Debian Configuration :: Chroot + Ldap - Cannot Change Into The Dchroot - Get Error "E: Group '1,031' Not Found"
Jan 19, 2010
I have a set of two amd64 machines with Debian Lenny. Machine 2 reads all the users' information from the Machine 1 through LDAP. Also, in Machine 2 I set up a dchroot environment for 32 bits compatibility ( following [URL]
In addition to the above instructions, on this Machine 2, I set up /etc/libnss*, /etc/ldap/*, and /etc/nsswitch.conf both for the amd64 and for the i386 environments. I have no problems if I'm in the native amd64 mode. However, once I enter the i386 dchroot, some strange things happen:
1) For users from uid=1000 to uid=1031, I get an error if running 'whoami' (Cannot find name for user ID XXXX) and if I run 'id' , I get all the correct group numbers but no translation to group names in parenthesis as it should be. 'ls -l' also only lists group numbers but no names.
2) for user 1032 I cannot even change into the dchroot, I get the error "E: Group '1,031' not found"
View 2 Replies
ADVERTISEMENT
May 31, 2010
I'm trying to set up a Linux server and I am new to this. I have gone through most of the configuration using SAMBA 3.0 and when I populate the ldap directory all I get this error before the password request:
Then when I perform an ldapsearch to see if the directory is populated I get this message:
I'm positive all my .conf files are done right.
View 3 Replies
View Related
Apr 12, 2011
I have openldap server and i am authenticating with Redhat Directory Services(RHDS).I have confgured the RHDS for the user login giving /bin/bash as the login shell and joined the client machine using system-config-authentication.The user is able to login in connand line but below it gives the error :
"cannot find name for group id <id number>"
View 1 Replies
View Related
Aug 9, 2010
why i can't login on the ldap-client via ldap, so here is a short description of my machines (i use openvz virtualising)I have on the HN (Debian Lenny) 2 VE's, which are in the same subnet (192.168.1.0/24)The first VE (Hostname: ldap1, IP: 192.168.1.91) is the ldap-server, which is so configured, that i can manage the server via phpldapadmin.The second VE (Hostname: ftp1, IP: 192.168.1.31) is the ldap-client, there should run a sftp-server in the future and the sftp-server(ssh-server) should use ldap-usernames to login. on the ftp1, i get with this command getent passwd the users configured on the ldap-server, but with the command id USERNAME the result is, that the user doesn't exist. (USERNAME is this name, i get returned by getent) and if i try to login via ssh, i get permission denied. and because the machines are openvz-virtual-machines, so i can't login on them like on a normal system, but a su USERNAME doesn't work too, because the user is not known on the system.
my installation:
i don't think, that the ldap-server is the problem, because the phpldapadmin and getent on ftp1 are working perfectly, but if you want, i can post the config here too. the VE ftp1 was configured with the following how-to: [URL] and pam is configured like in the chapter "PAM setup with pam_ldap" on [URL]
View 3 Replies
View Related
May 25, 2011
I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
Code:
AuthType Basic
AuthBasicProvider ldap anon
Order allow,deny
Allow from all
This part by itself works for the LDAP authentication:
Code:
AuthName "System Admins"
AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com
This part works by itself for guest access:
Code:
Anonymous guest
Anonymous_VerifyEmail Off
Anonymous_MustGiveEmail Off
Anonymous_LogEmail on
Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?
View 1 Replies
View Related
May 23, 2010
I installed ndiswrapper and tried adding a driver. Error: module ndiswrapper not found.So I recompiled my kernel, upgrading to 2.6.33.4 (no, I can't see the logical connection either) After a week, I got the new kernel working ( in the interim I reinstalled debian- it didn't survive my first kernel attempt. don't ask), and reinstalled ndiswrapper. Same problem. So I had a stoke of genius: download the source package!! So I did. Lo and behold, a new directory appeared in /usr/src/ : modules. I took a moment to admire my work, then I jumped in.I 'ls'ed to see what was going on, and found a Makefile. so I typed 'make'. First error: kernel source not found. So I entered the Makefile, found the(clearly marked)variable,and changed it to /usr/src/linux-2.6.33.4 , exited, and redid 'make' Second error: no wireless support in kernel. So I went to src/linux-2.6.33.4 and did a make menuconfig- loaded my current, threw in wireless, and exited.
[Code]...
View 1 Replies
View Related
Jun 29, 2011
I want to change File NOT FOUND ERROR MESSAGE to my own message buw how come I do this by terminal ?
View 3 Replies
View Related
Aug 26, 2015
I've been bashing around this for a couple of days, and could not find answer by using google. My debian 8.1.0 jessie runs perfectly fine. To perform SSH chroot jail, I issued an apt-get install makejail.
The ssh chroot environment runs great. I used makejail configuration scripts. The man pages are perfectly available from TTY login. Yet from a SSH session (chroot jailed) the man pages could not be found.
My MANPATH environment variable points at /usr/share/man
Running "mandb -c" from a SSH session as root tells:
0 man subdirectories contained newer manual pages.
0 manual pages were added.
0 stray cats were added.
0 old database entries were purged.
simply copying the contents of the /usr/share/man to /jail/usr/share/man
and running the "mandb -c" command gives lots of "dangling symlink" errors.
Perhaps the /jail directory need some dependent files, or change file permissions somewhere but I just couldn' t figure that out.
View 0 Replies
View Related
Oct 12, 2014
ERROR: No configuration file found
No Default or UI configuration directive found!
boot:_
This appears when I try to boot Debian 7.6.0 from my USB drive
View 1 Replies
View Related
Apr 18, 2011
I am trying to create a jailed shell for a user Don($UID '500') using my own method(I don't want to use any ready-made "jailkit"). The user don should get a home directory /jail/don instead of /home/don when he login via SSH (So that he will not able to see any other files/directories on the system)
This is what I have done.
Quote:
Code:
It works without any issue ....Home directory changes to /jail/don when I ssh to the system as user don. ie: #ssh don@192.168.0.66
Then I added a chroot command to this code.
Code:
Unfortunately , now I am getting an error message saying that "chroot: cannot change root directory to /jail: Operation not permitted" .. I am not sure how to rectify this error... Is my approach correct to get a jailed shell using /etc/profile file ?
View 8 Replies
View Related
Jul 20, 2010
I have a new installation. I try to boot and instead of my grub menu, I get "error: file not found" and am dropped into the rescue prompt. I have just a standard "Desktop" installation. I installed from the 5.05 net install cd. I installed grub to the MBR.
partitions are:
hd0,2 is /
hd0,5 is swap
entering the "set" command results in:
prefix=(hd0,2)/boot/grub
root=hd0,2
[Code]...
View 1 Replies
View Related
Apr 18, 2016
I have amd64 Debian Jessie and i386 Debian Jessie installed on my laptop. I wanted to start x86 app that is installed on my x86 OS from my amd64 OS using chroot.
My mounts inside chroot:
Code: Select all/dev/sda7 on / type ext4 (rw,relatime,data=ordered)
/dev/sda5 on /tmp type ext4 (rw,relatime,errors=remount-ro,data=ordered)
/dev/sda5 on /etc/resolv.conf type ext4 (rw,relatime,errors=remount-ro,data=ordered)
tmpfs on /dev/shm type tmpfs (rw,relatime)
proc on /proc type proc (rw,relatime)
devpts on /dev/pts type devpts (rw,relatime,mode=600,ptmxmode=000)
none on /sys/fs/cgroup type tmpfs (rw,relatime,size=4k,mode=755)
systemd on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)
/dev/sda5 on /var/lib/dbus/machine-id type ext4 (rw,relatime,errors=remount-ro,data=ordered)
sda5 is host OS and sda7 is guest OS
when I start any x86 app I can see "failed to create secure directory (/run/user/1000/pulse) permission denied" how to make pulseaudio to work inside chroot?
also what this command exackly does?
"pactl load-module module-simple-protocol-tcp rate=48000 format=s16le channels=2 source=auto_null.monitor record=true port=8000 listen=127.0.0.1"
View 2 Replies
View Related
Mar 23, 2011
I have 64bit debian 6 squeeze installed on my 64bit pc. I have an NVIDIA gpu which I have installed the drivers for and they work just fine. I also have a 32 bit chroot located at /32 which was created using debootstrap. The NVIDIA 64bit driver gives the option to install compatability driver libraries into the 32bit chroot. Whenever I run any application that uses opengl rendering within the chroot, they segfault. When I uninstalled and reinstalled the NVIDIA driver without installing the libraries to the chroot, and instead replaced them with mesa gl libraries, the programs complain about framebuffer missing. They do not segfault, and some programs that can use sdl instead will work fine. I have xhost + set to allow any programs in the chroot to use the host's xorg. I have the host's proc mounted to the chroot proc directory, and i also have dev mount --bind 'ed to the chroot.
View 11 Replies
View Related
Aug 7, 2015
This is a problem about linux-kernel-3.16-0-4-amd64 and LVM, I guess. I decided to write this here in case other users who installed their debian system with encryption enabled experience this problem with a recent kernel upgrade.
I use debian jessie. Today I gave the command:
Code: Select allapt-get upgrade
There was a linux-kernel upgrade to 3.16-0-4-amd64 among other packages to be upgraded.
After this upgrade my computer cannot boot anymore.
I get following error:
Code: Select allVolume group "ert-debian-vg" not found.
Skipping volume group "ert-debian-vg"
Unable to find LVM "volume ert-debian-vg/root"
Volume group "ert-debian-vg" not found
Skipping volume group "ert-debian-vg"
Unable to find LVM "volume ert-debian-vg/swap_1"
Please unlock disk sd3_crypt:
And it does not accept my password.
I used rescue environment on debian jessie netinst iso and decrypted the partition and took a backup of my /home. Now I have not much to lose if I reinstall my system but I still want to fix this problem if possible.
I have reinstalled the kernel using debian jessie netinst rescue iso but nothing changed.
I have Timeshift snapshots located at /home/Timeshift but timeshift --rescue command cannot find a backup device, it sees the device as crypted. If I could restore a snapshot it would be very easy to go back in time and get rid of this problem. It would not be a real solution, however.
There is not any old kernel option in GRUB menu. So removing the latest one does not seem as an option.
View 4 Replies
View Related
Mar 15, 2011
I recently set up a LDAP server, and have a server using it to authenticate users.
That works completely, but when a user tries to use passwd to change his password this happens.
Code:
And this is in /var/log/auth.log
Code:
View 1 Replies
View Related
Mar 19, 2011
I try to create squeeze live usb-hdd and try to add additional group using this script in config/chroot_local-hooks:#!/bin/sh
# Give VIEW_USB access to the USB devices to allow USB redirection
VIEW_USB="/usr/lib/vmware/vmware-view-usb"
if [ -x "$VIEW_USB" ]; then
if [ -e /proc/bus/usb ]; then
groupadd usb 2>/dev/null || : # Do not error if group already exists
[code].....
View 1 Replies
View Related
Mar 31, 2010
When I run an exe-File, I become the message: -bash: ./a.out: Keine Berechtigung (No rights)
I have all Rights on the Folder and on the file. I suppose that the problem is that my group "Benutzer" has no rights to execute files. Where can I change the rights of my group?
View 8 Replies
View Related
Feb 6, 2011
How to make a directory or files created in a directory by anyone be assigned a specific group name?
View 6 Replies
View Related
Oct 19, 2009
i want secondary users can able to change the files permissions of primary group?user MAC is having www as a primary and httpd as secondary group. But he want to change the file permissions (chmod) httpd group files. Is it possible or not? I think its not possible. If it`s possible then let me know how?
View 3 Replies
View Related
Apr 3, 2011
I want to limit the amount of connections a user can make outside of the box per user group, should I be doing this via iptables or what? aka:
group1 can only have 2 simultaneous outbound connections
group2 can only have 8
View 1 Replies
View Related
Nov 30, 2010
my error is : the groop was not found..i am trying to install openoffice , but its doing it in any software..
View 9 Replies
View Related
Jun 10, 2010
LDAP authentication problem on debian squeeze? To my knowledge, I have everything setup properly to do ldap authentication + local authentication on a host. I can login as a local user. I can login as an LDAP user.
When I log in as an LDAP user, my primary group is set properly. It is an LDAP group. I can change the group ownership of files to LDAP groups using chgrp. So far so good. This all works as expected. The commands getent passwd and getent group work wondefully, and generate the expected results. I can newgrp to any *local* group, but if I try to newgrp to an ldap group, I get the following error:
setgid: Operation not permitted. I've tried googling and asked on #debian on irc.debian.org. No luck.
View 2 Replies
View Related
Feb 27, 2010
I've been trying to set up a Linux-only network and currently have a working DHCP, DNS, LDAP and NFS server, with a client that can authenticate with the LDAP server and a central /home folder.However, if I wanted to share folders on the NFS server, how would I make the share available to, for example, a particular group of users in the directory?I've never used NIS(+) on a network, but believe you can add a 'group' of users in the /etc/exports file--simples!Does anyone know of the best way to do it (even better anyone who is doing this in a production environment)?
View 5 Replies
View Related
Mar 24, 2010
I've installed Directory Server (LDAP). The setup has been done according to the tutorials online. Able to access the interface as well. So far so good. The issue I have is with permissions. I can assign file permissions to a user created in the Directory Server ( user not created on the local server). But the same can't be done for a group - alteast the way I currently see it. How could i assign file system rights to a group created in the directory server.
View 5 Replies
View Related
Apr 26, 2010
I've several servers (windows+linux) that authenticate to an LDAP server. There is one machine that I would like to allow only certain groups from LDAP server to have access and I am not sure where to start.
If that cannot be done, is it possible to disable LDAP root user to access these machines?
View 4 Replies
View Related
Mar 13, 2010
i have configured ldapserver on rhel4 for creating address book
following are configuration files on ldap server
/etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
i am able to import this ldif file into database.also when i perform the ldapsearch on this server with command"ldapsearch �x �W �D �cn=manager, dc=example, dc =com� �b �dc=example, dc=com�" i get correct output.
but when i am trying to search from another client machine, i am getting "error ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)"
also when i configured address book on mozilla on server., it is working fine.but not working on another machine.is any configuration is missing on client machine.both ldap server and client are configured on rhel4es without any firewall or selinux.
View 3 Replies
View Related
Jul 2, 2010
I took to yast to install ldap. I creating the CA cert, server key and server cert and specified them during the yast ldap server dialogs.
The firewall is open for ldap.
I also went through yast's ldap client ... though I didn't exactly see to anything (presuably it wrote up a configuration file somewhere).
However when trying use the basic ldap tools, like ldapwhoami. Well it doesn't connect and gives me the above error. Of coure the ldap db is unpopulated as yet, so it probably is not able to say who am at all. But ldapadd doesn't work either.
It seems to point to my SSL usage not being correct .. so I'm trying to double check that now.
View 2 Replies
View Related
Aug 17, 2010
error found with your "Postfix virtual maps": No "map sources" were found in the Postfix configuration. your system is not ready for use by Virtualmin. how do I set this?
View 2 Replies
View Related
Apr 13, 2011
I'm trying to create a group called Domain Users, that will include several other groups that are populated with users inside of the LDAP database. In the LDAPdatabase, for a group entry, there are memberUid entries that can be filled. When I try to use another "Group" name, it just lists that name and not the people in that group. So if group "A" has Jim, John, Sue, and I include group "A" in the memberUid of the Domain Users group, I want that to reference the people in that group, not the group name. Testing access right, having the group name listed in "Domain Users" group, does not grant user access under the group rights on a directory. Should be simple, but I don't know the syntax to use for this reference.
View 2 Replies
View Related
Apr 5, 2010
I am *finally* getting around to rebuilding my file-sharing computer. I'll be sharing files with both Linux and Windoze machines. It's a home network, so there's nothing fancy needed. I know I have to tweak my smb.conf file until I'm satisfied with the features and security. I'm using SWAT and I'm starting with a bare-bones conf file. It's not secure but I can see the server and selected files/directories from my other Linux box.
My really dumb question is, do I have to reboot both the server and the client machines every time I change the SAMBA configuration? I thought I just had to stop and restart the SAMBA service in the SWAT software - but then the server disappears from my client. It looks like I need to reboot both machines for the client to see the server.
View 1 Replies
View Related
