CentOS 5 Networking :: OpenLDAP + TLS Works But Is Very Slow?
Aug 1, 2009
I've just installed my first OpenLdap + TLS + Samba + Webmin box.Everything seems to work but when i try to open the Ldap User and group module from Webmin, it takes about 3 minutes but it works.When i use $ getent passwd or$ getent group.to see if everything works okay, it also takes ages but does not show my ldap users...Here's my spec
$ cat /proc/version
Quote:Linux version 2.6.18-128.2.1.el5 (mockbuild@builder10.centos.org) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-44)) #1 SMP Tue Jul 14 06:36:37 EDT 2009
I have setuped OpenLDAP+Samba PDC. When I create user and group -> Errors. smbldap-group -a admin No such object at /usr/sbin/smbldap_tools.pm line 457 smbldap-useradd -am -g admin admin Could not find base dn, to get next uidNumber at /usr/sbin/smbldap_tools.pm line 1192
I'm running Fedora 12 on an Acer Aspire One with KDE. The built-in wireless works without a problem EVERYWHERE except at work. It's a shared wireless connection using WPA/WPA2 security.I can connect but it's "hit-and-miss" if I can do anything with it. Somedays it works well for a few minutes then has a period of inactivity - then slow - randomly receives...It worked flawlessly when the computer was running Windows7 no one else has connectivity issues but I'm the only one using Linux.
I have an MSI K9A2 Platinum mobo, which has a 10/100/1000 Fast Ethernet Realtek 8111B built-in, a D-Link DIR-655 Router and a DSL modem. Compared to Windows Visya and other Linux distros ( Fedora 11, Suse 11.1, Mandriva 2009.1 ) access to the internet is much slower. It seems there is a noticeable delay when running CentOS 5.3. before internet access kicks in each time I am surfing the web or updating my system.
Is there any way I can speed things up, or determine why CentOS 5.3 seems much slower ?
(Second Try) I installed CentOS 5.5 from CDs 32 bit, everything works fine. I then re-install, but this time 64 bit, everything else is the same, I use all of the same options. This time though it sees the network card, and allows me to configure it and activate it. It will not connect outside of it's self, IE it can ping it's self, but nothing else. Go back to 32 bit, and zero problems, try 64 again, no network. Each time I do full installs with partition formatting etc. In case it makes hill-o-beans difference, Intel P4, 2.66 Ghz. 2.0 GB RAM MSi Motherboard.
I have a Proliant DL 120 G5 with CentOS 5.4 and I have installed a Brodcom Corporation Netxtrem BCM 5722 Gigabit Ethernet PCI. So I have two interfaces: eth0 broadcom eth1 Intel The eth1 works, instead eth0 don't work. I can ping itself and 127.0.0.1 but I can't ping the gateway. The results of netstat -nr is:
I've been using Linux for about 2 years now, mostly Ubuntu & derivatives, but I've also tried Fedora, Mandriva, and others. I wanted to give CentOS a try because I'm very interested in going for a Linux+ or similar certification, and so I'm looking to start learning how to configure & maintain Linux servers and so on. I have a friend who's a Linux sysadmin, and he recommended CentOS as a good learning tool.
Anyway, I've only got a wireless connection in my office at home (the actual cable modem is downstairs) so I intentionally chose a wireless adapter that would work with Linux -- it has a Realtek RLT8187 chip, for which there is support built into the kernel, or so I've read. It has worked out of the box in just about every distro I've tried, and indeed it worked OOTB when I tried out the CentOS 5.5 live CD.
However, when I actually installed the CentOS to my hard drive it no longer worked -- I have only a greyed out option for a wired connection (presumably since my motherboard has an ethernet adapter, but there is no connection). Why the wireless would work in the live session but not after install? Is there a firmware file or something I need to track down? I did look on this page, but it doesn't mention anything about RTL8187.
CentOS 5.2. Openldap server-2.3.27-8.el5_2.4 I'm trying to get the server to do two things. One is allow authentication--that is, if a client is configured to use openldap for authentication, it should be able to access this server.
In other words, on machine_2, a client, doing getent passwd (as a quick test) will show the users in the openldap database. The more or less out of the box configuration works for this. However, as soon as I start trying to add ACLs, it stops working. For example, I want to restrict access to an address book which is also in the database. So I have
access to base.dn(changing base to subtree makes no difference) "ou=addressbook,dc=example, dc=com" by users read by anonymous auth Now, even though this is just the address book, after that, an ldap client can no longer get the names of users in ou=People, and using the ldap server for authentication doesn't work.
I don't understand what I'm missing. ACLs are supposed to work first match wins. *IF* I add under that, access to * by * read, it will work, but the address book can then be accessed without a bind dn.
I am not sure what I'm overlooking. If I put in any sort of access control, the only way that clients can continue to use the server for authentication is adding that access to * (or to dc=example,dc=com"), by * read. I tried using access to ou=Group and ou=Peoplle by * read, thinking that would allow the clients to authenticate, but that doesn't work either, The idea is to allow any machine configured as a client to use it for authentication, but also to restrict viewing the address book only to those with a proper bind dn name.
I can't get the client server to authenticate to the openldap server. I can authenticate on the server itself though. I can su to, login and shh into the openldap server and become a ldap user. I just can't become an ldap user on the client.I didn't setup TLS/SSL. I can do that after I have it working. I'm using hashed passwords though. I don't have replication setup. I'm am tying to setup the most basic openldap environment then build from there. I have read the openldap section in the admin guide.
My setup at home.
Openldap server � light.deathnote.net -- 10.0.1.21 client server � vm-centos01.deathnote.net � 10.0.1.7 -- VM on virtualbox Virtualbox host � L (OS MAC) � 10.0.1.2 router (apple airport extreme) / default gatway � 10.0.1.1
All computer can reach the internet and ping each other. When I installed centos I disabled SELinux.I used these guids to setup my openldap.
[URL]
Below I have included some output from the files I'm using with openldap.
[root@vm-centos01 ~]# tail /var/log/messages Jul 2 09:25:33 vm-centos01 xfs: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)... Jul 2 09:25:49 vm-centos01 xfs: nss_ldap: failed to bind to LDAP server ldap://light.deathnote.net: Can't contact LDAP server Jul 2 09:25:49 vm-centos01 xfs: nss_ldap: failed to bind to LDAP server ldap://10.0.1.21/: Can't contact LDAP server
I run a CentOS 5.1 using VMServer on XP. From home I can successfully 'cvs login' to my CVS server. But starting 'cvs update', the connection times out.
Netstat shows the connection as established: # netstat -an | grep 2401 tcp 0 0 192.168.1.35:58651 85.25.xx.xx:2401 ESTABLISHED CVS server is domain managed with dnsalias service (dyndns.org)
Using the same computer at work (other ISP) I have no problems - cvs update works just fine. Can I assume that it is not a port/firewall issue, since "cvs login" is successful? Any clues where to start diggin'?
I am having a problem with slow data transfers with both Samba and scp. I have gigabit NIC's on both all three machines that I am transferring to and from, connected to a gigabit switch. My data transfers under both smb and scp average around 21 MBit/s, (I am using nload to monitor transfer speeds).The machines are configured as follows,1) desktop
AMD Athlon 64 X2 6000+ 6 gig Corsair memory Realtek RTL8168C(P) gigabit NIC (on board)
I would like to remove openldap from my Centos home-server..
Centos offers me:
Quote:
Removing: openldap i386 2.3.43-12.el5_5.2 installed 592 k openldap x86_64 2.3.43-12.el5_5.2 installed 598 k
[Code]...
..obviously I'll not remove openldap by this operation.. but my question is: there is another way to remove a single package with yum without "consequences"?
Friends is there some way to authenticate Microsoft windows users from openldap running on CentOS. I will be very thankful if you provide me step by step procedure.
I can use smbclient -U name //ip.adresss/"My Place" to connect with no errors, but nautilus will not open the folder. nautilus discovers the computer but not the folder. maybe I need some debugging info from nautilus...
When running Firefox, page loading is very slow (e.g. taking nearly a minute for a ..... video to start; even gmail is slow). This is in contrast with my performance when using, e.g. linuxdcpp (file sharing), where I get speeds over 300kbps. Here is some relevant information:
I ran into this today accidentally turned on networkmanager and it took it upon itself to rewrite some things and proceeded to make any DNS lookups on my server Especially those reverse DNS for SSH and SFTP take so long they would just time out instead of completing.. Disabling networkmanager did not undo the damage either. Short fix, Erase your resolv.conf file and add 2 lines to it as so, your nameservers!
nameserver xxx.xxx.xxx.xxx nameserver yyy.yyy.yyy.yyy save, and run the following commands service network restart service httpd restart service sshd restart
Mine had a search line added by networkmanager and some others, when i reverted it back to as above, almost instantly after restarting the services the systems lookups were once again, lightning fast. DNS lookups were taking upwards of 20 seconds for unknown reasons after this happenned
Code: $ su -c 'yum install wine' this forum won't let me put all the text in Transaction Check Error: package openldap-2.4.21-6.fc13.x86_64 (which is newer than openldap-2.4.21-4.fc13.i686) is already installed package nss-softokn-freebl-3.12.4-19.fc13.x86_64 (which is newer than nss-softokn-freebl-3.12.4-17.fc13.i686) is already installed
New CentOS 5.4 system working fine. Sys admins came in and copied the hosts file from one of the servers down to my desktop and ever sincethen machine has been slow (progs take 10-20seconds to load). RunningGnome. Luckily I saved the old hosts file and copied it back and all is now well. But I'd like to understand why, particularly as I will need to change myhostname in the future.
As configured: /etc/hosts (yes my hostname is "dummyName" that I will need to change later) 127.0.0.1 dummyName localhost.localdomain localhost
I'm stepping out with LDAP for the first time. It's up and running. My Question is really closer to DB4, the Berkely database. When I start the ldap service I get this output:
# service ldap restart Stopping slapd: [ OK ] Checking configuration files for slapd: bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ldap: (2) Expect poor performance for suffix dc=example,dc=com. config file testing succeeded
I am systems administator of the university CS lab. I have a Mac here and I'm trying to extend the directory to our OpenLDAP server. We use NFS as well. I know nothing of Macs in this respect except for the fact that they already have LDAP on them, which seems to be convenient.
Is it possible to monitor WiFi connections and identify who are connected through OpenLDAP? If so, how will authentication be possible? By the way, I'm open if OpenLDAP is inappropriate for such authentication purposes and scenario.
If I ssh from my laptop (running F10) to the server (centos 5.2) it asks for the password, but everytime I enter the correct password it says incorrect password. when I do the same from the server to my laptop I can get in just fine. I think my passwords are stored as ssha in the LDAP (I tried clear passwords and that dosen't work either).
Currently I have a single openldap server version 2.3.32 preforming authentication on our databases as well as e-mail and other assorted programs. When we get a high volume of users, sometimes the users can not be authenticated for new e-mail sessions and what not. We have traced it back to being that our current single ldap server can not authenticate them all in a timely manner. We decided that we would put up a new ldap server and replicate the changes to it, then upgrade the older server version and replicate back to it so that both would have a current up to date copy of our configuration, and we would do a master/slave type setup.
Trying to replicate between the old server and the new server is not currently working. Here is the issue: when we try to import the schema's from the older server we get this error: slapadd: dn="cn=Domain Users,ou=Groups,dc=mydomain,dc=com" (line=247): (65) no structural object class provided I can not seem to find any information on google that shows this exact error? if this isn't detailed enough let me know what else I should post.
followed the wiki page which tells you how to configure vnc, i got this working under root, then created a sybase account and also got this working as well, but anytime i shutdown the server for the day and attempt to use VNC the next day, it doesnt work. I get the error unable to connect to host: connection refused (10061)
Anyone know why my fresh installation of centOS server is so slow? Seems like it takes over a minute to execute a command, im not doing anything complicated either. Secondly, how come at times when I type reboot the machine starts to beep, one long loud annoying beep.
My wireless seems to be fast for a good 30secs then bang takes good while to load the next page almost as if it's disconnecting and then reconnecting/scanning reconnecting. Why cant it stay connected. I have WAP PSK security here is my network setting please let me know if I should change any of them:(side not is there a way to fix this problem occuring so frequently it says on the wiki that it should only occur once in a whilce https:[url].....
