LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 06-28-2010, 11:02 PM   #1
rajeev_rattra
LQ Newbie
 
Registered: Jun 2010
Posts: 6

Rep: Reputation: 0
Please Help.!! 389 Directory server.


Hi Team,

I am setting up Fedora-13 with "389 directory server" for authentication. I had performed the following steps.

1. Install FD-13.
2. Yum install 389-ds.
3. Run script to configure.
4. Start 389-condole and create few group and user for testing.

I can see these user with "ldapsearch" and with "phpldapadmin". It looks my server is responding.

However, I am unable to see any user name with "getent passwd". also "ssh server_user@server" is not able to login.

whereas "getent passwd" shows local user and "ssh local_user@server" is able to login.

Any advise will be helpful.

Also note that I am not useing ssl, so want to avoid ssl. o you think it can be an issue.

Thanks in advance.
 
Old 06-28-2010, 11:11 PM   #2
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,978
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Quote:
Originally Posted by rajeev_rattra View Post
Hi Team,

I am setting up Fedora-13 with "389 directory server" for authentication. I had performed the following steps.

1. Install FD-13.
2. Yum install 389-ds.
3. Run script to configure.
4. Start 389-condole and create few group and user for testing.

I can see these user with "ldapsearch" and with "phpldapadmin". It looks my server is responding.

However, I am unable to see any user name with "getent passwd". also "ssh server_user@server" is not able to login.

whereas "getent passwd" shows local user and "ssh local_user@server" is able to login.

Any advise will be helpful.

Also note that I am not useing ssl, so want to avoid ssl. o you think it can be an issue.

Thanks in advance.
Did you use system-config-authentication tool on the client?
 
Old 06-28-2010, 11:38 PM   #3
rajeev_rattra
LQ Newbie
 
Registered: Jun 2010
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by custangro View Post
Did you use system-config-authentication tool on the client?
Thanks,

Yes I do use "system-config-authentication".

But before that, "getent passwd" should show me the server_user name. And "ssh server_user@server" should alow me to login.

Any Advise.

Thanks again for help.
 
Old 06-29-2010, 11:32 AM   #4
frndrfoe
Member
 
Registered: Jan 2008
Distribution: RHEL, CentOS, Ubuntu
Posts: 379

Rep: Reputation: 38
does /etc/ldap.conf have a "host" or "uri" line referring to your localhost?

does /etc/nsswitch.conf refer to ldap for passwd, group, and shadow?

check /etc/pam.d/system-auth-ac (file name may have changed in f13) for a few lines calling ldap.so
 
Old 06-30-2010, 01:38 AM   #5
vishesh
Member
 
Registered: Feb 2008
Distribution: Fedora,RHEL,Ubuntu
Posts: 661

Rep: Reputation: 66
Ensure /etc/nsswitch.conf in following format
passwd: files ldap
shadow: files ldap
group: files ldap
And /etc/ldap.conf in
BASE dc=test,dc=com( if your doamin is test.com otherwise change it accordingly)
URI ldap://localhost

Thanks

Last edited by vishesh; 06-30-2010 at 01:40 AM.
 
Old 07-03-2010, 06:04 AM   #6
rajeev_rattra
LQ Newbie
 
Registered: Jun 2010
Posts: 6

Original Poster
Rep: Reputation: 0
Thanks for reply.
I had corrected my nssswitch.conf.

passwd: files ldap sss
shadow: files ldap sss
group: files ldap sss

I am not sure what are these "sss".

Now I can get username with getent passwd. Still unable to do "ssh user@host" or login.

Also for information, "System-config-authenticate" is new in FC13. I is also forcing to enable TSL certificate.

Any advice.
 
Old 07-03-2010, 06:15 AM   #7
rajeev_rattra
LQ Newbie
 
Registered: Jun 2010
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by frndrfoe View Post
does /etc/ldap.conf have a "host" or "uri" line referring to your localhost?

does /etc/nsswitch.conf refer to ldap for passwd, group, and shadow?

check /etc/pam.d/system-auth-ac (file name may have changed in f13) for a few lines calling ldap.so
Unfortunatily these is no line calling ldap.so. Di=o you think some thing is missing here?

Please advise.

Thanks again.
 
Old 07-06-2010, 10:08 AM   #8
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,978
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Quote:
Originally Posted by rajeev_rattra View Post
Thanks for reply.
I had corrected my nssswitch.conf.

passwd: files ldap sss
shadow: files ldap sss
group: files ldap sss

I am not sure what are these "sss".

Now I can get username with getent passwd. Still unable to do "ssh user@host" or login.

Also for information, "System-config-authenticate" is new in FC13. I is also forcing to enable TSL certificate.

Any advice.
1) Are you using TLS? Remember you must provide the certificate if it's forcing TLS...

2)Did you install pam_ldap (or whatever it's called now)?
 
Old 07-07-2010, 04:45 AM   #9
rajeev_rattra
LQ Newbie
 
Registered: Jun 2010
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by custangro View Post
1) Are you using TLS? Remember you must provide the certificate if it's forcing TLS...

2)Did you install pam_ldap (or whatever it's called now)?
Thanks for reply. I don't want to use TSL. But system is forcing me to do so. So I am using "setup" Command from command line.

How to disable TSL?

Earlier, PAM_LADP WAS INSTALLED AUTOMATICALLY BY yum. I will check it.
 
Old 07-07-2010, 10:17 AM   #10
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,978
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Quote:
Originally Posted by rajeev_rattra View Post
Thanks for reply. I don't want to use TSL. But system is forcing me to do so. So I am using "setup" Command from command line.

How to disable TSL?

Earlier, PAM_LADP WAS INSTALLED AUTOMATICALLY BY yum. I will check it.
Have you tired running it from the command line? Something like...

Code:
authconfig --enableldap --enableldapauth --enablemkhomedir --ldapserver=ldap.example.com --ldapbasedn="dc=example,dc=com" --update
Also have you verified that you added something like this....

Code:
auth		sufficient	pam_ldap.so
account		sufficient	pam_ldap.so
password	sufficient	pam_ldap.so
session		sufficient	pam_ldap.so
In the pam files (including but not limited to)/etc/pam.d/sshd and /etc/pam.d/login ?

NOTE: I'm just going off of what I did to my RHEL/CentOS servers...haven't really played with F13 yet...but the steps should be similar...

-C
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Setting up Fedora DS(389 DS Server) on centOS 5.4? your_shadow03 Linux - Newbie 8 12-07-2011 01:04 AM
Unable to access 389-DS Server through remote LDAP Admin tool? your_shadow03 Linux - Newbie 2 01-09-2010 03:17 PM
Doubt regarding 389 Server Client ? your_shadow03 Linux - Newbie 1 01-05-2010 12:26 PM
Close Port 113 and 389 sillobo Linux - Security 6 05-15-2001 09:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 01:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration