Linux - Server This forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to
LinuxQuestions.org , a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free.
Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please
contact us . If you need to reset your password,
click here .
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a
virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month.
Click here for more info.
06-28-2010, 11:02 PM
#1
LQ Newbie
Registered: Jun 2010
Posts: 6
Rep:
Please Help.!! 389 Directory server.
Hi Team,
I am setting up Fedora-13 with "389 directory server" for authentication. I had performed the following steps.
1. Install FD-13.
2. Yum install 389-ds.
3. Run script to configure.
4. Start 389-condole and create few group and user for testing.
I can see these user with "ldapsearch" and with "phpldapadmin". It looks my server is responding.
However, I am unable to see any user name with "getent passwd". also "ssh server_user@server" is not able to login.
whereas "getent passwd" shows local user and "ssh local_user@server" is able to login.
Any advise will be helpful.
Also note that I am not useing ssl, so want to avoid ssl. o you think it can be an issue.
Thanks in advance.
06-28-2010, 11:11 PM
#2
Senior Member
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979
Quote:
Originally Posted by
rajeev_rattra
Hi Team,
I am setting up Fedora-13 with "389 directory server" for authentication. I had performed the following steps.
1. Install FD-13.
2. Yum install 389-ds.
3. Run script to configure.
4. Start 389-condole and create few group and user for testing.
I can see these user with "ldapsearch" and with "phpldapadmin". It looks my server is responding.
However, I am unable to see any user name with "getent passwd". also "ssh server_user@server" is not able to login.
whereas "getent passwd" shows local user and "ssh local_user@server" is able to login.
Any advise will be helpful.
Also note that I am not useing ssl, so want to avoid ssl. o you think it can be an issue.
Thanks in advance.
Did you use
system-config-authentication tool on the client?
06-28-2010, 11:38 PM
#3
LQ Newbie
Registered: Jun 2010
Posts: 6
Original Poster
Rep:
Quote:
Originally Posted by
custangro
Did you use system-config-authentication tool on the client?
Thanks,
Yes I do use "system-config-authentication".
But before that, "getent passwd" should show me the server_user name. And "ssh server_user@server" should alow me to login.
Any Advise.
Thanks again for help.
06-29-2010, 11:32 AM
#4
Member
Registered: Jan 2008
Distribution: RHEL, CentOS, Ubuntu
Posts: 379
Rep:
does /etc/ldap.conf have a "host" or "uri" line referring to your localhost?
does /etc/nsswitch.conf refer to ldap for passwd, group, and shadow?
check /etc/pam.d/system-auth-ac (file name may have changed in f13) for a few lines calling ldap.so
06-30-2010, 01:38 AM
#5
Member
Registered: Feb 2008
Distribution: Fedora,RHEL,Ubuntu
Posts: 661
Rep:
Ensure /etc/nsswitch.conf in following format
passwd: files ldap
shadow: files ldap
group: files ldap
And /etc/ldap.conf in
BASE dc=test,dc=com( if your doamin is test.com otherwise change it accordingly)
URI ldap://localhost
Thanks
Last edited by vishesh; 06-30-2010 at 01:40 AM .
07-03-2010, 06:04 AM
#6
LQ Newbie
Registered: Jun 2010
Posts: 6
Original Poster
Rep:
Thanks for reply.
I had corrected my nssswitch.conf.
passwd: files ldap sss
shadow: files ldap sss
group: files ldap sss
I am not sure what are these "sss".
Now I can get username with getent passwd. Still unable to do "ssh user@host" or login.
Also for information, "System-config-authenticate" is new in FC13. I is also forcing to enable TSL certificate.
Any advice.
07-03-2010, 06:15 AM
#7
LQ Newbie
Registered: Jun 2010
Posts: 6
Original Poster
Rep:
Quote:
Originally Posted by
frndrfoe
does /etc/ldap.conf have a "host" or "uri" line referring to your localhost?
does /etc/nsswitch.conf refer to ldap for passwd, group, and shadow?
check /etc/pam.d/system-auth-ac (file name may have changed in f13) for a few lines calling ldap.so
Unfortunatily these is no line calling ldap.so. Di=o you think some thing is missing here?
Please advise.
Thanks again.
07-06-2010, 10:08 AM
#8
Senior Member
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979
Quote:
Originally Posted by
rajeev_rattra
Thanks for reply.
I had corrected my nssswitch.conf.
passwd: files ldap sss
shadow: files ldap sss
group: files ldap sss
I am not sure what are these "sss".
Now I can get username with getent passwd. Still unable to do "ssh user@host" or login.
Also for information, "System-config-authenticate" is new in FC13. I is also forcing to enable TSL certificate.
Any advice.
1) Are you using TLS? Remember you must provide the certificate if it's forcing TLS...
2)Did you install pam_ldap (or whatever it's called now)?
07-07-2010, 04:45 AM
#9
LQ Newbie
Registered: Jun 2010
Posts: 6
Original Poster
Rep:
Quote:
Originally Posted by
custangro
1) Are you using TLS? Remember you must provide the certificate if it's forcing TLS...
2)Did you install pam_ldap (or whatever it's called now)?
Thanks for reply. I don't want to use TSL. But system is forcing me to do so. So I am using "setup" Command from command line.
How to disable TSL?
Earlier, PAM_LADP WAS INSTALLED AUTOMATICALLY BY yum. I will check it.
07-07-2010, 10:17 AM
#10
Senior Member
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979
Quote:
Originally Posted by
rajeev_rattra
Thanks for reply. I don't want to use TSL. But system is forcing me to do so. So I am using "setup" Command from command line.
How to disable TSL?
Earlier, PAM_LADP WAS INSTALLED AUTOMATICALLY BY yum. I will check it.
Have you tired running it from the command line? Something like...
Code:
authconfig --enableldap --enableldapauth --enablemkhomedir --ldapserver=ldap.example.com --ldapbasedn="dc=example,dc=com" --update
Also have you verified that you added something like this....
Code:
auth sufficient pam_ldap.so
account sufficient pam_ldap.so
password sufficient pam_ldap.so
session sufficient pam_ldap.so
In the pam files (including but not limited to)
/etc/pam.d/sshd and
/etc/pam.d/login ?
NOTE: I'm just going off of what I did to my RHEL/CentOS servers...haven't really played with F13 yet...but the steps should be similar...
-C
All times are GMT -5. The time now is 06:34 PM .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know .
Latest Threads
LQ News