland
Member
 
Registered: Mar 2010
Posts: 31

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by frndrfoe View Post
And if your editing /etc/ldap/ldap.conf your machine may be (likely) looking at /etc/ldap.conf

I was assuming openldap, maybe assuming is a bad start.
I use openldap (apt-get install) and debian lenny
 
Old 04-09-2010, 05:32 AM   #10
neverland
Member
 
Registered: Mar 2010
Posts: 31

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by acid_kewpie View Post
Apache logs?? what does this have to do with apache?? Again, you have an ldap server that your ldap clients are using, right? well you need to look at the logs for the actual ldap server (i.e. the ldap software, not just the machine it's running on).
so u mean log file from ldap master?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to setup open ldap server and solaris 10 as ldap client maheshlad Linux - Software 1 10-10-2009 01:55 AM
LDAP in master-slave replication aravind1024004 Linux - Server 1 04-10-2008 11:21 PM
Ldap Master slave aravindhcl Linux - Server 1 12-26-2007 08:26 PM
ldap replication master - slave jadid Linux - Software 2 10-18-2006 12:25 PM
change password at slave ldap u4113072 Linux - Software 0 11-12-2002 03:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 12:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration