Security :: MS Supplicant To Work With Freeradius And LDAP Backend?
Jan 13, 2011
I have been battling with FreeRadius with LDAP backend and Microsofts built-in supplicant. I found on some directions that the certificate you use have to have a EKU(Enhanced Key Usage) with an ODI of 1.3.6.1.5.5.7.3.1 and a Client side Cert with the same except a ODI of 1.3.6.1.5.5.7.3.2. First off, is this still the case in Windows 7/xp?If it is, how do I add that to a certificate with OpenSSL, FYI I am using the ca.cnf/server.cnf under the /etc/raddb/certs directory.Another question, has anyone got the MS Supplicant to work with Freeradius and a LDAP backend? If so can you point me in the direction of some good walk through?
View 1 Replies
ADVERTISEMENT
Jun 5, 2010
using the LDAP as storage of hostnames/IPs/MACs for the DHCP server on CentOS.Also once the IP is allocated via DHCP to the hosts,it would be useful to insert such host into the DNS. (BIND? dnsmasq?)I've found this link [URL] which deals with a patch for the ISC DHCP package, but I don't think this is actually up-to-date.
View 1 Replies
View Related
Jun 9, 2011
I've tried to followed exactly the steps in:
[URL]
on how to setup Samba PDC w/ LDAP backend. I've reach far up to page two of the tutorial. However I'm stucked in the middle of the part of page two:
[URL]
in the part of the Start the LDAP Samba installation up and I should type the :
#useradd user1
#smbldap-useradd -a -G 'Domain Users' -m -s /bin/bash -d /home/user2 -F "" -P user1
I get this error:
Error looking for next uid in sambaDomainName=sambaDomain,dc=DOMAINNAME:No such object at /usr/lob/perl5/vendor_perl/5.8.8/smbldap_tools.pm line 1194.why does this appear, Is there any configurations missing?
View 1 Replies
View Related
Jun 14, 2011
I run an 11.04 Server with Bind9, DHCP, Apache 2 PHP5, PostgreSQL8.4 and would like to install an FreeradiusServer. After I downloaded the packages with code...
View 1 Replies
View Related
Nov 29, 2010
I want to install GTK+. I see there are also numerous dependencies, which i've been slowly tackling, and the Cairo package has been particularly difficult. It claims the following upon ./configure --prefix=/usr configure: WARNING: Could not find libpng in the pkg-config search path checking whether cairo's PNG backend could be enabled... no configure: error: requested PNG backend could not be enabled I've done some searching and found that libpng.pc is in my /usr/lib/pkgconfig/ directory and that the following commands don't do the trick:
PKG_CONFIG_PATH=/usr/lib/pkgconfig
export PKG_CONFIG_PATH
View 1 Replies
View Related
Mar 9, 2010
i installed yumex:yum -y install yumex, when i start yumex it came with this error:fatal error:backend-not-running backend not running as expected (yumex will close) how can i solve it?
View 10 Replies
View Related
Apr 21, 2009
I enabled LDAP from the system>administration>authentication and have not had any luck with it working. I now want to turn it off and log back into my machine normally.
I logged into terminal as root and told it to change the config files back to the previous ones and now it will not let me log into any of my accounts including root! this is via X, SSH and terminal.
If i boot into single user mode and change a users password this makes no different.
View 2 Replies
View Related
Apr 21, 2011
I am integrating my Unix box to the Windows AD using PAM_LDAP and Kerberos enabled. I was wondering, since Kerberos is enabled is there any point to enable SSL on my LDAP.conf? My understanding is that since Kerberos is enabled, therefore the username/password is sent securely there isn't any benefit of enabling SSL on the LDAP.conf? It's one of or another.
View 1 Replies
View Related
Mar 24, 2010
Please let me know:1. What LDAP logs are typically available2. How to find them3. How to Parse them
View 3 Replies
View Related
Mar 16, 2010
Recently my wireless stopped working on my Debian testing system. It just doesn't connect. The best I get (only after a reboot) is that it says it did connect, but failed to get IP address. But usually it just tries to connect, disconnects straight away, connects again etc. so it never manages to associate correctly.
I am sure it did work about a month ago, stopped working after recent upgrades from the repository.
View 1 Replies
View Related
Apr 13, 2011
I have a problem with my fedora workstation.I am trying to change my ldap user password through passwd command.When I first create the user on ldap server, I use md5 and create the user password.This is the entry:
Code:
dn: uid=boo,ou=People,dc=linux,dc=gettolandia,dc=org
uid: boo
[code]....
View 3 Replies
View Related
Nov 16, 2010
I have a working LDAP-server (I belive!!) I want my laptops to authenticate against the server, when they logon. That works fine as long as the network is present. But I also want the users to be able to log on, when the network is down. When I go to a terminal (without network) I can su to another LDAP-user.I can login via graphical login-screen with the network attached, but not when it is disconnected.
In a terminal id john gives me information about the user john.
My conf. files looks like this:
/etc/ldap.conf
host 172.16.0.138:389
ldap_version 3
bind_policy soft
[Code]...
View 1 Replies
View Related
May 28, 2010
I am unable to find any ldap.conf parameter or pam.d/system-auth setting from where i can restrict the LDAP users having uidNumber less than a particular number, say 500 to login into the system.I am using OpenLDAP server and tried pam_max_uid 500 in ldap.conf but it didn't work.
View 2 Replies
View Related
May 3, 2009
I am trying to enable wpa2 aes encryption on fedora. The wifi access was working fine with WEP and system-config-network but recently somebody hacked into my network and I had to switch back to wpa2 aes encryption. Looking at previous posts, I can see that a lot of people have used wpa supplicant and ndiswrapper to enable this. A post from 2006 even explains how to enable this: [URL]?t=93054 Using Add/Remove software, I have installed wpa_gui and ndiswrapper kernel module, but it doesn't work. I don't see my wlan0 in wpa_gui.
View 4 Replies
View Related
Dec 20, 2009
In the process of making the jump from Ubuntu to Fedora and some of the file placement is catching me. Under Debian, I knew how to setup wireless from boot using /etc/network/interfaces and /etc/wpa_supplicant. Now, I know F12 uses /etc/sysconfig/network-scripts and /etc/wpa_supplicant/wpa_supplicant.conf, but I can't seem to follow the details. Can I use the same commands issued in /etc/network/interfaces in the appropriate /etc/sysconfig/network-scripts file? Can I, basically, copy my /etc/wpa_supplicant.conf to /etc/wpa_supplicant/wpa_supplicant.conf?
View 6 Replies
View Related
May 3, 2011
When I try to connect to my wireless network I get the following error
"wap supplicant association request to the driver failed"
I see the adapter connect to my router and I even get a signal strength thats pretty good. But the connection times out and starts all over again. It will connect for 10-15 seconds with no connectivity and the drop. What can I do to allow the connection?
I have already done the following
changed the wifi broadcast to g/b mixed (it was n/g mixed)changed the wpa2 cipher to tkip only
I am running 11.04
*****edit*****
I could not get my adapter to connect at all. With the help of another user who had the same issue we could not get it working. So I installed 10.04.2 LTS and installed the driver. I no longer get the WPA_supplicant error, now it just times out. what can I do to get wifi? this seems quite ridiculous just to have a network connection...
View 1 Replies
View Related
Oct 19, 2010
Is there a possibility in openldap to allow a user to only create/manage specific LDAP users?For example user "mailadmin" may only create/manage mail accounts in LDAP that are named like "m1342895"? Or a specific list of user accounts that are in a specific group?
View 1 Replies
View Related
Mar 18, 2011
I would like to disable auto loading of network manager/wpa supplicant in my FC13 system. I am not interested in just stopping the service (/etc/init.d/NetworkManager stop) from user lever. Is there any kernel configuration which can serve the purpose. If there is a way to stop notifying user level about new network interface, please let me know.
View 3 Replies
View Related
Aug 12, 2010
Set up a lab full of Lucid boxes that authenticate against the main university Sun ldap server and create local, limited, homedirs if they don't already exist.
The ldap server is freely accessible on our network and does not require authentication to do a query. Users will not be able to make changes on the ldap server from these workstations. I cannot set up homedirs of users manually - any one of 15,000 people could walk in and use one of these machines.
What I've got working so far: Authentication works, but when I log in through GDM, after a few errors, I get nothing but a blank desktop (with wallpaper and cursor). If I log in as a local user and su to an ldapuser I get assigned a home directory at /, which explains the errors; this kind of user can't write to /. I've seen posts on this but nothing that works for me.
The problem, as I've identified it: I'm using pam_mkhomedir to create home directories on first login, but I don't seem to have any way of telling pam_mkhomedir *where* to create the home directories. I've tried to use the nss_map_attribute in /etc/ldap.conf (like this: nss_map_attribute homeDirectory "/home/users/"uid), but my syntax is all guesswork - I can't seem to find anyone else trying to mangle a homedir this way.
Most either don't deal with the homedir thing at all, or if they do, they only cover nfs/smb shares.
View 3 Replies
View Related
Jan 19, 2011
LDAP Server => CentOS 5.5 Configured according to this link [url]
LDAP Client => Fedora 14 Configured according to this link [url]
Now after I reboot the Fedora14 during startup, it takes very very long time to start up the mdmonitor service.
After that when I log on using a local account in the Fedora14 machine, it takes painfully long time to log on. And it does not identify the domain user.
I can able to log on to the ldap server through ssh from the Fedora machine.
I issued the command 'getent passwd' which does not fetch the domain users either. I am completely lost now.
View 14 Replies
View Related
Apr 19, 2010
OS :: Debian Lennyldap :: Openldap (newest one/get from apt-get)replication :: yes (on different machine)secure :: yes (tls)hi there i got problem on slave ldapwhat i am trying to do now is to have machine authenticate at slave ldapwhen master ldap die. So i stop slapd service at master ldap and try to authen. As a result of it, the prompt for login appears to fill in username but with the correct password couldn't make login successfully. I have checked at log file but there is any authen log of that login I wonder if it doesn't direct authen to slave ldap server. Here is my client config ::
#
# LDAP Defaults
#
[code]....
View 3 Replies
View Related
Dec 10, 2009
I wish to setup a network that works like windows but for with lunix of course!. It will need to be able to handle security/DNS/DHCP & Document store from one location. I've been doing some reading and have found that I think I need to be using one of the following:
LDAP
NIS
Kerberos
I have looked at a few Linux based OS's. I did notice that when you install fedora live desktop it gives you the option to connect to one of the above. So I am looking for a complete solution.
1. How to setup fedora to act as server for my needs (or other Linux build)
2. Add fedora/linux mint machines to server to use new security settings. (or other linux build)
View 3 Replies
View Related
Feb 19, 2010
I am trying to deploy Kerberos and LDAP so users will be able to login in to a server on the edge of the LAN, and afterwards be able to establish a SSH connection to all the computers in that LAN without the need to type any passwords, and without the need for me to manage SSH keys [beside the SSH keys on the login server] and local user accounts.
1. When i create the users in OpenLDAP i use a template that i created by reading documentation from the Internet. In the template one piece of information that is neede is the UID. Is there any clever way the keep track of the numbers so i do not assign the same UID to two users, besides using a pen and paper?
2. For the users to be able to establish SSH connections between the computers, the host is going to be added to the keytab like this: ktadd host/client.example.com Is is possible to replace client with something genric so i do not need to mange these keytab files between the hosts?
3. Users will be logging on the the server on the edge of LAN by using SSH keys. How can i configure the setup so the users will recieve a ticket automatically when the logon without executing kinit and without entering a password, just by having a valid SSH key?
4. krb5kdc is running on all the network interfaces in the server i want it to only run on eth1, how can this be done?
View 2 Replies
View Related
Nov 12, 2010
i have some perl codes for using ldap,but i don't know why don't work any error handling When i use msg->code for sample. an example:
[Code],,,,
In this case,if $msg->code return zero(or null) every thing work correctly but if it not zero don't give any message(eg."error result").What is problem?
View 1 Replies
View Related
Mar 13, 2010
i have configured ldapserver on rhel4 for creating address book
following are configuration files on ldap server
/etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
i am able to import this ldif file into database.also when i perform the ldapsearch on this server with command"ldapsearch �x �W �D �cn=manager, dc=example, dc =com� �b �dc=example, dc=com�" i get correct output.
but when i am trying to search from another client machine, i am getting "error ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)"
also when i configured address book on mozilla on server., it is working fine.but not working on another machine.is any configuration is missing on client machine.both ldap server and client are configured on rhel4es without any firewall or selinux.
View 3 Replies
View Related
Jul 2, 2010
I took to yast to install ldap. I creating the CA cert, server key and server cert and specified them during the yast ldap server dialogs.
The firewall is open for ldap.
I also went through yast's ldap client ... though I didn't exactly see to anything (presuably it wrote up a configuration file somewhere).
However when trying use the basic ldap tools, like ldapwhoami. Well it doesn't connect and gives me the above error. Of coure the ldap db is unpopulated as yet, so it probably is not able to say who am at all. But ldapadd doesn't work either.
It seems to point to my SSL usage not being correct .. so I'm trying to double check that now.
View 2 Replies
View Related
Apr 5, 2010
i have successful secure ldap replication but i could not make ldap client to direct its authentication to slave ldap
here is my config file on ldap client (i am not sure if it is the right place though)
ip : 192.168.1.183 is master ldap
ip : 192.168.1.185 is slave ldap
pico /etc/ldap/ldap.conf
#
# LDAP Defaults
code....
View 11 Replies
View Related
Sep 8, 2009
I installed CentOS 5.2 and then run yum update. I configured this server as LDAP/Samba primary domain controller. LDAP seems to be OK and for testing I am able to create users with:smbldap-tools useradd -am usernameI can ssh into the server as root and also as a Linux user which was locally created in the server. But ssh into the server as LDAP user fails (from a Fedora 11 machine) with "Permission denied, please try again", prompting again for password.Some data:
# rpm -qa | grep ldap
python-ldap-2.2.0-2.1
php-ldap-5.1.6-23.2.el5_3
[code]....
View 1 Replies
View Related
May 25, 2011
I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
Code:
AuthType Basic
AuthBasicProvider ldap anon
Order allow,deny
Allow from all
This part by itself works for the LDAP authentication:
Code:
AuthName "System Admins"
AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com
This part works by itself for guest access:
Code:
Anonymous guest
Anonymous_VerifyEmail Off
Anonymous_MustGiveEmail Off
Anonymous_LogEmail on
Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?
View 1 Replies
View Related
May 31, 2010
I'm trying to set up a Linux server and I am new to this. I have gone through most of the configuration using SAMBA 3.0 and when I populate the ldap directory all I get this error before the password request:
Then when I perform an ldapsearch to see if the directory is populated I get this message:
I'm positive all my .conf files are done right.
View 3 Replies
View Related
