On this moment i configure a testenvironment with 1 Microsoft active directory server and 1 Opensuse 11 samba filesharing server. But i have a issue. The samba server is add to the domain and the servers can communicate with eachother. I can login to the domain on the samba server and the LDAP settings tab on yast2 samba configuration tool tell me that samba and the MS LDAP server can communicate with eachother. I can see the shares on the samba server but i can't autenticate myself. When i whant to logon than see i always "domain: domainname.local" and "access denied". My question is now how can i give the MS administrator account rights to view the shares and configure the rights for the other users.Samba config file
I have created a CA on my server then created a server certificate under that then exported it as a common server certificate.I have then gone to my LDAP server and enabled TLS and told it to use the common server certificate.Now on my client I have enabled LDAP TLS/SSL and it's asking me to download a certificate ... from where ? Do I export the certificate to a file and put it on a web server.If so what format as the export offers loads.
I am posting this as I have tried several times to work this out. I have read article after article, post after post and tutorial after to tutorial to sort this issue. I have an Ubuntu 10.04 machine running as the LDAP and NFS server with two Opensuse 11.3 desktop machines. Both of the Opensuse machines can login using the LDAP server for authentication and this works fine. The server also exports the NFS Shares no problem but I am unable to mount the shares from the Opensuse machines. I have been using Yast, NFS Client to mount them.
Yast NFS Client can see the shares and lists them however when I apply the settings it states:
'Unable to mount entries in etc/fstab' I need to mount the shares according to the LDAP details as I want the users to be able to access their files no matter which machine they login at. Can anyone shed any light on the issue. Any help would be great and I would be enternally grateful as I am now beginning to pull my hear out slightly.
Install and configure Samba as a primary domain controller with LDAP on Linux.i setup it step by step following article without error until step 10.i want to join windows client when press user name and password for domain then display message:The following error occurred attempting to join the domain BIGTIME: The network path was not found.
Making a Samba Server with LDAP authentication. Will post as I go along. Found these sources, anything/hiccups I should know before jumping in? Figure would follow the official documentation then check the others for comparative errors.
I have been able to accomplish my goal of creating an AD-like authentication using LDAP,SAMBA and LAM. From what I have seen you can have this type of setup but it doesn't allow the passing of group policies to the desktops of the users.
I maintain a samba PDC for a small business, our current setup does not work very well; on a hardware upgrade I directled imported the old ldap database and attempting to add machines to the domain causes all sorts of trouble.
I'm 95% sure the original database (which predates my employment) was created using the idealx smb-ldap tools, unfortunately on our current platform (debian lenny) these tools seem to be broken; the only things hey seem to do reliably are set passwords and add posix users, asking them to do anything involving samba/windows causes errors. The idealx tools seem to be abandoned, and I don't know enough perl to try and fix them.
Since the idealx scripts seem to be abandoned, and most of the good samba+ldap how-tos references the idealx tools, I was wondering what people use nowadays to manage there ldap directories; surely they aren't importing .ldif files to add new users/machines like I've been doing. Are people just writing thier own management scripts/web-apps? Or are the smb=ldap tools just broke on debian?how to generate the NT/LM password hashes and proper SIDs, does anybody have anything they could point me to about this?
how to make a new Ubuntu 9.10 box use our LDAP/Samba server for user authentication. Our Red Hat and Windows machines all use it just fine. I've been trying to use the auth-client-config and libnss-ldap packages for this purpose, but I must be missing something. I'm pretty green with LDAP, so this is my first time diving in... Is there a good How-To or step-by-step read on this? All of my searches lead me to setting up Ubuntu as the server, and that isn't what I want. I've also tried the steps listed in [URL] for the LDAP Authentication section.
I have more than 150 Linux desktop computer in my office IT setup.
I want to configure LDAP centralize network authentication for all the desktop computer.
My requirement is below mentioned.
The LDAP server will only authenticate the desktop computer at the log-in time when the user start computer.
The home directory of all the user should be create in their desktop local computer not in the LDAP server.
And flexibility of user log-in for every desktop. (any user can log-in any computer with his/her username and password)and the home directory will create automatically in the local desktop computer automatically the moment any user will log-in to any computer in the network and the LDAP server will authenticate for desktop-network log-in in to the computer.
I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
Code:
AuthType Basic AuthBasicProvider ldap anon Order allow,deny Allow from all
This part by itself works for the LDAP authentication:
Anonymous guest Anonymous_VerifyEmail Off Anonymous_MustGiveEmail Off Anonymous_LogEmail on Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?
I installed CentOS 5.2 and then run yum update. I configured this server as LDAP/Samba primary domain controller. LDAP seems to be OK and for testing I am able to create users with:smbldap-tools useradd -am usernameI can ssh into the server as root and also as a Linux user which was locally created in the server. But ssh into the server as LDAP user fails (from a Fedora 11 machine) with "Permission denied, please try again", prompting again for password.Some data:
we have a weird problem with our opensuse 11.2 server installation.
We want to set up a LDAP Server using the Yast-LDAP Server configuriation tool.
This indeed already worked weeks ago until....this week. Maybe some updates??!
I do not know what happend exactly. The server just does not want to start again and throws following error:
Starting ldap-serverstartproc: exit status of parent of /usr/lib/openldap/slapd: 1 failed
This happend after a little check of the configuration, but without a change, with Yast. Google delivered only "reinstall your box"-answers.
So.. i did that. And now the "mystical" part: The SAME ERROR occurs with a fresh vanilla system with a brand new and simple configuration (certificats, database, pw...the first Yast config dialog...). I did not change the way i set it up.
I remember, when i did this the first time with 11.2 on that machine, when no problems occured...everything was running out of the box (except the "use commen server certificate" option...).
So far I've been able to get Samba to connect to the my WORKGROUP and I can see my Vista PC as well as my 3 hdd's but when I try and open the folder, any folder, C$; D$; or E$ I'm confronted with a user name and
password prompt. No user name or password combination that's associated with either machine, openSUSE or Vista will grant me access. Why am I seeing this prompt and what I would really like to know is can it be
disabled all together? Otherwise, what user name and password does Suse want? Do I need to tell Suse in a terminal a user name and password?
Now I have my ldap server doing authentication and providing autofs maps perfectly the next question ... is there a utility anywhere that will allow me to stuff 1200 users into the ldap server from a csv file
In the OpenSUSE documentation I red this very exciting chapter Chapter 6. Network Authentication with Kerberos That mentions "Using LDAP and Kerberos" which combined with NFSv4 would give my office net functionality of a M$ Win network.
We are still on 11.2 (we have no win clients at all) and I was testing different setups of 11.4 in VM, but I can't get YaST to configure the LDAP with Kerberos setup (our current setup does not use Kerberos only LDAP). Unfortunately I could not find any meaningful HOWTO on how to do it in SuSE. The page in docs involves editing config files, but I would like to avoid this, because from my former experience with Samba, as it would mean I cannot use yast anymore and that is sad.
Is there a way to configure LDAP + Kerberos (in terms of issuing of krb tickets at login) with YaST?
PS: I basically need Kerberos for NFS and Intranet site.
I am trying to allow my freshly installed ubuntu 10.04 to authenticate with ldap. I did follow the doc https://help.ubuntu.com/community/LD...Authentication and some other hints with no success.My needs is just to use an ldap existing server (active directory in my site, but i wish to use it via ldap, not via samba/ winbind) to validate users on services using pam modules.After the package installation the command getent passwd retrieve just local users and I don't understand if my ubuntu client is not querying the server or the server reply with some message.
One I cant figure out is a problem of authentication. I'm using open ldap server and try to authenticate a groupware (simple groupware) against it. As it fails, I tested with a ldap client to understand things better. Using GQ ldap client, I 'm able to browse my ldap tree successfully and to search some args from the base DN i specified. but when entering the exact uid as a search string iI got no answer whereas searching the cn returns the correct entry (and display its related entry including the uid I can't find ..) Here is the only thing I can trace in logs (syslog) when trying to seach firstname.lastname (= uid)
I'm trying to get LDAP working with 389 Directory Server on Fedora 13. I have the server all ready to go, and I can query it with the 389 console. But when I tried to move on to the next step, user authentication trough LDAP, it just won't work I followed the PAM Howto, but the given authconfig command doesn't work. If I manually add a user with the 389 console, I can't login with it.Since I had X11 forwarding working over SSH, I tried authconfig-gtk. I setup a SSL LDAP connection for this to work, but it still didn't work. I did have this working on my (now crashed ) Fedora 12 VM.
I installed Nconf software on a Debian server.I am trying to configure Nconf Authentication with LDAP.I edited nconf's authentication.php file accordingly and I installed php5-ldap package.When i enter user-name and password in Nconf's login screen.
I've added a new machine (desktop used by many users) to a network that uses LDAP (pam_ldap) for authentication. Can anyone post relevant configs to limit users by a groupOfNames? I've googled extensively and have found some partial comments, but no complete config examples or howto's.
The issue is as follows:
All users have one primary GID in their posixAccount entries, which is used to control access to the existing machines. So it's not really possible to change this. Now, I need to limit access to this new machine to a specific subset of users, all members of a specific groupOfNames. I can't seem to get pam_ldap to use a groupOfNames instead of a posixGroup.
We have an LDAP server (OpenDirectory on Snow Leopard Server--OpenLDAP essentially) and I am trying to configure our slackware hosts to use that LDAP server as the authentication mechanism instead of NIS/YP as they currently do.How do I change it, and is it just as simple as changing /etc/nsswitch.conf?
We have a ldap server which has been running for a couple years now, and I was told to make a fallback / backup ldap server. So should the old one fail we won't be officially screwed.
I'm using SLES 10 SP3 with an OpenLDAP directory for user authentication. But every time I try to change the password, SLES tells me that it will be shortened to 8 charactes. I also set the susemaxpasswordlength to 30 within the LDAP. Also changing to MD5 for encryption doesn't fix it.
I'm trying to integrate sendmail and openLDAP together. I've followed the guide in O'Reilly's LDAP book and my lookups are good. I think my problem is virtual users. What I'm trying to accomplish is that if an email is sent to joe@host.tld and there is an entry in LDAP for joe then it'll be accepted. Right now, it'll only accept emails only for system users. Below is my sendmail.mc (most comments removed)
Code: divert(-1)dnl include(`/usr/share/sendmail-cf/m4/cf.m4')dnl VERSIONID(`setup for linux')dnl OSTYPE(`linux')dnl dnl ## I have a real one define(`SMART_HOST', `my.smart.host')dnl dnl # define(`confDEF_USER_ID', ``8:12'')dnl
