Solved

LDAP SSL not working on Fedora 14 (in particular with ssh)

Posted on 2011-03-11
5
829 Views
Last Modified: 2012-08-13
I recently decided to install Fedora 14 to test it out for a bit and have run into a bit of a snag.  I cannot seem to get LDAP connecting properly.  I have configured /etc/openldap/ldap.conf, /etc/nss_ldap.conf, /etc/nsswitch and /etc/pam.d/system-auth as I have with other systems in the past that all work.  I can use getent to get passwd, netgroup, shadow, etc and all return what appear to be valid results.  I can su to different LDAP users who are not local but only from root as it does not require authentication.  It seems only things that require authentication are failing.  Also, when I do an authconfig --test i get a response that I can't seem to find any info about: Inconsistent attr: passwordAlgorithm.  Some relevent command output:

[root@host ~]# getent passwd ldapuser
ldapuser:x:12345:123:LDAP User:/home/ldapuser:/bin/bash

[root@host ~]# getent shadow ldapuser
ldapuser:*:::::::

The client can verify the user against the LDAP server but not authenticate for some reason.

Mar 11 17:13:36 host sshd[1930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=sshhost.domain  user=ldapuser
Mar 11 17:13:38 host sshd[1930]: Failed password for ldapuser from 10.48.140.95 port 53157 ssh2

I am using the same SSL cert as I have used on many other systems that does work (mostly with RHEL5 systems).  
0
Comment
Question by:nibowl
  • 4
5 Comments
 
LVL 9

Expert Comment

by:meko72
ID: 35113986
Have a look at this post

http://forum.nginx.org/read.php?30,171166

Did You try checking the logs on the authentication server and fc14
0
 

Author Comment

by:nibowl
ID: 35128682
This explains why, but did not offer much in terms of a solution in getting it to connect, though I now have another direction to look.
0
 

Author Comment

by:nibowl
ID: 35131998
It looks like some of my issue was tied to the --passalgo=blah that was not assigned in my authconfig statement for the Inconsistent attr: passwordAlgorithm error.  Fixing that got rid of that issue.  Next was the fact that some of my directives I put in my ldap.conf file before are apparently now located in the pam_ldap.conf file.  Looks like they have split the original /etc/ldap.conf into the two files.  Once I am able to get back to working on the system I will verify and test this.
0
 

Accepted Solution

by:
nibowl earned 0 total points
ID: 35133070
Yep, the pam_ldap.conf file was the secret sauce.  I was able to get everything connecting just fine and it is doing well.
0
 

Author Closing Comment

by:nibowl
ID: 35171008
I was able to track it down over time and test it to be functional, none of which was referenced by any other posters.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question