Red Hat / Fedora :: Setting Up Openldap - Getting Invalid Credentials
May 10, 2011
I have just installed openldap on my Red Hat server and it is running:
[code]...
However when I try to add my first ldif file base.ldif, no matter how many time I enter in the correct password I get invalid credentials [root@server init.d]# ldapadd -D "cn=Manager,dc=mathcs.duq,dc=edu" -W -f /home/oberlanderm/base.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49) I have to be forgetting someting simple,
[code]....
View 8 Replies
ADVERTISEMENT
May 18, 2010
I'm trying to set up an OpenLDAP server on a clean install of 10.04 server (AMD64). Following the server guide [URL] I get down to the "Setting up ACL" step:
$ ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W oldDatabase=hdb oldAccess
This command fails with "ldap_bind: Invalid credentials (49)"
When I replace the dn with what it seems like it should be:
$ ldapsearch -xLLL -b cn=config -D cn=admin,dc=example,dc=com -W oldDatabase=hdb oldAccess
I get "No such object (32)"
I have a feeling this is because 10.04 no longer asks you for the admin username and password during the initial debconf (nor does dpkg-reconfigure).
I can continue through the guide using this form of the commands (which were used earlier in the Guide):
$ sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config olcDatabase=hdb olcAccess
But I'm a little concerned that I'm not able to properly use the admin user to make LDAP changes to the configuration. It also seems like the Server Guide ought to use the 'sudo ... -Y EXTERNAL' form of the commands throughout if cn=admin,cn=config isn't going to work.
View 5 Replies
View Related
Dec 3, 2010
M trying to install sendmail server on rhel6.i am having problem in setting up openldap.
following is slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include/etc/openldap/schema/corba.schema
include/etc/openldap/schema/core.schema
code....
but if i try to change ldap password it gives
ldap_bind: Invalid credentials (49) error
i was successfully able to restore my ldif file from old rhel 5.3 server on to rhel 6
View 14 Replies
View Related
Aug 1, 2010
I am setting up a LDAP server in Fedora 13 system. I did the installation of the packages of openldap-server, openldap-client and openldap-server-sql (beause I may use sql as backend, install first). However, when I did the setup check by command: dapadd -f stooges.ldif -xv -D "cn=StoogeAmin,o=stooges" -h 127.0.0.1 -w secret1
and always says: ldap_bind: Invalid credentials (49) I am using slapd.conf for test as below. I did check the password are same.
[Code]...
View 7 Replies
View Related
Feb 14, 2011
I followed the instructions here:
[URL]
This is on CentOS 5.5 with all the latest updates.
I changed rootdn and rootpw in /etc/openldap/slapd.conf with the info for my domain and with an encrypted password using slapcat.
Now when I try to use slapadd like so:
ldapadd -x -D "cn=admin,dc=domain,dc=com" -w passwd -f /tmp/base.ldif
I get the error: ldap_bind: Invalid credentials (49)
I feel like this is a pretty basic/default setup, I haven't changed anything else in /etc/openldap/slapd.conf but for some reason it's not authenticating using the rootpw and rootdn information that I've provided in the config file.
View 20 Replies
View Related
Oct 26, 2010
I just wanted to checkout samba. So, I installed on a CentOS 5.5 64bit server. The version I used is 3.5.6. I followed this guide. [URL]. LDAP is working good. When I use the following command: (net groupmap list) I am getting the error.
Code: [root@server1 samba]# net groupmap list
[2010/10/26 16:26:09.135901, 0] lib/smbldap.c:1151(smbldap_connect_system)
failed to bind to server ldap://127.0.0.1 / with dn="cn=root,dc=mtm,dc=testdomain,dc=com" Error: Invalid credentials
[2010/10/26 16:26:39.180063, 0] passdb/pdb_ldap.c:3448(ldapsam_setsamgrent)
ldapsam_setsamgrent: LDAP search failed: Time limit exceeded
[2010/10/26 16:26:39.180109, 0] passdb/pdb_ldap.c:3523(ldapsam_enum_group_mapping)
ldapsam_enum_group_mapping: Unable to open passdb I am sure that I have set the correct password in Code: smbpassword -w mypassword.
Also, I can login to the LDAP thourgh PHPLDAPAdmin with the same password and the bind cn.
Here is my smb.conf Code: # Global parameters
[global]
ldap ssl = off
nt acl support = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE
workgroup = TESTDOMAIN
netbios name = SERVER1
security = user
enable privileges = yes
#interfaces = 192.168.5.11
#username map = /etc/samba/smbusers
server string = Samba Server %v
#security = ads
encrypt passwords = Yes
#min passwd length = 3
#pam password change = no
#obey pam restrictions = No
# method 1:
#unix password sync = no
#ldap passwd sync = yes
# method 2:
unix password sync = yes
ldap passwd sync = no
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = "Changing *
New password*" %n
"*Retype new password*" %n
"
log level = 10
syslog = 0
log file = /var/log/samba/log.%U
max log size = 50
time server = Yes
#socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
logon script = logon.bat
logon drive = H:
logon home =
logon path =
domain logons = Yes
domain master = Yes
os level = 65
preferred master = Yes
wins support = yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=root,dc=mtm,dc=testdomain,dc=c om
#ldap admin dn = cn=samba,ou=DSA,dc=company,dc=c om
ldap suffix = dc=mtm,dc=testdomain,dc=c om
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
#ldap idmap suffix = ou=Idmap
add user script = /usr/sbin/smbldap-useradd -m "%u"
#ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
# printers configuration
#printer admin = @"Print Operators"
load printers = Yes
create mask = 0640
directory mask = 0750
#force create mode = 0640
#force directory mode = 0750
#nt acl support = No
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
show add printer wizard = yes
; to maintain capital letters in shortcuts in any of the profile folders:
preserve case = yes
short preserve case = yes
case sensitive = no
[netlogon]
path = /home/netlogon/
browseable = No
read only = yes
[profiles]
path = /home/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles
#force user = %U
# next line allows administrator to access all profiles
#valid users = %U "Domain Admins"
[printers]
comment = Network Printers
#printer admin = @"Print Operators"
guest ok = yes
printable = yes
path = /home/spool/
browseable = No
read only = Yes
printable = Yes
print command = /usr/bin/lpr -P%p -r %s
lpq command = /usr/bin/lpq -P%p
lprm command = /usr/bin/lprm -P%p %j
# print command = /usr/bin/lpr -U%U@%M -P%p -r %s
# lpq command = /usr/bin/lpq -U%U@%M -P%p
# lprm command = /usr/bin/lprm -U%U@%M -P%p %j
# lppause command = /usr/sbin/lpc -U%U@%M hold %p %j
# lpresume command = /usr/sbin/lpc -U%U@%M release %p %j
# queuepause command = /usr/sbin/lpc -U%U@%M stop %p
# queueresume command = /usr/sbin/lpc -U%U@%M start %p
[print$]
path = /home/printers
guest ok = No
browseable = Yes
read only = Yes
valid users = @"Print Operators"
write list = @"Print Operators"
create mask = 0664
directory mask = 0775
[public]
path = /tmp
guest ok = yes
browseable = Yes
writable = yes
View 2 Replies
View Related
Jul 28, 2010
I just tried to build my own samba/ldap server on opensuse 11.3 and i am continuously getting an invalid credentials error when doing the smbpasswd -a command. Below are my smb and ldap files.
smb.conf
# Primary Domain Controller smb.conf
# Global parameters
[global]
unix charset = utf8
workgroup = MERCDOMAIN
netbios name = mercserver
passdb backend =ldapsam:"ldap://mercserver.mercdomain.com"
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 0
#name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel '%u'
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
logon script = logon.bat
logon path = \mercserverprofiles\%u
logon drive = H:
domain logons = Yes
domain master = Yes
wins support = Yes
# peformance optimization all users stored in ldap
ldapsam:trusted = yes
ldap suffix = dc=mercdomain,dc=com
ldap machine suffix = ou=Computers,ou=Users
ldap user suffix = ou=People,ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=Manager,dc=mercserver,dc=com
ldap ssl = off
idmap backend = ldap://127.0.0.1
idmap uid = 10000-20000
idmap gid = 10000-20000
printer admin = root
printing = cups
# = Share Definitions =
[homes]
comment = Home Directories
valid users = %S
browseable = yes
writable = yes
create mask = 0600
directory mask = 0700
[sysvol]
path = /home/data/samba/sysvol
read only = no
[netlogon]
comment = Network Logon Service
path = /home/data/samba/sysvol/vavai.net/scripts
writeable = yes
browseable = yes
read only = no
[profiles]
path = /home/data/samba/profiles
writeable = yes
browseable = no
read only = no
create mode = 0777
directory mode = 0777
[Documents]
comment = share to test samba
path = /home/data/documents
writeable = yes
browseable = yes
read only = no
valid users = "@Domain Users"
slapd.conf
UW PICO 5.04 File: /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba3.schema
modulepath /usr/lib/openldap/modules/
# moduleload back_bdb.la
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
# Samba Primary Database mercdomain.com
database bdb
suffix "dc=mercdomain,dc=com"
directory /var/lib/ldap
rootdn "cn=Manager,dc=mercdomain,dc=com"
rootpw merc84
index entryCSN eq
index entryUUID eq
#access to attrs=userPassword,sambaLMPassword,sambaNTPassword
# by self write
# by dn="cn=Manager,dc=mercdomain,dc=com" write
# by * auth
#access to *
# by dn="cn=Manager,dc=mercdomain,dc=com" write
# by * read
# Indices to maintain
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
ldap.conf
UW PICO 5.04 File: ldap.conf # LDAP Master
host mercserver.mercdomain.com
base dc=mercdomain,dc=com
binddn cn=Manager,dc=mercdomain,dc=com
bindpw merc84
bind_policy soft
pam_password exop
nss_base_passwd ou=People,ou=Users,dc=mercdomain,dc=com?one
nss_base_shadow ou=People,ou=Users,dc=mercdomain,dc=com?one
nss_base_passwd ou=Computers,ou=Users,dc=mercdomain,dc=com?one
nss_base_shadow ou=Computers,ou=Users,dc=mercdomain,dc=com?one
nss_base_group ou=Groups,dc=mercdomain,dc=com?one
ssl no
View 1 Replies
View Related
Dec 14, 2009
I am setting up a cluster of servers which use Centos Directory Server for control of logins, etc and kerberos for authentication. The basic setup is working fine, I have been able to manually create accounts using the directory console and these accounts seem to work. Now what I want to do is automate the process of creating new accounts. I am writing a perl script which can be run by one of the server administrators, they supply a small number of arguments and it should create a new user in the directory server, and also create a principal in the kerberos.
I want them to be able to do this using their logged-in kerberos credentials, i.e., without having to enter and re-enter their passwords. My first attempt was to use perl modules Net::LDAP and Authen::SASL. I could not get this working so fell back to using ldap command line tools, but even these I cannot seem to get working! When using mozldap tools, as specified in the admin manual, I get the following:
$ /usr/lib64/mozldap/ldapmodify -h ldaphost.mycompany.com -D uid=eharmic,ou=mydept,dc=mycompany -o mech=GSSAPI -o authid=eharmic < ../ldapmod.txt
Bind Error: Invalid credentials
Bind Error: additional info: SASL(-14): authorization failure:
Using openldap tools I strike exactly the same problem:
$ ldapmodify -Y GSSAPI -H LDAP://ldaphost.mycompany.com -D uid=eharmic,ou=mydept,dc=mycompany -U eharmic < ../ldapmod.txt
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-14): authorization failure:
I believe I have set up the mapping correctly:
dn: cn=MyMapping,cn=mapping,cn=sasl,cn=config
objectClass: top
objectClass: nsSaslMapping
cn: MyMapping
nsSaslMapRegexString: ^(.+)@MYCOMPANY.COM
nsSaslMapBaseDNTemplate: ou=mydept,dc=mycompany
nsSaslMapFilterTemplate: (uid=1)
It must be getting reasonably far because after doing the above I can see the LDAP service ticket in my "klist" output.
View 2 Replies
View Related
Feb 8, 2011
Anyone out there having expirience with iFolder. I've used the following tutorial: [URL] to install it. I used libflaim as a database (no LDAP). All web interfaces work well (admin, ifolder). I can create users and make folders. But when I try to login with a desktop client (windows or linux) I get an error message invalid credentials and this message in Simias.log:
[Code]...
View 6 Replies
View Related
Oct 30, 2009
I installed openLdap on a debian machine for some testing. I followed the instructions here. [URL] Now when I try to do any thing it prompt me for password Which I do remember correctly. However it comes back with error.
Code:
~# ldapsearch cn=admin
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
View 1 Replies
View Related
Feb 15, 2011
I am setting a ldap server by reffering [URL] and getting following error in step #12
[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/adminmart.com.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
I am using RHEL 5.5.
View 4 Replies
View Related
Jun 23, 2010
I am using fedora 13. when i restart network service then following error.
View 3 Replies
View Related
Jan 24, 2011
configuring single signon using ldap
View 1 Replies
View Related
Jan 24, 2011
Setting up a single signon using ldap server ?
View 1 Replies
View Related
Jun 8, 2010
Code:
$ su -c 'yum install wine'
this forum won't let me put all the text in Transaction Check Error: package openldap-2.4.21-6.fc13.x86_64 (which is newer than openldap-2.4.21-4.fc13.i686) is already installed package nss-softokn-freebl-3.12.4-19.fc13.x86_64 (which is newer than nss-softokn-freebl-3.12.4-17.fc13.i686) is already installed
View 4 Replies
View Related
Oct 27, 2010
I'm following the tutorial at [URL] to set up openldap on maverick. However, when I try to do
[Code]....
View 2 Replies
View Related
Aug 23, 2011
I can't forward my kerberos credentials to a computing resource before connecting to the resource for which I have kerberos credentials. In other words, from my machine at work I obtain my ticket with kinit -f to a computing facility off in some lab somewhere.
Then, I want to ssh to another machine in another department (I don't have control over the krb5.conf file or this would have been easy) where I work. It is on this machine I want to be able to ssh,scp, etc to this far off lab. I've tried several options around this barrier, but I'm a total failure thus far. I checked that GSSAPIAuthentication is set to yes.
[Code]...
View 2 Replies
View Related
May 27, 2011
I was trying to find documentation on how to add an a new object into openldap, however I can not seam to find a good walk through.
Just so everyone knows what I'm trying to do, I need to add a new object called bannerid, this bannerid is a unique id that will help me find student accounts in my openldap directly much quicker.
View 2 Replies
View Related
Jun 8, 2009
I am planning to deploy an OpenLDAP server in my LAN for basic authentication, but I have no idea how to do it. I would like to know how to configure an OpenLDAP Server, and I would also like to know about knowledge resources, if any.
View 3 Replies
View Related
Nov 30, 2009
After installing F11, I installed OpenLdap with the command "yum -y install openldap*" And added the password obtained through the command "slappasswd -s password -h {MD5}" into /etc/openldap/slapd.conf. Also, I specified the domain information within the file on "suffix" and "rootdn". I also modified the domain name in both /etc/openldap/ldap.conf and /etc/ldap.conf. I copied the Copied the /usr/share/doc/openldap-servers-2.4.15/DB_CONFIG.example to /var/lib/ldap/DB_CONFIG. Then started the server with the command /etc/rc.d/init.d/ldap start I then was able to create and delete OU's and CN's with the help of ldapadd and ldapdelete. I also created PERSON records using the base.ldif file with the content ;
dn: cn=user1, ou=domain, dc=example, dc=com
objectClass: person
cn: user1
sn: user1
Everything is OK until I try to add a person with an email address in the "mail" attribute. The error message is ;
***************************
adding new entry "cn=user1, ou=domain, dc=example, dc=com
ldap_add: Object class violation (65)
additional info: attribute 'mail' not allowed
***************************
This error message is appearing also with "uid" attribute. I have searched some forums and found some suggestions to include the line
"include /etc/openldap/schema/inetorgperson.scheme" in the file /etcopenldap/slapd.conf, which is already in.
View 1 Replies
View Related
Mar 27, 2010
I need quick configuration guide to configure openldap 2.4 on Fedora 12 or Ubuntu 9.04.
View 1 Replies
View Related
Jan 29, 2010
I am using Fedora12. I installed the following packages:
openldap-servers-2.4.19-1.fc12.x86_64
openldap-clients-2.4.19-1.fc12.x86_64
openldap-2.4.19-1.fc12.x86_64
db4-4.7.25-13.fc12.x86_64
Where should I dig, what I'm doing wrong ?
View 7 Replies
View Related
Aug 27, 2011
A time ago I've been trying to implement a PDC linux server with Samba and Openldap for centralized authentication for windows and linux clients, but I can NOT get it. So I read somewhere that there is another option called Directory Server and maybe that is possible to do. According to your experience do you recommend any 'how to' or 'tutorial' that will permit implement a PDC server for authenticating and sharing files and printers for windows and linux clients?
View 2 Replies
View Related
Aug 17, 2010
I would like to remove openldap from my Centos home-server..
Centos offers me:
Quote:
Removing:
openldap i386 2.3.43-12.el5_5.2 installed 592 k
openldap x86_64 2.3.43-12.el5_5.2 installed 598 k
[Code]...
..obviously I'll not remove openldap by this operation.. but my question is: there is another way to remove a single package with yum without "consequences"?
View 4 Replies
View Related
Sep 20, 2010
I installed Debian 5.03 Lenny successfully on my machine. I got this error during boot: ACPI : invalid PBLK length [5]. After that the Operating System boots properly and starts normally. What does this error statement mean? Is it safe to work with this installation despite this error?
View 1 Replies
View Related
May 21, 2010
I've setup an openldap server, and am trying to add .ldif files to the database.
I am constantly getting the following error, no matter what I do:
View 18 Replies
View Related
Feb 10, 2011
Trying simply to insert into table. Have succeeded in doing this but now want to correct user use of invalid characters. If I'm understanding correctly, Real-escape-string seems to correct these, so I've been trying to figure out how to use it. A short, test code version gives me a syntax error at INSERT VALUES, which--because it still has the single quotes in the text--tells me the real-escape-string didn't work. The code below gives me a parseing error with invalid $END at </body>.
Insert Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' VALUES (UTC_TIMESTAMP,'What's happen' bra?')' at line 1 Parse error: syntax error, unexpected $end in /home/powere15/public_html/DB/exercises_insert_record.php on line 94
<html><head><title>Exercise Catalog Insert Record</title></head>
<body>
<?
/* Change db and connect values if using online */
[Code]....
View 2 Replies
View Related
Jun 19, 2011
I host a number of sites and recently migrated to a new server (both old and new are running Ubuntu 10.04 [I only upgrade my web server when there is a new LTS release]). After the migration, Wordpress is asking for ftp credentials to update plugins, which it never used to do. I'm certain this is user/group/permissions related, but because of the new setup, I'm not sure what these should be set to.
On the previous server, each site was a subdirectory of /var/www/ and everything was owned by www-data. This wasn't the best setup, since it meant my users didn't have direct access to their own sites. In the new setup, each page I host is in /home/username/www/. Consequently, all the files are owned by 'username'.
My guess is that Wordpress' request for ftp credentials stems from a conflict between the apache2 user and the usernames that own the sites. Is this accurate? If so, how do I rectify this?
View 4 Replies
View Related
Oct 12, 2010
I have some important cgi files run on top of Apache inside cgi-bin directory.My requirement is to once user try to access the cgi file authenticate using Active Directory username/password. If user enter the correct domain credentials only user aloow access to the page in any time user trying to access otherwise not. I configured this using htaccess and htpasswd.But in this case I need to manually configure username/password for htpasswd file. Instead of this I want to authenticate with the Active Directory.
View 1 Replies
View Related
May 2, 2011
I have installed a Samba Server (Ubuntu 10.10 Server) detailed config below. The server is up and running but clients running windows 7 cannot connect as their credentials are not accepted. The pop window for credentials keep coming back up on the clients and no connection is issued. I have tried to change the policies on windows 7 as such:
Network security: LAN Manager authentication level Send LM & NTLM responses
Minimum session security for NTLM SSP
Disable Require 128-bit encryption
But to no avail. I am in doubt as far as where the issue is coming from. Meaning is it coming from my Samba conf or something in Windows I am not doing right.
[global]
server string = %h server (Samba, Ubuntu)
interfaces = 192.168.178.0/24, eth0
bind interfaces only = Yes
[code]....
View 6 Replies
View Related
