[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Linux OpenLDAP server for LAN authentication

Posted on 2004-11-04
3
Medium Priority
?
441 Views
Last Modified: 2013-12-15
I have a server running openLDAP using bdb. I have the server running fine everything works fine like authenticating users that are in the openldap database...the problem is this only works when I am on the server locally. I have some other machines set up with the same ldap client configuration files and when they login (i.e- with gdm) it will list ALL of the users in the openldap server but  they cant login, only the users that are in the local /etc/passwd file are able to login. I dont get how it can get a list of users from the ldap server but not be able to authenticate them, so its communicating but for some reason the passwd doesnt work? Like I said it works fine on the server though I can login with these users. Here is my relevant client files.... THANKS
----------------------------------------------

"system-auth" file
#%PAM-1.0
                                                                               
auth        required      pam_env.so
auth        sufficient    pam_unix.so likeauth nullok
auth        required      pam_deny.so
                                                                               
account     required      pam_unix.so
                                                                               
password    required      pam_cracklib.so retry=3 minlen=2  dcredit=0  ucredit=0                                                                                
password    sufficient    pam_unix.so nullok use_authtok md5 shadow
password    required      pam_deny.so
                                                                               
session     required      pam_mkhomedir.so skel=/etc/skel/ umask=0022
session     required      pam_limits.so
session     required      pam_unix.so
session     optional      pam_ldap.so


----------------------------------------------
 "ldap.conf"                                                                          
# of course this is my ldap server ip
host 192.168.7.213  
                                                                               
# The distinguished name of the search base.
base dc=lab,dc=com
rootbinddn cn=manager,dc=lab,dc=com
# Filter to AND with uid=%s
pam_filter objectclass=posixaccount
                                                                               
# The user ID attribute (defaults to uid)
pam_login_attribute uid
pam_member_attribute gid
pam_password crypt
                                                                               
# RFC2307bis naming contexts
# Syntax:
# nss_base_XXX          base?scope?filter
# where scope is {base,one,sub}
# and filter is a filter to be &'d with the
# default filter.
# You can omit the suffix eg:
# nss_base_passwd       ou=People,
# to append the default base DN but this
# may incur a small performance impact.
nss_base_passwd ou=People,dc=lab,dc=com?one
nss_base_shadow ou=People,dc=lab,dc=com?one
nss_base_group          ou=Group,dc=lab,dc=com?one
ssl off

----------------------------------------------
and then nsswitch .conf


passwd:     files ldap
shadow:     files ldap
group:      files ldap
hosts:     files ldap dns

0
Comment
Question by:abatardi
  • 2
3 Comments
 
LVL 38

Accepted Solution

by:
wesly_chen earned 500 total points
ID: 12500016
Hi,

   Is the clinet machine RedHat box?

   Check "/etc/sysconfig/authconfig"
for 2 entries:
USELDAP=yes
USELDAPAUTH=yes

   Or use
# authconfig
to config it.

Wesly
0
 
LVL 1

Author Comment

by:abatardi
ID: 12500279
They are Mandrake 10 boxes....not sure of any config utils to do that, i just edit manually.

0
 
LVL 1

Author Comment

by:abatardi
ID: 12559237
Well I am still having the same problem after rechecking stuff 100x. The only thing I find weird is on the workstations if I login as anyone else but the admin I can issue a "getent passwd" and it has all the right values, but if I log  in under root "getent passwd" only returns local accounts. BUT on the server all users have the local accounts and the openldap ones. There is no OpenLDAP guru's out there??

Thanks ahead of time!
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Suggested Courses
Course of the Month19 days, 14 hours left to enroll

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question