OpenSUSE Install :: Cannot Get LDAP To Authenticate In 11.2
Nov 19, 2009
I had 11.1 for some time, was working fine. decided to upgrade... long story short - did a fresh install with livecd of the 11.2. I use ldap server for authentication, its on the lan. configuration during install goes through fine. fetch dn, etc... then after the bootup - authentication error for any user except root. At the same time automounter works fine, ldap requests are going through for hosts (my local hostnames are also on this ldap server), I can edit users through YAST when logged on this box, but alas! even for "su - user" I get "incorrect password", whereas if I am root, then "su - user" gets me logged in as user. password does not go through!
View 3 Replies
ADVERTISEMENT
Jan 3, 2011
Ldapscripts seems to be authenticating oddly but I am not sure why. Running 'ldapadd' works without issue:
<code>root@domainator:~# ldapadd -D cn=root,dc=example,dc=home -W
Enter LDAP Password:
<CTRL-D>
root@domainator:~#
</code>
However:
<code>
root@domainator:~# ldapaddgroup test
>> 01/03/11 - 22:16 : Command : /usr/sbin/ldapaddgroup test
ldap_bind: Invalid credentials (49)
ldap_bind: Invalid credentials (49)
Error adding group test to LDAP
Error adding group test to LDAP
</code>
Here's various parts of my /etc/ldapscripts/ldapscripts.conf:
<code>
SERVER="domainator"
BINDDN="cn=root,dc=example,dc=home"
BINDPWDFILE="/etc/ldapscripts/ldapscripts.passwd"
SUFFIX="dc=example,dc=home" # Global suffix
GSUFFIX="ou=Groups" # Groups ou (just under $SUFFIX)
USUFFIX="ou=Users" # Users ou (just under $SUFFIX)
MSUFFIX="ou=Computers" # Machines ou (just under $SUFFIX)
GIDSTART="10000" # Group ID
UIDSTART="10000" # User ID
MIDSTART="20000" # Machine ID
</code>
/etc/ldapscripts/ldapscripts.passwd permissions are root:root, 0400 a
And I have quadruple checked my password is correct. Is there a way to print out debugging from ldapscripts so I know what commands it is generating?
View 3 Replies
View Related
Aug 3, 2011
I have a query regarding login to roundcube via dovecot ldap. I have installed and set up the openldap on Ubuntu Server 11.04 with the help of the following article [URL]. I have also installed Postfix, Dovecot, Dovecot-ldap and roundcube as the mail client. Then, I went on to test if I can login through roundcube. I received "login failed". I'm sure the dovecot is running fine as well as Postfix and openLDAP server. All I can find from the log was "auth(default) LDAP: Can't connect to server: localhost".
View 1 Replies
View Related
Jul 31, 2010
I'm using Ldap to authenticate some services in my company, but from a few days, i finds some errors saying
Quote:
I'm using webmin to manage its servces.
View 4 Replies
View Related
Apr 29, 2011
I manage to get RHEL Authenticate to Active Directory using LDAP and Kerberos. When a user authenticate to the Unix, the Unix system will check (using Kerberos) to the AD. However I just found out that when the RHEL (LDAP) did the authentication to the AD (to ensure that the RHEL has the right permission to query the LDAP database), it uses simple bind which send the username/password unencrypted over the network.
1) Can We use Kerberos as well? for the initial authentication described above?
2) If Not possible, is there a way to encrypt the username/password in the storage (ldap.conf -because it's world readble)? I know that for tranmission I can use SSL.
View 5 Replies
View Related
May 5, 2010
I'm trying to set up a Samba share that's available over the network to a group of users in our institution. Our infrastructure is based on Novell Netware (slowly migrating to OES), and thus our authentication is managed by eDirectory. All our other shares are managed by Netware, but this one lives on a standalone Ubuntu server.
I've succeeded in setting up the share, and users can access it without a problem. The trouble is that currently it only works by treating all users as guest users and giving them the same privileges over the share. Is it possible to get Samba to authenticate users against eDirectory via LDAP? Would I have to get Ubuntu to authenticate against eDirectory, then Samba against Ubuntu, or can Samba do it directly? I've not really worked with LDAP before so I'm unsure where to start.
View 2 Replies
View Related
May 13, 2010
How can I make the user in remote LDAP server to be used to authenticate Local Linux server ?
View 5 Replies
View Related
Aug 9, 2011
When ever I have an issue with our LDAP server (which I was able to fix) we see the following errors in /var/log/messages and it causes problems with our services running on that box, e.g. httpd, nrpe, xinetd, etc. Aug 8 17:44:42 hostname httpd: nss_ldap: failed to bind to LDAP server ldap://serveraddress/: Can't contact LDAP server Aug 8 17:44:42 hostname httpd: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)... I am only wanting to authenticate SSH and Sudo and not services like httpd, nrpe, xinetd etc.
View 2 Replies
View Related
Oct 1, 2010
I've just installed 11.1 and so far things seem to work OK. When I left the machine the screen saver kicked in and wouldn't let meback on with my password I chose during installation (and the only password I chose!) Re-booting the machine sorted the problem...until next time! I have now disabled the lock out for the screen saver so things ought to work now, but why did it do this? New with openSuse!
View 9 Replies
View Related
Aug 11, 2011
loss password to network. when trying to login to a local Server it tries to Authenticate from the network. Can anyone tell me how to change it back to a local Authentication or to reset network password.
View 2 Replies
View Related
Jun 4, 2009
So far, I've been able to get my Box (Centos 5.3) authenticate users through LDAP. My next plan was to automount their home directory from our NAS device.But I'm struggling getting autofs talking to the LDAP Server.My Config Files:
/etc/ldap.conf
[root@tmplt_CentOS-5 ~]# egrep -v '^#|^$?' /etc/ldap.conf
base ou=intern,o=zde,dc=simiangroup,dc=com
[code]....
View 2 Replies
View Related
Jan 11, 2011
How to authenticate Samba server with another LDAP Server.
- I would like to set up samba server(CentOS5 samba version 3.0.33)for sharing directory. WindowXP client will can access to samba if username and password match with username and password of another existing LDAP server.
- I only know URL and DN of LDAP server and can not modify anything on LDAP Server.
- Can I config at samba server for requirement above.
View 2 Replies
View Related
Jul 2, 2010
I took to yast to install ldap. I creating the CA cert, server key and server cert and specified them during the yast ldap server dialogs.
The firewall is open for ldap.
I also went through yast's ldap client ... though I didn't exactly see to anything (presuably it wrote up a configuration file somewhere).
However when trying use the basic ldap tools, like ldapwhoami. Well it doesn't connect and gives me the above error. Of coure the ldap db is unpopulated as yet, so it probably is not able to say who am at all. But ldapadd doesn't work either.
It seems to point to my SSL usage not being correct .. so I'm trying to double check that now.
View 2 Replies
View Related
Feb 6, 2010
I'm having problems setting up an LDAP server for suers. The SUSE user management won;t let me create users with passwords longer than 8 characters in the LDAP directory. Local users are fine. This is a new LDAP server setup using the instructions from Integrating LDAP and Samba using openSUSE
I'm getting the error "The password is too long for the current encryption method. Truncate it to 8 characters?" I can create users with short passwords, but this isn't acceptable - it's a security issue.
The susePasswordHash in LDAP is SSHA (default)
The password hash in users & groups management is blowfish.
how to get this working with long passwords?
View 1 Replies
View Related
Apr 11, 2011
I am switching to Gnome because its look and feel is closer to Windows for my workgroup. LDAP and NFS are working fine with KDE and SSH. but I cant login with LDAP users both directly or via NX client. When logging in directly on the server it shows this error:
Code:
"Xsession: Login for <user> is disabled "
When logging via NX client it says, it authenticated successfully and then quited with this popup message:
Code:
Could not connect to session bus: Failed to connect to socket /tmp/dbus-0frstajyNE: Connection refused
I closed this popup window and one more appeared:
Code:
Could not acquire name on session bus
[Code]....
View 2 Replies
View Related
Jul 18, 2011
I'm trying to setup a LDAP server and it seems to have all gone pretty well. I set it so that users that type their passwords wrong 5 times are locked out for 20 minutes. That works fine, but if I want to log on as an admin and unlock their account before that 20 minutes is up it isn't working.Normally, (authenticating locally)
Code:
passwd -u blank888
works and does what I want it to. If I want passwd to recognize the LDAP server I use
Code:
passwd -D cn=Administrator,dc=example,dc=com -u blank888
When I run that, it always asks for the admin password like it should, but then will only work on some accounts and not others. Mainly I've seen that it only works on accounts that already had local accounts before connecting to the LDAP server.If I run a passwd -Sa command I will get something like:
blank888 LK 07/18/2011 0 999 7 -1
blank888 LK 07/18/2011 0 999 7 -1
test LK
blank888 already had an account on the machine, but also had a LDAP account along with test. So blank888 is showing twice because he has both LDAP and local accounts, whereas test only has a LDAP account. So now if they both get locked out passwd -D $adminDN -u $account will work for blank888 but not test. Then the results of a passwd -Sa would be:
blank888 PS 07/18/2011 0 999 7 -1
blank888 PS 07/18/2011 0 999 7 -1
test LK
I need to be able to unlock test using passwd. The LDAP server is running 11.2, and the hosts are running various Linux distros, and XP.Can anything think of a way to fix this without removing the LDAP server, adding local accounts for everyone, and then putting the LDAP server back on?
View 2 Replies
View Related
May 31, 2010
we have a weird problem with our opensuse 11.2 server installation.
We want to set up a LDAP Server using the Yast-LDAP Server configuriation tool.
This indeed already worked weeks ago until....this week.
Maybe some updates??!
I do not know what happend exactly. The server just does not want to start again and throws following error:
Starting ldap-serverstartproc: exit status of parent of /usr/lib/openldap/slapd: 1 failed
This happend after a little check of the configuration, but without a change, with Yast. Google delivered only "reinstall your box"-answers.
So.. i did that. And now the "mystical" part: The SAME ERROR occurs with a fresh vanilla system with a brand new and simple configuration (certificats, database, pw...the first Yast config dialog...). I did not change the way i set it up.
I remember, when i did this the first time with 11.2 on that machine, when no problems occured...everything was running out of the box (except the "use commen server certificate" option...).
View 4 Replies
View Related
Apr 1, 2011
First, like a dummy I did not backup the Samba config file before making changes. Using openSUSE as ftp and http server, was following tutorial to share between openSUSE and windows. I was using VNC to access machine to edit Samba config file, after altering the the file VNC authenication fails. I can still authenicate locally and through the ftp.
View 1 Replies
View Related
Jun 27, 2011
I installing the infrastructure driver by doing
Code:
And everything seemed to work fine and usual however I get stuck on authentication. I'm 100% positive that I've typed in the right password.
View 2 Replies
View Related
Jun 9, 2010
I have fedora linux as an operating system on my laptop but each time I try to install a new program it prompts for an authenticate root password of which I have no idea. I wanted to install windows xp on it but each time I do so it prompts"se-linux denial" on the base that the source is not trusted as i didnt authenticate it.
View 7 Replies
View Related
Mar 9, 2011
I setup my evolution to get this forums news. (eg. threads and posts). However, I can't get them because it give me this: I keep entering my forum password over and over again but I can't authenticate :S And you might also need to check these: [URL]
View 9 Replies
View Related
Mar 13, 2010
i have configured ldapserver on rhel4 for creating address book
following are configuration files on ldap server
/etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
i am able to import this ldif file into database.also when i perform the ldapsearch on this server with command"ldapsearch �x �W �D �cn=manager, dc=example, dc =com� �b �dc=example, dc=com�" i get correct output.
but when i am trying to search from another client machine, i am getting "error ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)"
also when i configured address book on mozilla on server., it is working fine.but not working on another machine.is any configuration is missing on client machine.both ldap server and client are configured on rhel4es without any firewall or selinux.
View 3 Replies
View Related
Apr 5, 2010
i have successful secure ldap replication but i could not make ldap client to direct its authentication to slave ldap
here is my config file on ldap client (i am not sure if it is the right place though)
ip : 192.168.1.183 is master ldap
ip : 192.168.1.185 is slave ldap
pico /etc/ldap/ldap.conf
#
# LDAP Defaults
code....
View 11 Replies
View Related
Sep 8, 2009
I installed CentOS 5.2 and then run yum update. I configured this server as LDAP/Samba primary domain controller. LDAP seems to be OK and for testing I am able to create users with:smbldap-tools useradd -am usernameI can ssh into the server as root and also as a Linux user which was locally created in the server. But ssh into the server as LDAP user fails (from a Fedora 11 machine) with "Permission denied, please try again", prompting again for password.Some data:
# rpm -qa | grep ldap
python-ldap-2.2.0-2.1
php-ldap-5.1.6-23.2.el5_3
[code]....
View 1 Replies
View Related
May 25, 2011
I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
Code:
AuthType Basic
AuthBasicProvider ldap anon
Order allow,deny
Allow from all
This part by itself works for the LDAP authentication:
Code:
AuthName "System Admins"
AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com
This part works by itself for guest access:
Code:
Anonymous guest
Anonymous_VerifyEmail Off
Anonymous_MustGiveEmail Off
Anonymous_LogEmail on
Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?
View 1 Replies
View Related
May 31, 2010
I'm trying to set up a Linux server and I am new to this. I have gone through most of the configuration using SAMBA 3.0 and when I populate the ldap directory all I get this error before the password request:
Then when I perform an ldapsearch to see if the directory is populated I get this message:
I'm positive all my .conf files are done right.
View 3 Replies
View Related
Nov 28, 2008
I'm checking with a sniffer and there's activity going on between the client and the LDAP server... as a matter of fact, the sniffer shows that the search is producing one ldap item, however, php says it can't contact the ldap server (after it has bound and everything):
The script is working beautifully on another host with debian.
View 7 Replies
View Related
Jun 21, 2011
I got sick to DEATH of Adobe AIR and TweetDeck screwing up constantly, and then Adobe announces there will be no more Adobe AIR for Linux. Fine, screw 'em, I'll switch to something else. So I hunt around for the options, most of which suck. Then I discover Choqok is already installed on my machine (11.4). Except the POS doesn't work.
To use it, I have to authenticate with my Twitter account. So I click Add, select Twitter, it pops up the dialog. I leave the alias as Twitter, click the authenticate with Twitter button. The Firefox icon pops up and bounces around - but Firefox is already running. So nothing happens! No Twitter access, no page loaded, nothing. I shut down Firefox, try it again. Same deal. As usual, no one bothered to test this POS software before releasing it. how to get this **** to authenticate to Twitter in the absence of ANY useful documentation for this junk?
View 7 Replies
View Related
Aug 9, 2010
why i can't login on the ldap-client via ldap, so here is a short description of my machines (i use openvz virtualising)I have on the HN (Debian Lenny) 2 VE's, which are in the same subnet (192.168.1.0/24)The first VE (Hostname: ldap1, IP: 192.168.1.91) is the ldap-server, which is so configured, that i can manage the server via phpldapadmin.The second VE (Hostname: ftp1, IP: 192.168.1.31) is the ldap-client, there should run a sftp-server in the future and the sftp-server(ssh-server) should use ldap-usernames to login. on the ftp1, i get with this command getent passwd the users configured on the ldap-server, but with the command id USERNAME the result is, that the user doesn't exist. (USERNAME is this name, i get returned by getent) and if i try to login via ssh, i get permission denied. and because the machines are openvz-virtual-machines, so i can't login on them like on a normal system, but a su USERNAME doesn't work too, because the user is not known on the system.
my installation:
i don't think, that the ldap-server is the problem, because the phpldapadmin and getent on ftp1 are working perfectly, but if you want, i can post the config here too. the VE ftp1 was configured with the following how-to: [URL] and pam is configured like in the chapter "PAM setup with pam_ldap" on [URL]
View 3 Replies
View Related
Dec 2, 2010
I've setup an Ubuntu 10.10 LDAP Client to authenticate off my LDAP server. I've install the following: sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nscd ldap-utils pam_ccreds Here's my /etc/nsswitch.conf: passwd: files ldap [NOTFOUND=return] db group: files ldap [NOTFOUND=return] db
[Code]...
View 9 Replies
View Related
