Fedora Networking :: 389 Directory Service - Client Authentication?
Mar 2, 2011
Server: Fedora 14
Client: Fedora 14
LDAP server: 389-ds
I have set up the 389 server using the default configuration. Adding user and http/pam authentication works fine. The problem I have is the client authentication. On the client machine, using "authconfig-tui" to turn on LDAP authentication it turns on sssd and use 'sss' in etc/nsswitch.conf after 'files'. I couldn't get sss working. In the end, I disabled sssd and manually changed 'sss' to 'ldap' for all configuration files including:
modify /etc/nsswitch.conf
modify /etc/pam.d/password-auth, change all sss to ldap
modify /etc/pam.d/system-auth
change /etc/sysconfig/authconfig
FORCELEGACY=yes
After these, client authentication works. I can log in to the client machine using user/password set on the LDAP server. I thought this is done but everyday the LDAP service stop functioning once or twice. I can't log in to the client machine using LDAP username/password. After restart the dirsrv on ldap server, things back to normal. I can't find any reasons from /var/log/dirsrv/ldap-xxx error file and don't know how to debug the problem.
View 3 Replies
ADVERTISEMENT
Feb 8, 2010
I have a program to start called "pace_old".
In the command line I type it's name and get this:
What should I do ?
Distro is SuSe 11.1. Btw: I do not get this message on Suse 9.0. Pace_old runs properly there.
View 1 Replies
View Related
Jun 28, 2010
I am setting up Fedora-13 with "389 directory server" for authentication. I had performed the following steps.
1. Install FD-13.
2. Yum install 389-ds.
3. Run script to configure.
4. Start 389-condole and create few group and user for testing.
I can see these user with "ldapsearch" and with "phpldapadmin". It looks my server is responding. However, I am unable to see any user name with "getent passwd". also "ssh server_user@server" is not able to login. Whereas "getent passwd" shows local user and "ssh local_user@server" is able to login. Also note that I am not using ssl, so want to avoid ssl.
View 9 Replies
View Related
Mar 5, 2009
I am a little optimistic now after my problem of wifi was solved by stoat that presisted for about a year, now i am trying to install my vpn client. he asks me to write the path of kernel source code directory : and i answer by:/lib/modules/2.6.26.8-57.fc8/build/
But he answers no such directory or file and i dont know why
The build is covered by a red box when displayed by a terminal so can any body tells me where i can find my kernel source directory or i should install them, how
View 3 Replies
View Related
Mar 12, 2010
I have a problem with ldap client authentication in ubuntu. I am using rhel5 as openldap server and I configured ubuntu as client, when I am trying to login the following message is coming."su: Authentication service cannot retrieve authentication info. Sorry"
But when I do search through "ldapsearch" command output is coming without any errors, Can anybody explain what would be problem.
View 1 Replies
View Related
May 21, 2010
I have been used NX client on windows 7 connected to ubuntu with NX client/node/server with no issues. The matter started when I have formatted Ubuntu and reinstalled NX, from that NX connects but shows a key error as follows:
NX> 203 NXSSH running with pid: 4328
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
[code]....
View 7 Replies
View Related
Feb 7, 2011
I was trying to connect to my machine over the internet through a VPN. I was able to connect, with a fairly high ping (30-40 ms), then when I use Terminal Service Client to connect, just the login screen takes FOREVER!! Using a Virtualbox WinXP, I connect to the VPN and use its Remote Desktop and it is super fast.
View 9 Replies
View Related
Dec 3, 2008
I have setup ubuntu server and right now i'm trying to get my DNS server working for my intranet.
I'm using my ubuntu as gateway wo internet and somehow my windows client can't use my DNS service.
when i do nslookup www.google.com from my server (10.0.0.1) it return me answer code...
View 1 Replies
View Related
Jun 28, 2011
My client is on Ubuntu Lucid 10.04, I installed ipsec-tools and racoon from the repositories. The gateway is installed on a CentOS machine. I've configured everything to get a working roadwarrior configuration with authentication_method hybrid_rsa client and server. It's working in aggressive mode, but in main mode I can't get it working. I delivered new CA and certificates several times but I'm still stuck.
It seems that it comes from my client not supporting the certificate sent by the server. The client contains a copy of the CA, whereas server has a private key and a certificate signed by the CA.
[Code]...
View 3 Replies
View Related
Sep 2, 2011
I have a openldap server running on one machine (fedora10) and pam_ldap.so and nss_ldap.so running on the other machine.
I have added a new user to the LDAP server database, this user is not created on client machine.
1. Can i login to the client machine using this new user?
2. Now if i try logging with this new user I am getting error messages, the error messages are as follows at client side
Sep 2 10:34:36 localhost sshd[8484]: Invalid user kim from 10.254.194.148
Sep 2 10:34:36 localhost sshd[8485]: input_userauth_request: invalid user kim
Sep 2 10:35:16 localhost sshd[8484]: pam_ldap: error trying to bind as user "cn=min soo,ou=people,dc=samsung,dc=com" (Invalid credentials)
[Code]....
View 4 Replies
View Related
Jan 11, 2011
What is the The easiest way to authentication Active Directory with opensuse.
View 2 Replies
View Related
Mar 4, 2010
I have installed openldap version 2.4.21 and configured with the help of the site [URL] and the LDAP address book is working fine. But I need to create an LDAP directory such that it will contain the user name and passwords for the users and when user is logging to any application he is authenticated from LDAP directory
e.g Users who need to browse the internet need to authenticate with username and password for access from the firewall (Juniper Netscreen) and similarly other applications like oracle ERP such that they will have only 1 username and password stored in LDAP directory and all other applications will search for the user name and password for authentication.
View 5 Replies
View Related
Nov 9, 2010
I'm having a problem with squidguard filter with AD authentication. I have downloaded the latest stable source package from squidguard site and I followed the instructions for the ldap(AD) authentication but it does not work at all.I have googled and tried everything but no luck. (first 30 hits on google) Anyway this is the LDAP auth part: http://www.squidguard.org/Doc/authentication.html at squidguard and this is how to build the package.
View 2 Replies
View Related
May 3, 2010
I've been trying to find a single set of instructions that define how to configure Fedora 12 to authenticate using Active directory without 100 steps (plus or minus) but difficult at best. I have about 12 Fedora 12 servers running as stand alone servers in a Windows 2003 network.
Can someone point me to a great set of instructions that can easily be replicated across multiple servers and a few workstations?
View 6 Replies
View Related
Sep 7, 2010
I want to install a FTP server (VSFTPD) on my Redhat Enterprise Linux 5.5 and i want to use Active Directory LDAP (windows server 2008 enterprise) for authentication. I can't add my windows LDAP to FTP server. I try my best but i cant to config it.
View 6 Replies
View Related
Oct 5, 2010
I've got this current configuration : 1 squid server authenticating with 1 forest abc.com, then another company wants to joint but in different forest efg.com, I've already configured trust relationshipt between them.
How should I configured at squid.conf so it will authenticate both domain ?
At squid.conf I've already configured like the following below for abc.com :
Is it enough to adding a new line for auth_param basic program for efg.com ?
View 1 Replies
View Related
Jul 19, 2011
Cannot seem to set a home root directory and connect as a local account to the FTP Service over SSL. Anonymous works perfectly fine.
View 1 Replies
View Related
Feb 8, 2010
I am trying to solve problem with software which needs to have access to network card I suppose. Installation run without any problems but when I am launch software I get such message as normal user:
Cannot register service:
RPC: Authentication error; why = Client credential too weak.
When I launch program as root I get this:
WARNING: localhost appears to have the loopback address 127.0.0.2 as IP address
This may imply that processes on arlin may not be able to connect to non-local processes but program starting with success at least. What I should do to run program as normal user?
View 5 Replies
View Related
Feb 4, 2009
I have a redhat server with SAMBA file services. I have copied all the users files into their respective home directories and mapped a network drive to their folders. However, when I try to access a file in those folders the machine reboots itself. There are no error messages or anything, it just reboots!
View 2 Replies
View Related
Mar 15, 2011
I am re setting up a server of mine running red hat enterprise Linux server 6 and I had all of this working befor but for some reason I had troubles getting sasl to work and now when I login my smtp server I get an error stating that my username or password is incorrect though I am sure I am entering both correctly. Would anyone know what could be happening? I have been spending days on the web looking for the solution and only went from sasl not working when started as a service to this. For some reason I can't use Pam with saslauthd and had to use shadow instead of which from what I hear I get to use better methods of secure authentication with smtp
View 2 Replies
View Related
Jul 9, 2010
I'm working on a work project related to Web (Client) authentication and DOD Common Access Cards. But I'm having difficult getting the details about what happens on the CAC side of things.
I familiar with the PKI system as it applies to e-mail. (Correct me if I err, of course.) If you want to sign an e-mail (i.e., so it can be authenticated by the receiver) you use your private key to add a digital signature to the message. Then, the receiver uses your published public key to determine if the digital signature is valid, i.e., was created using your private key (even though the receiver never actually has access to your private key).
So... my questions:
1) When a person with a DOD CAC visits a CAC-enabled web site, and the server grants access after the CAC is inserted, is the authentication process fundamentally the same as what happened with the e-mail authentication?
2) If the private key is used in this process (it would have to be, correct?) is the signature created on the CA Card electronics (i.e., the private key remains on the CAC)? Or is the private key copied onto the computer, which uses it to create the signature?
View 1 Replies
View Related
Aug 6, 2011
I am running a ubuntu server and want to host a web application (php/mysql based) however I dont want to use usernames and passwords for authentication. I'd like to use a client certificate. The military uses similar technology using the CAC card to provide the certificate for authentication.
not sure if this would be done using the apache modules or if php would be a better place to play with this
View 3 Replies
View Related
May 20, 2009
I have the following problem:I have to networks in remote places.I have an opnvpn client in one network that connects to the the router (openvpn server).My question is,can i connect the network where the openvpn client is,throught the computer with the client to the other network.If yes,how? (please make it an idiot proof anwser because i have limited knowledge about iptables). I was thinking like forwarding (the router in the network with the openvpn client is also firewalling with iptables) the request of the ip class of the openvpn network to the computer with the client,which masquarades the interface
View 2 Replies
View Related
Oct 6, 2010
The nfs-client service isn't starting after boot up. This is causing problems with the user as they cannot access the remote folders on the server. The PC is a Thinkpad X60s with oS11.3 and KDE4.4.4. The problem started about a week ago after some updates (new kernel update, kde4 updates and some system files) were applied on the laptop.
After logging in none of the remote folders are available. Checking the nfs-client service under Yast>System Services (Runlevel) shows the nfs-client service is not running. If I enable and start the service I get the pop-up confirming the service has started but still cannot access the remote folders even after issuing a mount -a. Opening Dolphin just opens a blank grey window which needs to be terminated.
Trying to restart the nfs service using su -c 'rcnfs restart' sticks at Starting NFS client services: sm-notify Just leaving the PC for 10-15mins eventually sorts itself out and the remote folders become visible. I cannot see anything obvious in the logs so am a bit stumped.
View 7 Replies
View Related
Aug 18, 2010
I was trying to setup SSL Client authentication on only one virtual host. Here is a brief excerpt sample of my conf file for the virtual host:
<VirtualHost xx.xx.xx.xx:443>
SSLRequire %{SSL_CLIENT_S_DN_O} eq "something"
SSLVerifyClient require
SSLVerifyDepth 2
</VirtualHost>
But when I try to check for syntax errors tells me SSLRequire not allowed here I do not want to add SSLRequire on the main httpd.conf because I only want it for one virtual host. The rest of the virtual hosts do not need it.
View 2 Replies
View Related
Jun 11, 2011
Just an FYI for anyone who may be having this particular problem. A short while back, I was trying to attach a picture to a Twitter post, and dropped my network connection. No big deal...connection came back, and things went on. Next time I launched Choqok, it popped up a message saying "Server Error: This method requires authentication". It was puzzling, and didn't appear to impact my use...until I went to send a direct message, and it would give that error and crash. After quitting Choqok, the file (/tmp/ksocket-user/klauncherXXXXXX.slave-socket file) was still present. Deleting that file manually cleared the error up. I've seen this mentioned in a couple of other forums, but none with a solution posted.
If anyone else has that error, and this method resolves it, please let us know. I'm using openSUSE 11.4, but it should apply to any version/distro of Linux using Choqok.
View 5 Replies
View Related
Jan 18, 2010
how to make a new Ubuntu 9.10 box use our LDAP/Samba server for user authentication. Our Red Hat and Windows machines all use it just fine. I've been trying to use the auth-client-config and libnss-ldap packages for this purpose, but I must be missing something. I'm pretty green with LDAP, so this is my first time diving in... Is there a good How-To or step-by-step read on this? All of my searches lead me to setting up Ubuntu as the server, and that isn't what I want. I've also tried the steps listed in [URL] for the LDAP Authentication section.
View 1 Replies
View Related
Dec 18, 2010
I have a server with Fedora 13 with which I would like to get NFS working. I have looked up multiple howto's and tutorials, but I'm having a problem not addressed by any of them.Official how-to, another how-to, and another how-to.I have verified that nfs-utils, nfs-utils-lib, portmap, and system-config-nfs are installed and running. I have verified that I have, in fact, shared the directory that I want to share, and that the proper permissions are set.
I had to go through some gyrations to get the Belkin wireless N router to allow my server to have a static IP. However, I can ping the server from the nfs client (a toshiba satellite running mint 8), and vice versa. I have (for now) disabled firewalls on both computers. I think I have disabled SELinux on Fedora 13 (for now).When I attempt to connect to the server from the client, the output looks like this:Quote:
aragorn ~ # mount -v 192.168.2.101:/test /home/kelev/test/
mount: no type was given - I'll assume nfs because of the colon
mount.nfs: timeout set for Sat Dec 18 12:21:09 2010
[code]....
View 7 Replies
View Related
Feb 28, 2010
i can smb in centos 5 and i run service smb restart, it shows :smb: unrecognized service..... i run rpm -qa |grep samba,it shows
samba-common-3.0.33-3.7.el5
samba-client-3.0.33-3.7.el5
.....
View 2 Replies
View Related
Apr 20, 2011
I was trying to copy a few files to my phone via bluetooth when the file transfer window popped up with the progress bar stating "Connecting" and an error: the name org.openbox.client was not provided by any .service files..
I am using: openSUSE 11.3
Gnome 2.32, Kernel 2.6.38,
obex-data-server 0.4.5-12.2,
[code]....
View 3 Replies
View Related
