Solved

LDAP SSL not working on Fedora 14 (in particular with ssh)

Posted on 2011-03-11
5
830 Views
Last Modified: 2012-08-13
I recently decided to install Fedora 14 to test it out for a bit and have run into a bit of a snag.  I cannot seem to get LDAP connecting properly.  I have configured /etc/openldap/ldap.conf, /etc/nss_ldap.conf, /etc/nsswitch and /etc/pam.d/system-auth as I have with other systems in the past that all work.  I can use getent to get passwd, netgroup, shadow, etc and all return what appear to be valid results.  I can su to different LDAP users who are not local but only from root as it does not require authentication.  It seems only things that require authentication are failing.  Also, when I do an authconfig --test i get a response that I can't seem to find any info about: Inconsistent attr: passwordAlgorithm.  Some relevent command output:

[root@host ~]# getent passwd ldapuser
ldapuser:x:12345:123:LDAP User:/home/ldapuser:/bin/bash

[root@host ~]# getent shadow ldapuser
ldapuser:*:::::::

The client can verify the user against the LDAP server but not authenticate for some reason.

Mar 11 17:13:36 host sshd[1930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=sshhost.domain  user=ldapuser
Mar 11 17:13:38 host sshd[1930]: Failed password for ldapuser from 10.48.140.95 port 53157 ssh2

I am using the same SSL cert as I have used on many other systems that does work (mostly with RHEL5 systems).  
0
Comment
Question by:nibowl
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 9

Expert Comment

by:meko72
ID: 35113986
Have a look at this post

http://forum.nginx.org/read.php?30,171166

Did You try checking the logs on the authentication server and fc14
0
 

Author Comment

by:nibowl
ID: 35128682
This explains why, but did not offer much in terms of a solution in getting it to connect, though I now have another direction to look.
0
 

Author Comment

by:nibowl
ID: 35131998
It looks like some of my issue was tied to the --passalgo=blah that was not assigned in my authconfig statement for the Inconsistent attr: passwordAlgorithm error.  Fixing that got rid of that issue.  Next was the fact that some of my directives I put in my ldap.conf file before are apparently now located in the pam_ldap.conf file.  Looks like they have split the original /etc/ldap.conf into the two files.  Once I am able to get back to working on the system I will verify and test this.
0
 

Accepted Solution

by:
nibowl earned 0 total points
ID: 35133070
Yep, the pam_ldap.conf file was the secret sauce.  I was able to get everything connecting just fine and it is doing well.
0
 

Author Closing Comment

by:nibowl
ID: 35171008
I was able to track it down over time and test it to be functional, none of which was referenced by any other posters.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
client doesn't know where IPA server is... I guess some special DNS record needed? 2 105
Linux on a Dell PowerEdge 720 3 160
Redirect mail server from IP to IP 2 102
UNIX SCP 5 88
Secure Shell (SSH) is a network protocol for secure data communication, mainly used to administer remote Unix / Linux servers via command line. But it also allows the user to open a secure tunnel between a client and a server where he can send any k…
​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question