OpenSUSE Install :: LDAP Users Can't Login Gnome But Can With Kde?
Apr 11, 2011
I am switching to Gnome because its look and feel is closer to Windows for my workgroup. LDAP and NFS are working fine with KDE and SSH. but I cant login with LDAP users both directly or via NX client. When logging in directly on the server it shows this error:
Code:
"Xsession: Login for <user> is disabled "
When logging via NX client it says, it authenticated successfully and then quited with this popup message:
Code:
Could not connect to session bus: Failed to connect to socket /tmp/dbus-0frstajyNE: Connection refused
I closed this popup window and one more appeared:
Code:
Could not acquire name on session bus
I`am just trying to connect Samba with ldap to make it simpler for the users to log in. We have already attached squid, so by that we thought it would be easy to do the same with samba. I think we did something wrong with the ldap config for the os with is btw:
Quote: SUSE Linux Enterprise Server 11 (x86_64) VERSION = 11 PATCHLEVEL = 1 We added Quote: ldap admin dn = cn=xxx,o=xxx
In the past I found some great help on this forum, so here goes. Bare with me because it's a long story. I'll try to be as complete as possible. I've installed and configured OpenLdap on a virtual machine with ip 192.168.39.134. I've added 2 users via LAM. In the ou WikiUsers and the domain is wiki.local.
I've then created another host with ip 192.168.39.133 with mediawiki installed on it. Then I added the extension LDAPAuthenthication. In the LdapAuthentication file I added this code (only the last paragraph is mine, I added the others to show it's location in the script):
I know I'm close because I can't register any new users or accounts on the mediawiki site. Although I could before I added the LDAP service. This is indeed all just to test and get to know how LDAP works. That's why it's all virtual in VMWare. I did not really configure anything on the LDAP, i just installed it and chose a domain (wiki.local).
I am trying to deploy Kerberos and LDAP so users will be able to login in to a server on the edge of the LAN, and afterwards be able to establish a SSH connection to all the computers in that LAN without the need to type any passwords, and without the need for me to manage SSH keys [beside the SSH keys on the login server] and local user accounts.
1. When i create the users in OpenLDAP i use a template that i created by reading documentation from the Internet. In the template one piece of information that is neede is the UID. Is there any clever way the keep track of the numbers so i do not assign the same UID to two users, besides using a pen and paper?
2. For the users to be able to establish SSH connections between the computers, the host is going to be added to the keytab like this: ktadd host/client.example.com Is is possible to replace client with something genric so i do not need to mange these keytab files between the hosts?
3. Users will be logging on the the server on the edge of LAN by using SSH keys. How can i configure the setup so the users will recieve a ticket automatically when the logon without executing kinit and without entering a password, just by having a valid SSH key?
4. krb5kdc is running on all the network interfaces in the server i want it to only run on eth1, how can this be done?
when I get into the login page, I can only see the background and the login box in the middle of the page just turns whole white and keeps flashing. no response for any clicks. I was force to ctrl+alt+F1 to switch to init 1 to do my work. But I still want to use my graphical desktop either KDE or Gnome is ok. I am using gnome.
Last week my parents' PC conked out the day before I was due to leave the country, so in the few hours I had to try and knock up a solution, I set up a very old second machine in the house running openSUSE 11.3 with XFCE. I'd previously replaced the default login display manager with GDM, which evidently has various bugs. Aside from the cursor continually spinning around showing as busy, when I added a new user account for my parents, the login box showed two entries under my own name. It's only on hovering the mouse over the latter entry that my parents' username shows up. Anyway, I had to explain this and a million other quirks to them in a rush, but the system was all working and they managed to get me an email from it the following day.
Since then, however, when they reach the login screen they say there is just an image of a computer monitor, with the OS version and domain, but no usernames to choose from or other options anywhere, and hence they can find no way to login. I have no remote access to the machine and can only talk over the phone. I suggested a few key combos to see if anything happened, and they booted once in failsafe mode, but no luck.
What could have happened? Is there a key that would show the users again? Perhaps there's a way to get to a console login, but could they get back to a GUI easily after that? Unfortunately my parents are really not adept at these things and every instruction I give has to be repeated endlessly after which they usually get it wrong a couple of times first, so trying to do anything administrative or more clever than a few key presses or mouse clicks is going to be nigh on impossible. Running a live CD would be likely out of the question since they'd need to change the BIOS boot order first.
Description: I want to migrate all home directories and users from one webserver to another. The old server runs OpenSuSE 11.2 and the new one OpenSuSE 11.4. I appended only the userpart of the passwd file from the old server to the new one. I did the same with the shadow file and the group file. I checked the user rights for all three of them and they were ok (shadow 600). I have done such a migration before and at that time it worked fine. Now for the weird part:
Errors: At first it seemed everything was ok. Websites and webshops were visible and working correctly. At first ftp seemed to work fine. Login worked but when uploading files, the error messages appeared: permission denied. Further testing gave following results:
-Root and users can login on console with their old passwords.Root can create new users, but they can not login: some error message comes, but is unreadable since it stays too short on display. After that it prints hint: on a new line and on another new line it gives a new login prompt. Root and users can change user's password, but then they can not login anymore. The same unreadable error message appears. -Users can login with ftp, even after changing passwords(!) but can not change or add files var/log/messages only shows: uthentication failure twice.
Actions so far: Emptied /tmp reboot copied the users again from passwd and shadow checked UID's and GID's again googled a lot
The login screen does not accept the password for users. Only the password for Root. The problem is not in the command line, but check the password in the screen. I have tried to change the password from the root and it is still the problem. What I can do?
when users login in kde4 it shows kstartconf4 not found or failed error code 127. for both suse 11. 1 and suse 11.2 but kde3 works well I removed .kde etc it still failed
I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
Code:
AuthType Basic AuthBasicProvider ldap anon Order allow,deny Allow from all
This part by itself works for the LDAP authentication:
Anonymous guest Anonymous_VerifyEmail Off Anonymous_MustGiveEmail Off Anonymous_LogEmail on Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?
Now I have my ldap server doing authentication and providing autofs maps perfectly the next question ... is there a utility anywhere that will allow me to stuff 1200 users into the ldap server from a csv file
I've compiled openssh-5.4p1 on RHEL 4.8 with Openssl 0.9.8m + pam It works perfect without pam (pam-0.77-66), both with password and public key auth. Whith pam enabled and LDAP (openldap-2.4.21, from scratch) something strange happens: system users: I can do ssh with both password and public key LDAP users: public key works for remote users, still I cannot do ssh with just password. I'm trying a custom PAM configuration, because the default one (even with authconfig + LDAP ) blocks ssh even with system users.
I wanted to use ldap to create users on my machine.I got LDAP set up via yast, and it seems to work OK. But when I create a user via LDAP, the system doesn't seem to want to know.LDAP actually creates a home directory for the new user, but the system merely assigns it a UID and nothing else.I have access to another opensuse system which does not behave in this way. I.e. I can set up a user exclusively in LDAP and the system will recognise the new user no problem.I have compared the two ldap configurations to see if there's some magic "propagate LDAP users to Local users" setting, but this doesn't appear to exist
I'm having some trouble with Gnome's Login screen. What happens is that I type my username and password correctly, the login screen fades out and everything seems normal until the login screen appears again, I enter my username and password again and the login fades out only to appear again and again and again and so on.
Only the root user works with the login, and also if I use failsafe mode, then login in textmode and then use "startx" it works fine.
I've been searching in google and in this forum on how to change the default gnome login screen in OpenSuSE 11.2?Have read harindaka's thread (How to Downgrade GDM in openSuse 11.2 to one used in 11.1 - openSUSE Forums) but it seems there's no guide for changing the login screen.
I installed 11.3 last week and eventually got nvidia drivers working. I was quite happy how most things were progressing, then the temptation to upgrade to 11.4 got too much I upgraded today (online, not dvd) and everything went well. On rebooting the desktop came up as normal and all was good. I installed nvidia and got that working ok. I then installed Gnome-Shell and couldn't figure out how to get it working. I've been using Fedora recently and the Gnome-Shell option is available at Login. I then discovered the gnome-shell --replace terminal command and I tried it. It seemed to load ok, but as I had used the terminal, when I closed the terminal it seems like compiz crashed. I lost all windows borders and nothing was usable. I REISUB'd and started again. On reboot I got a CLI login prompt. After logging in I tried startx, to no avail. I then tried gdm start and got to the desktop again (not gnome-shell). I Alt+F2'd and ran gnome-shell --replace again and all was good - except no network I rebooted again, and got the CLI again. Went through it all again and tried to configure network (wireless) no good. I then connected an ethernet cable and tried again. That worked, but I'm not sure why - I didn't think anything was downloaded. Anyway wireless now works ok - even on reboot. However I'm still getting dumped to the CLI login on restarts.
I'm running openSUSE 11.4 32-bit. When I login to Gnome there is is no login sound. I was running 11.1 before and whenever I would login to Gnome I would hear a guitar login sound.
I installed CentOS 5.2 and then run yum update. I configured this server as LDAP/Samba primary domain controller. LDAP seems to be OK and for testing I am able to create users with:smbldap-tools useradd -am usernameI can ssh into the server as root and also as a Linux user which was locally created in the server. But ssh into the server as LDAP user fails (from a Fedora 11 machine) with "Permission denied, please try again", prompting again for password.Some data:
why i can't login on the ldap-client via ldap, so here is a short description of my machines (i use openvz virtualising)I have on the HN (Debian Lenny) 2 VE's, which are in the same subnet (192.168.1.0/24)The first VE (Hostname: ldap1, IP: 192.168.1.91) is the ldap-server, which is so configured, that i can manage the server via phpldapadmin.The second VE (Hostname: ftp1, IP: 192.168.1.31) is the ldap-client, there should run a sftp-server in the future and the sftp-server(ssh-server) should use ldap-usernames to login. on the ftp1, i get with this command getent passwd the users configured on the ldap-server, but with the command id USERNAME the result is, that the user doesn't exist. (USERNAME is this name, i get returned by getent) and if i try to login via ssh, i get permission denied. and because the machines are openvz-virtual-machines, so i can't login on them like on a normal system, but a su USERNAME doesn't work too, because the user is not known on the system.
my installation:
i don't think, that the ldap-server is the problem, because the phpldapadmin and getent on ftp1 are working perfectly, but if you want, i can post the config here too. the VE ftp1 was configured with the following how-to: [URL] and pam is configured like in the chapter "PAM setup with pam_ldap" on [URL]
It happens like 50% of my Suse 11.2 startups, when I type in my password at login screen and hit enter, Gnome do not start, i can only see the green blank screen,or sometimes it start to show only my custom wallpaper and nothing more, when i try ctrl+alt+backspacex2 and login again everything seems to work fine, but what could be wrong ? is it a hardware issue ? Moreover, sometimes when I want to shutdown my laptop and click the shutdown button, suse do logout, but instead of turning off the laptop , it brings me to login screen, clicking the shutdown button at login screen makes my hdd lamp blink and thats all.
This is my quest: i need to install a box with a proxy server where useres can login, register what those users have been doing on-line and generate a dailly activaty report... I have been googleing for days and so far a tried out zeroshell (no reports) and untangle (no login)...
I want to apply the same settings of Gnome among a group of users. I configured a "master"-user and exported his Gnome settings using
Code: gconftool-2 --dump > gnome_settings.xml For the other users, where the settings from the "master"-user shall apply, I did Code: gconftool-2 --load gnome_settings.xml
While most of the settings were set properly, I am missing the links for Firefox and OpenOffice in the panel which I had configured. How I can copy the Gnome settings from one user to another, including links to Firefox and OpenOffice in the main panel?
I took to yast to install ldap. I creating the CA cert, server key and server cert and specified them during the yast ldap server dialogs.
The firewall is open for ldap.
I also went through yast's ldap client ... though I didn't exactly see to anything (presuably it wrote up a configuration file somewhere).
However when trying use the basic ldap tools, like ldapwhoami. Well it doesn't connect and gives me the above error. Of coure the ldap db is unpopulated as yet, so it probably is not able to say who am at all. But ldapadd doesn't work either.
It seems to point to my SSL usage not being correct .. so I'm trying to double check that now.
how to add users to groups with ldap? Further, could someone point me towards some good command-line management tools? Creating each dn manually is going to get old real fast...
I have an Openldap server and many 9.10 servers using it to check for possible ssh users. No problems there. Just brought up my first 10.04 server and went through the same procedure to allow ldap users to ssh in, works great. The problem is that ldap users cannot su to root on the 10.04 server. Only locally defined users can su to root, though they cannot su to ldap users. The local root user can su to anyone. Quick overview of how I installed ldap login:
Code: # apt-get install libnss-ldap # echo "session required pam_mkhomedir.so skel=/etc/skel/" >> /etc/pam.d/common-session And added ldap to the end of these lines in /etc/nsswitch.conf:
This process has worked without a hitch on 9.10 dozens of times. So my question is, why are ldap and local users now incapable of using su across authentication mechanisms? For reference these are the error messages in /var/log/auth.log when trying to su to root from an ldap user:
Code: Jun 14 16:17:07 server unix_chkpwd[6560]: check pass; user unknownJun 14 16:17:07 server unix_chkpwd[6560]: password check failed for user (root) Jun 14 16:17:07 server su[6559]: pam_unix(su:auth): authentication failure; logname=ldapuser uid=2000 euid=2000 tty=/dev/pts/5 ruser=ldapuser rhost= user=root Jun 14 16:17:09 server su[6559]: pam_authenticate: Authentication failure Jun 14 16:17:09 server su[6559]: FAILED su for root by ldapuser And the auth.log for trying to su to an ldap user from a local one:
Code: Jun 14 17:18:18 server su[8473]: pam_unix(su:auth): authentication failure; logname=localuser uid=1000 euid=1000 tty=/dev/pts/0 ruser=localuser rhost= user=ldapuser Jun 14 17:18:18 server su[8473]: Successful su for ldapuser by localuserJun 14 17:18:18 server su[8473]: + /dev/pts/0 localuser:ldapuser Jun 14 17:18:18 server su[8473]: bad group ID `2000' for user `ldapuser': Operation not permitted
I'm using Sun One LDAP server, (Soon to be moving to openldap). I have one Master server, no slaves, about 60 user accounts.
I'd like to add an attribute to each of the users DN's to restrict there ability to login to specific hostnames. I.e. I have hosts A, B and C. Dev staff can access A and B, but not C, and support staff need to access all of them.
I found a link at [url] which talked about using 'hostsallowedlogin' and 'hostsdeniedlogin' attributes but I'm presuming these are bespoke. If they are, how do you configure the ldap.conf to take note of these attributes when authorizing access?
I have configured ldap on Debian5 and samba on another machine, all servers are running ok, but when i try to add users, it gives me an errror that "unknown user"
"Merging" may not be quite the right word but that is the desired end result.
Scenario: many Solaris 10 servers, each with various local users. We want to set up LDAP for all for all of them. LDAP server is set up, procedure for getting other servers to use it for user authentication is documented and tested. The question is how to handle users that are in LDAP who also exist as a local user on a given machine.
It appears that the usernames on both sides follow a convention and therefore match but obviously the userids will not match. Local user joe has userid 1234, LDAP user joe has userid 56789.
The way I see it we'll have to:
1. move local user joe's home directory to the path that LDAP user joe will want
2. change local user joe's userid to that of LDAP user joe
3. change joe's files' owner to his new userid
4. remove local user joe
5. finally configure LDAP
Is this a rational procedure? Is there a more effective method? I'm not looking forward to this as there are many servers and each of them have a different set of local users, each with different userids which will have to be handled manually and individually therefore not even scriptable much.
