I would like to ask:How do I setup LDAP auth of users/groups on Debian 5.0?Is it using LDAP Migration tools? Can be done differently? Using different tool? Some nice tootorial?Some up to date book for LDAP or I need to dig in openldap.org?I'm learning by book which is a lil bit older so Im bit confused.
View 1 Replies
I am used to setting up users and groups on my daughters computers with Ubuntu installed.
user: magz (daughter)
user: nigel (me)
group: nima
We each have our own folder for files i.e. magz and nige. This has always worked well and it didn't matter which user is logged in we could create and access files in the other users folder with full permissions.
root@nbsq: /media/2xfi/files# ls -l
total 8
drwxrwxr-x 9 nigel nima 4096 Jul 13 09:45 magz
drwxrwxr-x 3 nigel nima 4096 Jul 13 09:45 nige
I have finally got around to getting her to try Debian which I always use, however I have never had to set up users, groups etc in Debian (squeeze) so I just did what I'm used to with Ubuntu. What I've found is that if I create a folder while I am logged in then that folder cannot be accessed by my daughter when she is logged in and the same applies if she creates a folder then I cannot access it when I am logged in, unless of course I use terminal to change the owners. In each case with the new folder the owner will be: root and the group will be: root. I would have thought what works for Ubuntu would work for Debian, however there must be differences.
how to add users to groups with ldap? Further, could someone point me towards some good command-line management tools? Creating each dn manually is going to get old real fast...
View 14 Replies View RelatedI have Ubuntu 10.04.2 (Linux 2.6.32-33-server on x86_64) with OpenLDAP 2.4.21 and Webmin1.550. I converted my ldap database from another system with the older style schema (OpenLDAP 2.3.3 with slightly older Webmin version 1.480) and no longer use slapd.conf, but the newer slapd.d format.
It all works fine except for one thing. When I add a new user, it lets me type in the additional LDAP fields:
But when I click the Create button, all the fields get jumbled together in the Title/Position box with a diamond question mark delimiting the fields:
Modifying existing users (which have the Additional fields displaying correctly) also has the same result - it moves the fields all into the one Title/Position box with the diamond shapes with question marks inside between each entry. Is it a problem with my schema files? I tried reverting to the older shema files and slapd.conf and it still did the same thing on the new system. I am really at a loss.
Here is also the output of ldapsearch for that user (host and samba ids are sanitized):
Previously added users that show the fields properly have "description:" and then the field listed for each Additional LDAP field. Also shouldn't the "title" be visible in plain human readable text here? - it looks like it encrypted it somehow - similar to a password hash. The older system works fine and the fields are all readable and in their proper locations. But the new system just doesn't work right.
LDAP authentication problem on debian squeeze? To my knowledge, I have everything setup properly to do ldap authentication + local authentication on a host. I can login as a local user. I can login as an LDAP user.
When I log in as an LDAP user, my primary group is set properly. It is an LDAP group. I can change the group ownership of files to LDAP groups using chgrp. So far so good. This all works as expected. The commands getent passwd and getent group work wondefully, and generate the expected results. I can newgrp to any *local* group, but if I try to newgrp to an ldap group, I get the following error:
setgid: Operation not permitted. I've tried googling and asked on #debian on irc.debian.org. No luck.
I have a remote directory shared over NFS called tech with perms set as 0750 and owner set to root:tech. I have 2 groups: tech, and techAdmin. tech can read and execute within tech/. techAdmin can read, write, execute. I have 4 users: user1, user2, user3, user4. user1 and user2 is a member of techAdmin, user3 and user4 are members of tech. simple so far...but wait here's the problem. If user1 creates a file inside tech, user2 cant read or modify it because user1 owns it. Here's a few sites that reference this problem:
[code]....
I've compiled openssh-5.4p1 on RHEL 4.8 with Openssl 0.9.8m + pam It works perfect without pam (pam-0.77-66), both with password and public key auth. Whith pam enabled and LDAP (openldap-2.4.21, from scratch) something strange happens: system users: I can do ssh with both password and public key LDAP users: public key works for remote users, still I cannot do ssh with just password. I'm trying a custom PAM configuration, because the default one (even with authconfig + LDAP ) blocks ssh even with system users.
My pam SSHD configuration is:
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_ldap.so use_first_pass
[code]....
My LDAP users are ok: i can do "su - " remote LDAP (so that nss_ldap is OK), also getent passwd and getent group is ok.
Running Wheezy with an XFCE desktop. Is there anything I can install to manage users and groups from a gui
View 2 Replies View RelatedI've been using CentOS for quite a long time, and I've recently switched to Ubuntu 10.10 as a desktop. I'm having one small stumbling block, I can't seem to setup LDAP authentication via a GUI. I found this post here.
[URL]
Is there a GUI application that allows LDAP configuration similar to the Cent OS one?
If there are more tools that can be used to add users and groups, can someone direct me on how to find this information out, or can someone compile a list of tools?
View 7 Replies View Relatedoperating system: CentOS 5.5 git version:1.7.3.4 ldap server:OpenLdap Http server:Apache 2.2 the software above have been installed. How to config /etc/httpd/conf.d/gitweb.conf file to let git authed by ldap?
View 2 Replies View RelatedI am building a livecd, the live user created at boot time is a member of the audio group set in /etc/group. This way works for the livecd but when installed a user must manually add himself to the audio group. How can I set new users to automatically become a member of the audio group? In /etc/default/useradd I can set only one group.
View 4 Replies View RelatedI have a folder at /home/www/, and the owner is www, which is part of the www-group. I have another user, john, part of the john group. How can I chown /home/www/ to make it writable by both www and john?
View 2 Replies View RelatedIs this possible to make groups members of a group (the same way aliases work for the mailing system). If not is there a painless way to make all my nis users members of more than one local groups? Maybe set this on the nis side and not per machine setup?
View 1 Replies View RelatedI realize I can add a new user in a terminal, but it's a little easier to use the GUI tool. However, I just realized this tool has disappeared from my main menu?How do I get this back?
View 6 Replies View RelatedI am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
Code:
AuthType Basic
AuthBasicProvider ldap anon
Order allow,deny
Allow from all
This part by itself works for the LDAP authentication:
Code:
AuthName "System Admins"
AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com
This part works by itself for guest access:
Code:
Anonymous guest
Anonymous_VerifyEmail Off
Anonymous_MustGiveEmail Off
Anonymous_LogEmail on
Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?
I installed ldap on my server and one of my client machines yesterday.It also now won't let me get into graphical utilities that require root privileges; synaptic for example. It comes back with "incorrect password". I noticed that in the terminal it now requires me to enter two passwords to become root: the root password and the ldap password. I wonder if the two are related.I'm not sure what information to post; there's a ton of configuration files associated with this setup. Can somebody help me troubleshoot this? Thanks!
View 8 Replies View RelatedI can setup variables in ~/.bashrc for my own shells. I can also setup variables globally in /etc/bashrc.but then how do I setup variables for a group in Linux? So that users who belong to this group will see the variables, but not others?
View 2 Replies View RelatedI am very new to LVM, as well as not especially experienced at linux, and have some questions about how lvm works. A few months back I set up a server running FC10 and tried creating Logical Groups during the the initial setup. We've realized that we are not using all the available space on the physical drive, and I realized that for some reason (I'm thinking this might have been the default?), we initially created two Logical Groups (VolGroup00 and VolGroup01) and it appears two Logical volumes in each (LogVol00 and LogVol01). LogVol00 in VolGroup00 is mapped to /, and the other Group was actually unused. I figure that it would be simplest to just use all this space mapped to /, so I thought the thing to do would be to simply merge VolGroup01 to VolGroup00. I tried this:
[root@office mapper]# vgmerge VolGroup00 VolGroup01
Logical volumes in "VolGroup01" must be inactive
So after a bit of research, I tried this:
[root@office mapper]# vgchange -a n VolGroup01
Can't deactivate volume group "VolGroup01" with 1 open logical volume(s)
So apparently There's an open volume, but I don't know how to go about closing it. I removed the LogVol00 from that group, but LogVol01 won't budge.
[root@office mapper]# lvremove VolGroup01
Can't remove open logical volume "LogVol01"
So how do I go about closing this Volume? At one point, there was some output that told me LogVol01 was being used as swap space. How do I handle that?
I'm using Sun One LDAP server, (Soon to be moving to openldap). I have one Master server, no slaves, about 60 user accounts.
I'd like to add an attribute to each of the users DN's to restrict there ability to login to specific hostnames. I.e. I have hosts A, B and C. Dev staff can access A and B, but not C, and support staff need to access all of them.
I found a link at [url] which talked about using 'hostsallowedlogin' and 'hostsdeniedlogin' attributes but I'm presuming these are bespoke. If they are, how do you configure the ldap.conf to take note of these attributes when authorizing access?
I have configured ldap on Debian5 and samba on another machine, all servers are running ok, but when i try to add users, it gives me an errror that "unknown user"
View 4 Replies View RelatedI'm trying to create a group called Domain Users, that will include several other groups that are populated with users inside of the LDAP database. In the LDAPdatabase, for a group entry, there are memberUid entries that can be filled. When I try to use another "Group" name, it just lists that name and not the people in that group. So if group "A" has Jim, John, Sue, and I include group "A" in the memberUid of the Domain Users group, I want that to reference the people in that group, not the group name. Testing access right, having the group name listed in "Domain Users" group, does not grant user access under the group rights on a directory. Should be simple, but I don't know the syntax to use for this reference.
View 2 Replies View RelatedIf I ssh from my laptop (running F10) to the server (centos 5.2) it asks for the password, but everytime I enter the correct password it says incorrect password. when I do the same from the server to my laptop I can get in just fine. I think my passwords are stored as ssha in the LDAP (I tried clear passwords and that dosen't work either).
View 1 Replies View RelatedI've managed to get my Fedora box authenticate to AD with NSS_LDAP module with SSL working. I would like to bring this authentication to the next step by using SASL /GSSAPI, however I find very little / no documentation exist on this topic? I was wondering does anyone know where I can get the documentation on how to setup NSS_LDAP talking to AD with SASL/GSSAPI?
View 3 Replies View RelatedI tried collecting steps for LDAP Client setup.
View 3 Replies View RelatedI am logged in with the account i created with ubuntu back in 10.4 but i cant do anything with the users and groups management tool any idea's what might be wrong? It also doesnt ask to escalate provilages when i run it which i suspect is part of the issue.
View 2 Replies View Relatedwe have a weird problem with our opensuse 11.2 server installation.
We want to set up a LDAP Server using the Yast-LDAP Server configuriation tool.
This indeed already worked weeks ago until....this week.
Maybe some updates??!
I do not know what happend exactly. The server just does not want to start again and throws following error:
Starting ldap-serverstartproc: exit status of parent of /usr/lib/openldap/slapd: 1 failed
This happend after a little check of the configuration, but without a change, with Yast. Google delivered only "reinstall your box"-answers.
So.. i did that. And now the "mystical" part: The SAME ERROR occurs with a fresh vanilla system with a brand new and simple configuration (certificats, database, pw...the first Yast config dialog...). I did not change the way i set it up.
I remember, when i did this the first time with 11.2 on that machine, when no problems occured...everything was running out of the box (except the "use commen server certificate" option...).
I'm running 10.10 64-bit and have configured it for root graphical login for administration of the system. When I log in as root, I can run all menu items in System -> Administration with the exception of Users and Groups. When I try running this, the application starts, but I only get an animated spinning disk that doesn't stop, can't modify the users properties and I can't close the application unless I go to System -> Administration -> System Monitor -> Processes tab , highlight users-admin and click End Process.
View 6 Replies View RelatedIs it possible to nest groups so that users can access directories owned by other groups?
View 1 Replies View RelatedI have centos 5.4 installed (2.6.18-128.2.1.el5 #1 SMP Tue Jul 14 06:36:37 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux), and I am using WHM/Cpanel to manage my server. I am looking for a GUI utility, so I can graphically manage users/groups.
View 1 Replies View Related
