Solved

LDAP SSL not working on Fedora 14 (in particular with ssh)

Posted on 2011-03-11
5
824 Views
Last Modified: 2012-08-13
I recently decided to install Fedora 14 to test it out for a bit and have run into a bit of a snag.  I cannot seem to get LDAP connecting properly.  I have configured /etc/openldap/ldap.conf, /etc/nss_ldap.conf, /etc/nsswitch and /etc/pam.d/system-auth as I have with other systems in the past that all work.  I can use getent to get passwd, netgroup, shadow, etc and all return what appear to be valid results.  I can su to different LDAP users who are not local but only from root as it does not require authentication.  It seems only things that require authentication are failing.  Also, when I do an authconfig --test i get a response that I can't seem to find any info about: Inconsistent attr: passwordAlgorithm.  Some relevent command output:

[root@host ~]# getent passwd ldapuser
ldapuser:x:12345:123:LDAP User:/home/ldapuser:/bin/bash

[root@host ~]# getent shadow ldapuser
ldapuser:*:::::::

The client can verify the user against the LDAP server but not authenticate for some reason.

Mar 11 17:13:36 host sshd[1930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=sshhost.domain  user=ldapuser
Mar 11 17:13:38 host sshd[1930]: Failed password for ldapuser from 10.48.140.95 port 53157 ssh2

I am using the same SSL cert as I have used on many other systems that does work (mostly with RHEL5 systems).  
0
Comment
Question by:nibowl
  • 4
5 Comments
 
LVL 9

Expert Comment

by:meko72
ID: 35113986
Have a look at this post

http://forum.nginx.org/read.php?30,171166

Did You try checking the logs on the authentication server and fc14
0
 

Author Comment

by:nibowl
ID: 35128682
This explains why, but did not offer much in terms of a solution in getting it to connect, though I now have another direction to look.
0
 

Author Comment

by:nibowl
ID: 35131998
It looks like some of my issue was tied to the --passalgo=blah that was not assigned in my authconfig statement for the Inconsistent attr: passwordAlgorithm error.  Fixing that got rid of that issue.  Next was the fact that some of my directives I put in my ldap.conf file before are apparently now located in the pam_ldap.conf file.  Looks like they have split the original /etc/ldap.conf into the two files.  Once I am able to get back to working on the system I will verify and test this.
0
 

Accepted Solution

by:
nibowl earned 0 total points
ID: 35133070
Yep, the pam_ldap.conf file was the secret sauce.  I was able to get everything connecting just fine and it is doing well.
0
 

Author Closing Comment

by:nibowl
ID: 35171008
I was able to track it down over time and test it to be functional, none of which was referenced by any other posters.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now