Server :: OpenLDAP SHA Hashed Passwords Won't Work
Jan 24, 2011
I have recently installed openldap on a server to use for authentication but I'm unable to get SHA/SSHA password hashes to work. I'm able to authenticate against it when the user have a CRYPT password. We had an old badly maintained openldap server that SHA worked on so I ran slapcat on that one and built that database on the new openldap server and was able to authenticate with SHA hashed passwords. So I'm quite confident that my slapd.conf works.
I suppose it's something in the ldif file I use to setup the database that is missing but I can't figure out what. It's quite large and I don't really know what parts of it would be relevant.
View 5 Replies
ADVERTISEMENT
Mar 31, 2011
I have a 389-ds with a large user base. All passwords are stored plaintext. I would like to convert all these stored passwords to a hash, say SHA-1.
View 2 Replies
View Related
Nov 18, 2009
I am looking for ideas for getting windows users into an ldap server. I am currently running a Linux server for my department and need to create an LDAP server which mirrors the username/password information for all of us as they are stored in the windows server here. I have the openldap server up and running on Ubuntu 8.04 and it works great; I now need to find some way to import user info into this from windows. I've seen discussions of using ldifde.exe to export the AD users into an ldif file. Is this the simplest way to go about it?
Our Linux server is currently providing us with much needed services using apache, and apache is authenticating using LDAP to our windows server (Using our windows username / password is required functionality). This windows server has some problem which causes it to delay for inordinate amounts of time between authentication requests and responses. The situation is such that this problem will not be addressed by IT staff. However, I have control over the Linux server so I am looking to just mirror the windows server on an LDAP server of my own. I could get away with updating the passwords in the Linux server.
View 1 Replies
View Related
Oct 4, 2010
I am running an Ubuntu 64-bit and Windows 7 64-bit machine and I have set up an SSH between them and for whatever reason the passwords won't work; I receive the following error when trying to log on from either computer..I own both of the computers so I have full reign over them, so I'm assuming it should be an easy fix but I'm not sure about what to do.
View 14 Replies
View Related
Jul 5, 2010
I downloaded and installed hundreds of KDE and GNOME programs yesterday evening. A password was called for and rejected because it was too short. A new password was provided but it was not written down or saved on anything. I am now locked out of linux for want of a working passwd.There is a way to recover a lost password. Would someone please tell me what it is? I do not want to have to re-install everything again.
View 14 Replies
View Related
Sep 29, 2010
I am unable to get group passwords to work at all in 10.4. I set the password for the group and try to `newgrp` in to it, the prompt asks for the password, but always gives me permission denied (even though its set to allow this..": x :"). Is this just not fully supported?
Next, after using `sudo gpasswd -A usr grp`, the user becomes an admin of the group, he can add/remove users only for that grp, but is not a "member". How would I find out who are admins of groups? I have tried `groups`, looking in /etc/group and theres nothing, the user does't even look like hes associated with the group at all.
View 2 Replies
View Related
Jan 7, 2010
I wonder if it is possible to have two passwords for one user account in 9.10. I have a long login password (5 words about 45 characters with spaces caps). I would like to set a shorter password for Authentication, sudo, etc. While retaining the original for logging in.In short:Have long password to login to computer.Have short password for everything after login.
View 6 Replies
View Related
Jan 25, 2011
I configured my openldap but now I want to implement SSL-TLS
This is my basic slapd.conf configuration
Code:
And I created this script (simple I know) to create this TLS/SSL Config but it won't work users cannot login
path when I am moving certs /etc/openldap/cacerts
Code:
As you see I create the key and certificate, assign permissions, add stuff to slapd.conf and finally copy thecer to a client PC
On client side I use authconfig-tui
My enviroment is Centos 5.5
what is wrong on my config?
View 5 Replies
View Related
Jun 8, 2010
Code:
$ su -c 'yum install wine'
this forum won't let me put all the text in Transaction Check Error: package openldap-2.4.21-6.fc13.x86_64 (which is newer than openldap-2.4.21-4.fc13.i686) is already installed package nss-softokn-freebl-3.12.4-19.fc13.x86_64 (which is newer than nss-softokn-freebl-3.12.4-17.fc13.i686) is already installed
View 4 Replies
View Related
May 30, 2011
I came across this reult of the type command (hashed) in another post. (see below).
Code:
fraespappp8:/data/apps > type topic_file_publish.sh
topic_file_publish.sh is hashed (/data/apps/pnbgstk/publication/topic_file_publish.sh)
This (result = hashed) is new to me.
I wonder which kernel/distro/shell it is from.
View 1 Replies
View Related
Jan 28, 2009
Openldap 2.4.11 uses cn=config as the main configuration instead of slapd.conf .
How to add a new schema to openldap 2.4.11 that uses cn=config.
View 12 Replies
View Related
Aug 24, 2010
I was thinking of merging my openldap and samba bdc servers. Is it ok for a server to authenticate against itself? (ie ldap.conf points to localhost)
View 1 Replies
View Related
Jul 13, 2011
I have a RHEL 5.4 server installed in a server farm. The server is administered under a central AD, which means that administrators are registered in the AD.
However, I have to deploy an application on the linux server, that will use it's own OpenLDAP server. This means that this application will be the client to the LDAP server installed on the same RHEL server.
I tried installing OpenLDAP using yum and it resulted in a very fatal issue. Somehow the configuration files used for finding the Linux server from the AD was overwritten and the Linux server was not reachable anymore.
After some investigations, and possibly, rebuild, the server has been handed over to me.
The problem is how should I install OpenLDAP so that the existing connection to AD is not lost.
On the Linux server I see a /etc/openldap directory but only contains ldap.conf and cacerts directory.
View 3 Replies
View Related
Jul 27, 2011
I am having some trouble with Cyrus SASL and OpenLDAP. I tried to configure OpenLDAP using SASL for all conection but I cannot map the SASL-DN to OpenLDAP's DN. Below is my configuration file, slapd.conf
[code]...
After I finished the configuration, I try to use ldapsearch tool to verify, but I cannot:
[code]...
View 10 Replies
View Related
Sep 28, 2010
Just installed openldap server on a VM CentOS called 'ldapsrv', it works fine, ldapsearch returns all ldap information.
Installed openldap client on another VM CentOS called 'ldapclient1', configured it with most basic configuration, no ssl/tls etc. but ldapsearch returns error:
ldapsrv is pingable:
Some outputs:
PHP Code:
PHP Code:
View 20 Replies
View Related
Aug 27, 2010
I've configured OPENLDAP server on the CentOs 5.3. Well everything is working fine .All the uses have been added to the database.database is bdb in ldap configuration.Now client machine is on windows xp. how to integrate Windows Xp with the LDAP server for authentication.
View 5 Replies
View Related
Jan 31, 2011
I want to configure Netgroup in openldap. I am using Redhat Linux 5.5.
View 1 Replies
View Related
Apr 30, 2010
I currently have an OpenLDAP server where everytime I add a new user their DN looks like this:
DN: cn=username,ou=people,dc=domainname,dc=com
Is their anyway I can change there dn to be in the following format?
username@domainname.com
View 4 Replies
View Related
Aug 5, 2010
I'm having much problems trying to configure openldap on Ubuntu 10.0.4 LTS
I have tried many tutorials, many configuration but still without results, I made the following script (for not repeating the same work, again & again)
Code:
#!/bin/sh
passwd=xxxxxx
dc1=host
dc2=com
[Code]....
View 14 Replies
View Related
Nov 23, 2009
I want to build a domain like abc.com in my LAN environment. Kindly tell me step by step procedure of installing OpenLDAP on CentOS 5.3.
View 2 Replies
View Related
Feb 2, 2011
I configured OpenLdap and now I want to configure it using TLS-SSL
But I cannot get it working with the Linux clients. Environment: Centos 5.5
Openldap Server configuration:
View 12 Replies
View Related
May 13, 2010
My Mythweb is asking for authentication but none username/password will work. It just prompts for authentication over and over again. I've found few configurations regarding authentication:
in /etc/apache2/httpd.conf I have following lines:
<Directory "/var/www/mythweb">
Options Indexes FollowSymLinks
AuthType Basic
AuthName "MythTV"
AuthUserFile /etc/apache2/httpd-passwords
require user user1 user2
[Code]...
none of the username/paswd pairs in Authuserfile are working? Can there be yet another file / configuraton somewhere? How do I know which one apache is using right now?
View 1 Replies
View Related
Jun 8, 2009
I am planning to deploy an OpenLDAP server in my LAN for basic authentication, but I have no idea how to do it. I would like to know how to configure an OpenLDAP Server, and I would also like to know about knowledge resources, if any.
View 3 Replies
View Related
Apr 13, 2010
I am systems administator of the university CS lab. I have a Mac here and I'm trying to extend the directory to our OpenLDAP server. We use NFS as well. I know nothing of Macs in this respect except for the fact that they already have LDAP on them, which seems to be convenient.
View 3 Replies
View Related
Mar 8, 2011
I have no ACLs in place yet but want to use a user called ldap-auth-user to bind to the ldap servers directory from the client servers. However I keep on getting ldap_bind: Invalid credentials (49). Error. I know the UserPassword is correct because I can log into a server using that id and password through the LDAP directory. I am guessing it has something to do with the way I created the account.
This Works:
ldapsearch -D 'cn=Manager,dc=test,dc=com' -x 'uid=testuser' -W
This Doesn't:
ldapsearch -D 'cn=ldap-auth-user,dc=test,dc=com' -x 'uid=testuser' -W
Here is the ldap-auth-users entry in the directory
[root@ldap-build-01 ~]# ldapsearch -D 'cn=Manager,dc=test,dc=com' -x 'uid=ldap-auth-user' -W
Enter LDAP Password:
# extended LDIF
[code]....
View 6 Replies
View Related
Feb 13, 2010
i have configured samba as file server in fedora 11,it works fine for both windows and linux machines .but i want to configure ldap and samba as domain controller. Googled a lot on internet every thing is confusing me .
View 2 Replies
View Related
Dec 22, 2010
I have configured a ldap server and trying to login to same ldap server using a ldap user. However, I am not able to login and getting the following in /var/log/secure:
Dec 22 20:06:29 redhat5 sshd[7241]: Invalid user ldapu1 from 192.168.85.1
Dec 22 20:06:31 redhat5 sshd[7242]: input_userauth_request: invalid user ldapu1
Dec 22 20:06:37 redhat5 sshd[7241]: pam_unix(sshd:auth): check pass; user unknown
Dec 22 20:06:37 redhat5 sshd[7241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.85.1
Dec 22 20:06:37 redhat5 sshd[7241]: pam_succeed_if(sshd:auth): error retrieving information about user ldapu1
Dec 22 20:06:39 redhat5 sshd[7241]: Failed password for invalid user ldapu1 from 192.168.85.1 port 4461 ssh2
I can see that if I use the ldapsearch with same filter, I am not able to locate the user "ldapu1". However, if I change the filter to (|(objectClass=posixAccount)(uid=ldapu1))", it shows me the ldap user:
[root@redhat5 ~]# ldapsearch -x -b "ou=Users,dc=homeldap,dc=com" -D "cn=Manager,dc=homeldap,dc=com" -W -H "ldap://127.0.0.1/" "(|(objectClass=posixAccount)(uid=ldapu1))"
Enter LDAP Password:
# extended LDIF
# LDAPv3
# base <ou=Users,dc=homeldap,dc=com> with scope subtree
# filter: (|(objectClass=posixAccount)(uid=ldapu1))
# requesting: ALL
# ldapu1, Users, homeldap.com
dn: cn=ldapu1,ou=Users,dc=homeldap,dc=com
objectClass: inetOrgPerson
cn: ldapu1
sn: ldapu1
uid: ldapu1
userPassword:: bGRhcHV1MQ==
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Where I have made a mistake?
- Is it necessary to create an account on Linux box and then migrate it to ldap?
- I was just wondering if I can somehow change the default filter from AND to OR at the time of login. I used "pam_filter |objectClass=inetOrgPerson" in ldap.conf.
However, it didn't change the filter.
View 5 Replies
View Related
Jul 27, 2011
I'm getting the following notice in slapd.conf when looking up an phone number to get the name of this contact :
Code:
Jul 27 13:46:26 sip1 slapd[25587]: conn=68 fd=16 ACCEPT from IP=XX.XX.231.181:2898 (IP=0.0.0.0:389)
Jul 27 13:46:26 sip1 slapd[25587]: conn=68 op=0 BIND dn="cn=110305,ou=110305,dc=myldap" method=128
Jul 27 13:46:26 sip1 slapd[25587]: conn=68 op=0 BIND dn="cn=110305,ou=110305,dc=myldap" mech=SIMPLE ssf=0
Jul 27 13:46:26 sip1 slapd[25587]: conn=68 op=0 RESULT tag=97 err=0 text=
Jul 27 13:46:26 sip1 slapd[25587]: conn=68 op=1 SRCH base="dc=myldap" scope=2 deref=0 filter="(&(telephoneNumber=32777300999*)(sn=*))"
[Code]...
View 3 Replies
View Related
Aug 19, 2010
I can't seem to get my ldap.log file to rotate on Ubuntu 9.10. I've added to the logrotate.conf file the following..
/var/log/ldap.log {
missingok
monthly
create 0660 root utmp
rotate 1 }
I have also tried putting the path to the file /etc/logrotate.d/rsyslog. Restarted services and still no logrotation for the ldap.log..
View 5 Replies
View Related
May 6, 2010
I have OpenLDAP 2.4.12 and Samba 3.5.1 installed. When I try to change the password with smbpasswd, it changes the Windows password fine. But userPassword is not updated in LDAP. The error message is: "smbldap_check_root_dse: Expected one rootDSE, got 0" when I run smbpasswd -D 10 <username>.
I added the following to slapd.conf:
access to dn.base=""
by * read
password-hash {md5}
in hopes of allowing samba to read the root DSE, even though Samba is configured with the root DN.
how to make samba find what it needs in the root DSE of my LDAP server?
View 4 Replies
View Related
