?
Solved

LDAP SSL not working on Fedora 14 (in particular with ssh)

Posted on 2011-03-11
5
Medium Priority
?
832 Views
Last Modified: 2012-08-13
I recently decided to install Fedora 14 to test it out for a bit and have run into a bit of a snag.  I cannot seem to get LDAP connecting properly.  I have configured /etc/openldap/ldap.conf, /etc/nss_ldap.conf, /etc/nsswitch and /etc/pam.d/system-auth as I have with other systems in the past that all work.  I can use getent to get passwd, netgroup, shadow, etc and all return what appear to be valid results.  I can su to different LDAP users who are not local but only from root as it does not require authentication.  It seems only things that require authentication are failing.  Also, when I do an authconfig --test i get a response that I can't seem to find any info about: Inconsistent attr: passwordAlgorithm.  Some relevent command output:

[root@host ~]# getent passwd ldapuser
ldapuser:x:12345:123:LDAP User:/home/ldapuser:/bin/bash

[root@host ~]# getent shadow ldapuser
ldapuser:*:::::::

The client can verify the user against the LDAP server but not authenticate for some reason.

Mar 11 17:13:36 host sshd[1930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=sshhost.domain  user=ldapuser
Mar 11 17:13:38 host sshd[1930]: Failed password for ldapuser from 10.48.140.95 port 53157 ssh2

I am using the same SSL cert as I have used on many other systems that does work (mostly with RHEL5 systems).  
0
Comment
Question by:nibowl
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 9

Expert Comment

by:meko72
ID: 35113986
Have a look at this post

http://forum.nginx.org/read.php?30,171166

Did You try checking the logs on the authentication server and fc14
0
 

Author Comment

by:nibowl
ID: 35128682
This explains why, but did not offer much in terms of a solution in getting it to connect, though I now have another direction to look.
0
 

Author Comment

by:nibowl
ID: 35131998
It looks like some of my issue was tied to the --passalgo=blah that was not assigned in my authconfig statement for the Inconsistent attr: passwordAlgorithm error.  Fixing that got rid of that issue.  Next was the fact that some of my directives I put in my ldap.conf file before are apparently now located in the pam_ldap.conf file.  Looks like they have split the original /etc/ldap.conf into the two files.  Once I am able to get back to working on the system I will verify and test this.
0
 

Accepted Solution

by:
nibowl earned 0 total points
ID: 35133070
Yep, the pam_ldap.conf file was the secret sauce.  I was able to get everything connecting just fine and it is doing well.
0
 

Author Closing Comment

by:nibowl
ID: 35171008
I was able to track it down over time and test it to be functional, none of which was referenced by any other posters.
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses
Course of the Month10 days, 8 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question