LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices


Reply
  Search this Thread
Old 02-23-2016, 09:44 AM   #1
Learning_Quinn
LQ Newbie
 
Registered: Feb 2016
Location: Greater DC
Posts: 3

Rep: Reputation: Disabled
openLDAP authentication in RH 6.5 without sssd


Problem: Inherited an environment and trying to back engineer how they setup the servers. I have a working system that authenticates via LDAP but does not have sssd installed. Brand new server following online documentation does not work. Copying files from working server to new server also does not work. What am I missing?

Hello kids,

I have a problem. I have a Red Hat 6.5 environment that isn't that big but it's growing. I'm part of essentially a brand new team taking care of these servers. We're adding new systems but I've run into problems with the authentication process. I'll put the whole process that we want to see at the end of this but for right now I'm focused on the LDAP piece. We are authenticating against an existing openLDAP server and the current machines are working. The server build documentation (where it exists) is spotty or badly written. It consists of someone's dump of a history file doing several things at once. Not to mention the entries of 'vi $file' but never tells you what to change. So at first I followed various RH articles and other postings on how to get the system to authenticate against openLDAP. Nothing is working. I have also pulled the config files from an existing server and still no love. One thing I notice is when setting up LDAP via authconfig-tui it places sssd in the files. The working server does not have sssd installed. Running ldapsearch -d 5 -L "(objectlass=*)" connects but a getent passwd shows only local users and no one in LDAP. I know I'm missing some small thing and I'm documenting all of this for a new server image but I'm running in circles. It might be a certificate issue but I'm not sure. I think this is strictly a client issue as everyone else is working. Any help would be greatly appreciated.

Peace

========================================
Files I have edited (I can post scrubbed files on request)
etc/openldap/ldap.conf
etc/pam.d/sshd
etc/ssh/sshd_conf
etc/nsswitch.conf
*probably more. My head is spinning.

I am pointing my TLS_CACERTDIR to an empty directory but again, it's working on the other machine.
========================================
The way the process is supposed to work!

In case it helps, this is the big picture. We have openLDAP and an RSA server. No local accounts for anyone on the servers. The process is a user uses ssh to connect to the server (no GUI running). It should prompt you for your RSA pin. It then checks you against RSA and then against LDAP. If you succeed in both checks, you are allowed in (note, you are not asked for your LDAP password). Once you are in, only members of a certain group are allowed to elevate themselves to root. At that point, you are asked for your LDAP password.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSSD and SSHD authentication failure gatsby Linux - Newbie 0 01-20-2016 04:45 AM
Authentication with AD Using SSSD pies Linux - Server 1 12-15-2015 09:41 AM
Help setting up SSSD on RedHat 7 server for use with OpenLDAP & vsftpd dlemp Linux - Security 11 10-21-2015 05:57 AM
Kerberos/OpenLDAP/ActiveDirectory/sssd configuration problems EmrldDrgn Linux - General 1 12-11-2012 03:09 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat

All times are GMT -5. The time now is 01:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration