OpenSUSE Network :: Ldap Authentication With TLS

Jan 24, 2011

I have created a CA on my server then created a server certificate under that then exported it as a common server certificate.I have then gone to my LDAP server and enabled TLS and told it to use the common server certificate.Now on my client I have enabled LDAP TLS/SSL and it's asking me to download a certificate ... from where ? Do I export the certificate to a file and put it on a web server.If so what format as the export offers loads.

View 1 Replies


ADVERTISEMENT

OpenSUSE Network :: Samba MS LDAP Authentication?

May 7, 2011

On this moment i configure a testenvironment with 1 Microsoft active directory server and 1 Opensuse 11 samba filesharing server. But i have a issue. The samba server is add to the domain and the servers can communicate with eachother. I can login to the domain on the samba server and the LDAP settings tab on yast2 samba configuration tool tell me that samba and the MS LDAP server can communicate with eachother. I can see the shares on the samba server but i can't autenticate myself. When i whant to logon than see i always "domain: domainname.local" and "access denied". My question is now how can i give the MS administrator account rights to view the shares and configure the rights for the other users.Samba config file

PHP Code:
[global]
workgroup = WIN-FVJBNQIJE9O@WOENSDRECHT.LOCAL

[code]....

View 1 Replies View Related

OpenSUSE Network :: Mounting NFS Shares According To LDAP Authentication?

Jan 18, 2011

I am posting this as I have tried several times to work this out. I have read article after article, post after post and tutorial after to tutorial to sort this issue. I have an Ubuntu 10.04 machine running as the LDAP and NFS server with two Opensuse 11.3 desktop machines. Both of the Opensuse machines can login using the LDAP server for authentication and this works fine. The server also exports the NFS Shares no problem but I am unable to mount the shares from the Opensuse machines. I have been using Yast, NFS Client to mount them.

Yast NFS Client can see the shares and lists them however when I apply the settings it states:

'Unable to mount entries in etc/fstab' I need to mount the shares according to the LDAP details as I want the users to be able to access their files no matter which machine they login at. Can anyone shed any light on the issue. Any help would be great and I would be enternally grateful as I am now beginning to pull my hear out slightly.

View 2 Replies View Related

General :: LDAP Network Centralize Authentication ?

May 15, 2011

I have more than 150 Linux desktop computer in my office IT setup.

I want to configure LDAP centralize network authentication for all the desktop computer.

My requirement is below mentioned.

The LDAP server will only authenticate the desktop computer at the log-in time when the user start computer.

The home directory of all the user should be create in their desktop local computer not in the LDAP server.

And flexibility of user log-in for every desktop. (any user can log-in any computer with his/her username and password)and the home directory will create automatically in the local desktop computer automatically the moment any user will log-in to any computer in the network and the LDAP server will authenticate for desktop-network log-in in to the computer.

View 1 Replies View Related

Server :: Config Ldap Client To Direct Its Authentication To Slave Ldap?

Apr 5, 2010

i have successful secure ldap replication but i could not make ldap client to direct its authentication to slave ldap

here is my config file on ldap client (i am not sure if it is the right place though)

ip : 192.168.1.183 is master ldap
ip : 192.168.1.185 is slave ldap
pico /etc/ldap/ldap.conf
#
# LDAP Defaults
code....

View 11 Replies View Related

Server :: Apache Authentication: Allow LDAP Group OR User Named Guest But Not All LDAP Users?

May 25, 2011

I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.

This is the common part:

Code:

AuthType Basic
AuthBasicProvider ldap anon
Order allow,deny
Allow from all

This part by itself works for the LDAP authentication:

Code:

AuthName "System Admins"
AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com

This part works by itself for guest access:

Code:

Anonymous guest
Anonymous_VerifyEmail Off
Anonymous_MustGiveEmail Off
Anonymous_LogEmail on
Require valid-user

But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?

View 1 Replies View Related

OpenSUSE Network :: Setup A LDAP Server Using The Yast-LDAP Server Configuration Tool

May 31, 2010

we have a weird problem with our opensuse 11.2 server installation.

We want to set up a LDAP Server using the Yast-LDAP Server configuriation tool.

This indeed already worked weeks ago until....this week.
Maybe some updates??!

I do not know what happend exactly. The server just does not want to start again and throws following error:

Starting ldap-serverstartproc: exit status of parent of /usr/lib/openldap/slapd: 1 failed

This happend after a little check of the configuration, but without a change, with Yast. Google delivered only "reinstall your box"-answers.

So.. i did that. And now the "mystical" part: The SAME ERROR occurs with a fresh vanilla system with a brand new and simple configuration (certificats, database, pw...the first Yast config dialog...). I did not change the way i set it up.

I remember, when i did this the first time with 11.2 on that machine, when no problems occured...everything was running out of the box (except the "use commen server certificate" option...).

View 4 Replies View Related

OpenSUSE Network :: Add User From LDAP?

Jan 1, 2011

how to add user to my opensuse 11.3 box from a ldap server ? I used useradd but can't log in with the ldap credentials .

View 1 Replies View Related

OpenSUSE Network :: Import Users Into Ldap?

Apr 16, 2010

Now I have my ldap server doing authentication and providing autofs maps perfectly the next question ... is there a utility anywhere that will allow me to stuff 1200 users into the ldap server from a csv file

View 4 Replies View Related

OpenSUSE Network :: Kerberos + LDAP With YaST?

May 26, 2011

In the OpenSUSE documentation I red this very exciting chapter Chapter 6. Network Authentication with Kerberos That mentions "Using LDAP and Kerberos" which combined with NFSv4 would give my office net functionality of a M$ Win network.

We are still on 11.2 (we have no win clients at all) and I was testing different setups of 11.4 in VM, but I can't get YaST to configure the LDAP with Kerberos setup (our current setup does not use Kerberos only LDAP). Unfortunately I could not find any meaningful HOWTO on how to do it in SuSE. The page in docs involves editing config files, but I would like to avoid this, because from my former experience with Samba, as it would mean I cannot use yast anymore and that is sad.

Is there a way to configure LDAP + Kerberos (in terms of issuing of krb tickets at login) with YaST?

PS: I basically need Kerberos for NFS and Intranet site.

View 5 Replies View Related

Ubuntu Installation :: Ldap Authentication On 10.04

Jun 23, 2010

I am trying to allow my freshly installed ubuntu 10.04 to authenticate with ldap. I did follow the doc https://help.ubuntu.com/community/LD...Authentication and some other hints with no success.My needs is just to use an ldap existing server (active directory in my site, but i wish to use it via ldap, not via samba/ winbind) to validate users on services using pam modules.After the package installation the command getent passwd retrieve just local users and I don't understand if my ubuntu client is not querying the server or the server reply with some message.

View 2 Replies View Related

Ubuntu :: Ldap Authentication Fails Using Uid

Sep 16, 2010

One I cant figure out is a problem of authentication. I'm using open ldap server and try to authenticate a groupware (simple groupware) against it. As it fails, I tested with a ldap client to understand things better. Using GQ ldap client, I 'm able to browse my ldap tree successfully and to search some args from the base DN i specified. but when entering the exact uid as a search string iI got no answer whereas searching the cn returns the correct entry (and display its related entry including the uid I can't find ..) Here is the only thing I can trace in logs (syslog) when trying to seach firstname.lastname (= uid)

[Code]....

View 1 Replies View Related

Fedora :: Can't Get LDAP Authentication Working On 13?

Jun 29, 2010

I'm trying to get LDAP working with 389 Directory Server on Fedora 13. I have the server all ready to go, and I can query it with the 389 console. But when I tried to move on to the next step, user authentication trough LDAP, it just won't work I followed the PAM Howto, but the given authconfig command doesn't work. If I manually add a user with the 389 console, I can't login with it.Since I had X11 forwarding working over SSH, I tried authconfig-gtk. I setup a SSL LDAP connection for this to work, but it still didn't work. I did have this working on my (now crashed ) Fedora 12 VM.

View 11 Replies View Related

Server :: Nconf Authentication With LDAP

Dec 9, 2010

I installed Nconf software on a Debian server.I am trying to configure Nconf Authentication with LDAP.I edited nconf's authentication.php file accordingly and I installed php5-ldap package.When i enter user-name and password in Nconf's login screen.

View 1 Replies View Related

Server :: How Many Applications Can Use With LDAP Authentication

Feb 9, 2011

I want to ask how many applications can we use with LDAP authentication

View 1 Replies View Related

Software :: LDAP Authentication (PAM) Via GroupOfNames?

Dec 28, 2009

I've added a new machine (desktop used by many users) to a network that uses LDAP (pam_ldap) for authentication. Can anyone post relevant configs to limit users by a groupOfNames? I've googled extensively and have found some partial comments, but no complete config examples or howto's.

The issue is as follows:

All users have one primary GID in their posixAccount entries, which is used to control access to the existing machines. So it's not really possible to change this. Now, I need to limit access to this new machine to a specific subset of users, all members of a specific groupOfNames. I can't seem to get pam_ldap to use a groupOfNames instead of a posixGroup.

View 1 Replies View Related

Software :: Slackware To Use LDAP Authentication

Jan 20, 2010

We have an LDAP server (OpenDirectory on Snow Leopard Server--OpenLDAP essentially) and I am trying to configure our slackware hosts to use that LDAP server as the authentication mechanism instead of NIS/YP as they currently do.How do I change it, and is it just as simple as changing /etc/nsswitch.conf?

View 11 Replies View Related

OpenSUSE Network :: Create A Backup Ldap Server?

Apr 27, 2010

We have a ldap server which has been running for a couple years now, and I was told to make a fallback / backup ldap server. So should the old one fail we won't be officially screwed.

View 1 Replies View Related

OpenSUSE Network :: Password Is Shortened On LDAP Environment?

May 15, 2010

I'm using SLES 10 SP3 with an OpenLDAP directory for user authentication. But every time I try to change the password, SLES tells me that it will be shortened to 8 charactes. I also set the susemaxpasswordlength to 30 within the LDAP. Also changing to MD5 for encryption doesn't fix it.

View 2 Replies View Related

OpenSUSE Network :: Sendmail LDAP Integration (failure)?

Jun 29, 2011

I'm trying to integrate sendmail and openLDAP together. I've followed the guide in O'Reilly's LDAP book and my lookups are good. I think my problem is virtual users. What I'm trying to accomplish is that if an email is sent to joe@host.tld and there is an entry in LDAP for joe then it'll be accepted. Right now, it'll only accept emails only for system users. Below is my sendmail.mc (most comments removed)

Code:
divert(-1)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
dnl ## I have a real one
define(`SMART_HOST', `my.smart.host')dnl
dnl #
define(`confDEF_USER_ID', ``8:12'')dnl

[Code]...

View 2 Replies View Related

Ubuntu Servers :: Proxy Authentication Against OS X LDAP

Jun 18, 2010

I've just installed Ubuntu Server for the first time with the goal as setting it up as a proxy server for our Apple computers here since I can get neither ISA of OS X Server's firewall to play properly. So far I have the machine authenticating against our OS X OpenLDAP server and multiple NIC's setup ready to be connected to the outside world. My question is does anyone have a preference on what proxy I should be using? So far my search efforts seem to of turned up Squid Proxy as a favorite among Ubuntu users but I can't seem to work out how to get it authenticating against my OpenLDAP server.

View 5 Replies View Related

Ubuntu Servers :: Fileserver Authentication To Ldap?

Mar 16, 2011

i am taking another stab at this. The last time i attempted it, it seemed like everyone had a different way to do it, but nobody could give me an answer on how to do it...

I currently have a Domain Controller Running sme server and a domain controller, using ldap as a backend. I have two file servers runing ubuntu 10.04. My overall goal is to have it so when i create a username on the domain controller, it is then automatically copied over to the fileservers. This way everyone will have their own username and password to access the fileservers and ill be able to track what people do on the fileservers.

The next necessity is for me to be able to apply permissions to the folders on the fileserver based on the users that are created on the domain controller.

View 2 Replies View Related

Ubuntu Servers :: LDAP Authentication For Web Access?

Aug 26, 2011

LDAP Authentication for Web Access I am trying to build a LDAP server to allow access to the wireless network in conjunction with Meraki wireless access points. I am using Ubuntu 10.10 and trying to install OpenLDAP from their documentation but I keep running into the error "configure: error: MozNSS not found - please specify the location to the NSPR and NSS header files in CPPFLAGS and the location to the NSPR and NSS libraries in LDFLAGS (if not in the system location)" I have OpenSSL installed but I also got these when I ran ./configure

checking openssl/ssl.h usability... no
checking openssl/ssl.h presence... no
checking for openssl/ssl.h... no
checking gnutls/gnutls.h usability... no

[code]....

View 1 Replies View Related

Networking :: Creating LDAP Directory For Authentication

Mar 4, 2010

I have installed openldap version 2.4.21 and configured with the help of the site [URL] and the LDAP address book is working fine. But I need to create an LDAP directory such that it will contain the user name and passwords for the users and when user is logging to any application he is authenticated from LDAP directory

e.g Users who need to browse the internet need to authenticate with username and password for access from the firewall (Juniper Netscreen) and similarly other applications like oracle ERP such that they will have only 1 username and password stored in LDAP directory and all other applications will search for the user name and password for authentication.

View 5 Replies View Related

General :: Authentication Failure In LDAP After Modification

Jun 3, 2011

I Configured LDAP Server on ubuntu Server 10.04 ,(using url ldap) and Client also it's working fine. After that I changed to ssl encryption and create certificate in server side. Now it's not authenticating from server it's shows Incorrect Password, but I can login though terminal if I am root user ,then it not ask any password it's logon to ldap user. After I changed to ldap server to ssl encryption and made one changes in client side uri ldaps://ip-address/ (/etc/ldap.conf).

View 3 Replies View Related

Server :: Dovecot Authentication Over TLS To LDAP Directory

Nov 12, 2010

I have Centos ( and Postfix+ldap+dovecot ) TLS works with Postfix and LDAP. When I open evolution mail client I can browse ldap tree and search for users, send-receive mails ...all fine

View 3 Replies View Related

Server :: LDAP-based Authentication For Samba - Help

Jul 25, 2010

Install and configure Samba as a primary domain controller with LDAP on Linux.i setup it step by step following article without error until step 10.i want to join windows client when press user name and password for domain then display message:The following error occurred attempting to join the domain BIGTIME:
The network path was not found.

View 3 Replies View Related

Server :: Open LDAP Authentication Probs

Feb 16, 2011

I'm having a pretty weird problem, and really have no idea where to begin in tracing and fixing it. But here goes.I'm running Ubuntu 10.10 on 2 machines, and have installed OpenLDAP as per the guide https://help.ubuntu.com/10.10/server...ap-server.html it all seemed to be going well having it installed and running on Server A, including authentication. So a few days later I decided to setup server B to be a slave replica. Which after a little bit of fiddling seems to working and keeping the records in sync.

Then I did an apt-get upgrade on server A. then my problem started.Basically getent passwd, only returns one entry from the LDAP and so does getent group.But a search of LDAP returns everything that's there.I've been comparing the config files between Server A and Server A for PAM etc, and everything is the same.but if I change ldap.conf on server A to point the uri ldap://server B/ and rerun getent passwd it returns all the users and getent group returns all the groups.I've compared the LDAP entries between Server A and Server B and they're staying in sync.It looks like it's more to do with ldap than the auth config if just changing the server fixes it, but as server A is the master LDAP server I'm really at a loss.

If getent was only returning local users it'd be something, but it's returning local + 1 LDAP user or 1 group. Which just seems weird.Any help would be greatly appreciated. I'm sure posting some logs would be helpful, but I have no idea which so if someone can let me know what extra info would be more helpful I'll post it back asap.

View 1 Replies View Related

Software :: Apache 2 And LDAP Authentication Unpredictable

Nov 4, 2010

I have an issue with Apache2 and ldap authentication. Here are the specs:
Linux 2.6.32-24-generic i686 GNU/Linux Ubuntu 10.04.1 LTS
Apache/2.2.14 (Ubuntu) PHP/5.3.2-1ubuntu4.5 with Suhosin-Patch configured

I have installed our site onto a newer server as we were previously running SLES 9.3. The site has installed correctly, however, It seems to be serving the pages a hell of a lot slower than SLES (eventhough the specs etc are much improved). The main problem seems to be with Ldap - sometimes taking 2 or 3 minutes before authenticating/serving the user - and sometimes one minute it works, another minute it doesn't! We know it's a problem specific to this Ubuntu machine, as the older server has no issues with ldap whatsoever. Also, sometimes the ldap authentication fails all together with a timeout, resulting in a 500 status code. I'm not sure whether this a problem with the apache config, the network settings or the server setup. We know ldap itself is fine.

Here's the /etc/apache2/sites-available/default config for ldap. Are these directives correct? (I know a lot of changes were made between apache2 and apache2.2 that may affect this config):
Code:
ScriptAlias /home/ "/var/www/cgi-bin/"
<Directory "/var/www/cgi-bin/">
AuthType Basic
AuthzLDAPAuthoritative On
AuthBasicProvider ldap
AuthName "Active Directory Authentication Required."
AuthLDAPURL "ldap://x.x.x.x:3268/DC=xxxxxx,DC=com?userPrincipalName?sub?(objectClass=*)" NONE
AuthLDAPBindDN "xxxxx@xxxx.com" AuthLDAPBindPassword xxxxxxxx
require valid-user Options +ExecCGI -Includes AllowOverride None
</Directory>

Here's some examples of some of the log messages we have been receiving:
1. This one occurs upto ten times in a row when the client is being authenticated:
Code:
[Thu Nov 04 12:47:19 2010] [debug] mod_authnz_ldap.c(377): [client x.x.x.x] [2892] auth_ldap authenticate: using URL ldap://x.x.x.x:3268/DC=xxxxxxx,DC=com?userPrincipalName?sub?(objectClass=*), referer: http://x.x.x.x/home/page

2. This is output when the authentication works:
Code:
[debug] mod_authnz_ldap.c(474): [client x.x.x.x] [2734] auth_ldap authenticate: accepting xxxxx@xxxx.xxxxx.com, referer: http://x.x.x.x/home/page

3. And this one is always output after the error above. This one is more interesting. What does this mean exactly? And why does it say 'declining to authorise' directly after saying 'accepting user@domain.com'? Surely this makes no sense:
Code:
[debug] mod_authnz_ldap.c(546): [client x.x.x.x] [2939] auth_ldap authorise: declining to authorise (no ldap requirements), referer: http://x.x.x.x/home/page

4. This one is output when the authentication attempt times out (after 10 outputs of error number 1):
Code:
[warn] [client x.x.x.x] [3165] auth_ldap authenticate: user xxxx@xxx.xxxxx.com authentication failed; URI /home/page [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server], referer: http://x.x.x.x/home/page

View 3 Replies View Related

CentOS 5 :: Ldap For Simple User Authentication?

Jun 22, 2010

I have a centos 5 system with openldap configured. I need openldap for simple user authentication. ie.. to be able to use it for authenticating it from remote applications and systems like mail clients...etc.

I was able to succefully install and configure openldap and ran a slaptest to verify the slapd.conf file for errors and found none. so now all i want to do is to add username and passwords to the ldap database.

iam just not sure what all objectClasses i need to use for Attributes uid and userPassword and what exactly should be the ldif file syntax for the above entries. I tried various sources but i do either get errors while adding or after adding do get errors trying to access it.

above all, iam able to access the ldap server from my phpldapadmin only as a anonymous user and not as a root user that i added as a first entry.

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved