[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1007
  • Last Modified:

Suse Linux Ldap client


I have built a system with suse pro 9.1 and slected Ldap as authentication.  The machine comes up an autheticates locally instead of through ldap.  

My ldap system shows up in nmap and has a Manager password ( the default one of secret ).

Why is this machine not even trying to authenticate with ldap ?

0
TIMFOX123
Asked:
TIMFOX123
  • 9
  • 7
1 Solution
 
wesly_chenCommented:
Hi,

  In /etc/nsswitch.conf, make sure the following 3 entries:
---
passwd:     files ldap
shadow:     files ldap
group:      files ldap
---

  And in /etc/sysconfig/authconfig, make sure the following 2 entries:
---
USELDAP=yes
USELDAPAUTH=yes
---

   And make sure your ldap.conf is configured right.

Wesly
0
 
TIMFOX123Author Commented:
I tried this and could not find the /etc/sysconfig/authconfig file

After rebuilding the system again and selecting ldap it still logs in locally.  It is hard to belive the distro is doing this right out of the box.
0
 
wesly_chenCommented:
> it still logs in locally
You mean you have local accont name the same as ldap account name?
Could you tell more details about what login locally mean?

Wesly
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
TIMFOX123Author Commented:
I have a "root" account locally and when the system boots it asks for User id and password.  I use my ldap "Manager / secret " and can not get in.  Also there is not any place to put in a dc-suse,dc=de.

If I use the old root password for local authentication I can get into the system but not into ldap.  

I never get prompted for any ldap stuff.   Also the configuration in the nsswitch is never done.  What is a killer is that I asked on the Suse support group that is supported by Suse and they do not answer.  You guys are the best ( better than the people that put out the software !  ).

I can view the Ldap with a client called GQ and another client from the University of Utah that is written in Java.   I just can not use it to log in.  

Also I have not figured out how to change passwords in the ldap client.  

I really am starting to think that Novell has desided to make this diffacult because they want to to authenticate using Novell!  I selected the ldap client when I built the box and it does not work and firther more it does not even seem to be trying to set this up for me.  I love suse but this is really getting old.  
0
 
TIMFOX123Author Commented:
I am downloading Mandrake as we speak to see if madrake does this out of the box !!!

0
 
wesly_chenCommented:
>  In /etc/nsswitch.conf, make sure the following 3 entries:
>passwd:     files ldap
>shadow:     files ldap
>group:      files ldap
So the system check the local /etc/passwd file first, if the account is in /etc/passwd, then the system will
use it. If the account is not in /etc/passwd, then the system will check the ldap next.

As for root account, you definitely want to use /etc/passwd instead of ldap, in case ldap broke and you still can
login as root.

Try other account in LDAP and not in /etc/passwd to see you can login.

Wesly
0
 
TIMFOX123Author Commented:

      
I do not have a /etc/sysconfig/authconfig file.  I installed all the ldap files.  Suse and Mandrake both have this problem.
0
 
wesly_chenCommented:
> I have a "root" account locally and when the system boots it asks for User id and
> password.  I use my ldap "Manager / secret " and can not get in
Did you try use other LDAP user account instead of "root" or "manager" since those
accounts are for LDAP server management?

For SuSE, you can use "yast2 ldap_client" to config the LDAP client.

Wesly
0
 
TIMFOX123Author Commented:
Actually in the tool I can create ou's but have not figured out how to add accounts.  I added my first information in the directory using the command line "ldapadd" and it only added the manager account.  

0
 
wesly_chenCommented:
>  but have not figured out how to add accounts
You need to have LDAP account setup in order to use LDAP account to login.
LDAP manager account is for administer LDAP configuration/setting, not for regular account login.

By the way, /etc/sysconfig/authconfig is for RedHat/Fedora, SuSE or Mandrake may not have this file.

Wesly
0
 
TIMFOX123Author Commented:
I am downloading fedora.  

Suse is a good linux but there is not enough help out there for it.   Perhaps I need to speak german ( not a joke ).

Is fedora 3 the open nightmare that redhat is known for ?

Microsoft has a saying "my other computer is your linux box " and they are pointing right twards redhat.   The choose to smear all linuxes
unfarely but that is just M$   FUD



0
 
TIMFOX123Author Commented:
I went into my ldap utility and I can create OUs and change names but I can not create users or anything else.  I have write access but for so little.   Does "Manager" have some strange set of rights in ldap ?

0
 
wesly_chenCommented:
> went into my ldap utility and I can create OUs and change names but I can not create users
What LDAP utility did you use?

> Does "Manager" have some strange set of rights in ldap
Manager is like LDAP administrator. As manager can do most of thing in LDAP.

Wesly
0
 
TIMFOX123Author Commented:
Comment from wesly_chen   feedback
Date: 12/01/2004 07:34PM PST
      Comment       
Hi,

  You might want to use LDAP Browser/Editor for Windows to add/remove user in LDAP server:
http://www-unix.mcs.anl.gov/~gawor/ldap/
0
 
wesly_chenCommented:
I use LDAP browser connected to my LDAP server, I expaneded "ou=People" and click on one user,
there is what that user attribute show up on the right hand side of LDAP browser:
--------
loginShell            /bin/bash
gidNumber            613
uidNumber            609
userPassword   [B@16d8196
uid            bb
objectClass       account
objectClass       posixAccount
objectClass       top
homeDirectory  /usr/local/bb
cn            bb
-------
So you need to click on "ou=People" (if you have one) and click Edit--> Add Entry--> Person
and fill up the table in the pop-up window.

Wesly
0
 
TIMFOX123Author Commented:
I tried this on every OU that I have and recived error messasge "failed to add new entry".  

The browser gave this error on every ou that was in the tree.

I sent you some information in the feedback link.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 9
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now