I have LDAP server, it is configured and all is very well, I use it to make some authentication for our Servers and routers. Also I integrates LDAP with Radius and all is work, so LDAP is powerful to the company. Last week my manager ask me to try making these authentication for all of Company computers which is windows. So, can I use LDAP, or Active Directory? I wish to use LDAP.
View 7 Replies
I am trying to setup my opensue 11.3 server as a pdc using openldap and samba
I am continuously getting a network path not found error message on my windows xp box. I already verified that the network settings are good.
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2010-07-05
[global]
[Code]....
Just installed openldap server on a VM CentOS called 'ldapsrv', it works fine, ldapsearch returns all ldap information.
Installed openldap client on another VM CentOS called 'ldapclient1', configured it with most basic configuration, no ssl/tls etc. but ldapsearch returns error:
ldapsrv is pingable:
Some outputs:
PHP Code:
PHP Code:
we have a weird problem with our opensuse 11.2 server installation.
We want to set up a LDAP Server using the Yast-LDAP Server configuriation tool.
This indeed already worked weeks ago until....this week.
Maybe some updates??!
I do not know what happend exactly. The server just does not want to start again and throws following error:
Starting ldap-serverstartproc: exit status of parent of /usr/lib/openldap/slapd: 1 failed
This happend after a little check of the configuration, but without a change, with Yast. Google delivered only "reinstall your box"-answers.
So.. i did that. And now the "mystical" part: The SAME ERROR occurs with a fresh vanilla system with a brand new and simple configuration (certificats, database, pw...the first Yast config dialog...). I did not change the way i set it up.
I remember, when i did this the first time with 11.2 on that machine, when no problems occured...everything was running out of the box (except the "use commen server certificate" option...).
While I've been using Linux for a little while now, I have only recently been getting into setting up and using a server at home (in part because until recently I only had ONE computer at home). I have heard of LDAP and OpenLDAP, but I am not sure if this is the best tool to do the following. Centralize logins and passwords for all of the computers at home, so I only have to change/manage one place. Since I keep installing Linux Distros it would be nice if I didn't have to add each person, individually each time.
Provide single sign-on authentication for the user so when they go to the Samba server they don't have to do another login, but they are limited in what they can see. Basically I don't want the kids being able to see *MY* files
- Works with Linux (various) and Windows (Windows 7 more than XP)
- Works with desktop and laptop
- Be able to, possibly, pass this authentication to the web server so likewise do not need to log into the web server after logging into the computer.
- (optional) be able to set up a script to run automatically to either map network drives or mount samba directories based on the user being logged in (smb://user/<username>) and/or backup the system.
I say optional because if it can that is great, but if it cannot then it isn't a show-stopper. Like I said, I am very new to servers and networking and do not know where to start regarding this. Right now I have a basic (too open) file server and a web server just beginning to be developed (working on Drupal). Not only do I need to figure out what/where to research about the server settings but also setting up the client-side of things.
I'm trying to set up a centralized log-on scheme in a research lab with about 10 computers. It's looking like we're going with LDAP - this decision may be out of my control (but if there's an alternative that would be REALLY better, do let me know). My question is we don't really have a domain name, so when all the tutorials say cn=example,cn=com, I can't mimic this exactly. I've been trying to get away with just one, like cn=researchlab. Will LDAP work with just one, or do I need to invent a second also? On the flipside, will it work with more? Our server can be reached by
lab.department.school.edu, could I do cn=lab,cn=department,cn=school,cn=edu?
I have Redhat 5 playing nice as it authenticates against windows server 2008. But I ran into issues trying to get Redhat 6 to do it as well.
Here is where I stand on my redhat 6 box:
I have my certificates working between the windows and the redhat box.
From Root user I can SU to an Active Directory user. getent works. I can see all the users info. ldapsearch works with the CA certificate so my SSL handshake is working. I do not suspect cert issues
But when I try to login as active directory on my Redhat 6 box I get told I used an invalid password. The password works just fine on the windows server, so I didn't fat finger anything. I am just confused as to why I can have getent and ldapsearching but can not login.
I have turned off iptables on redhat and the firewall on 2008 server to see if that would change the situation but no luck.
I noted that in Redhat 6 I need to config SSSD rather then NSCD.
Let me know if you need to see my:
ldap.conf
nsswitch.conf
sssd.conf
var messages
What I maybe doing wrong or leaving out in my configurations.
I hope this is the right place to post a Samba related question. I have 2 Windows Server 2003 machines acting up. In /var/log/messages of my fileserver (F10, Samba 3.2.11) I am logging these messages (log level = 10)
Code:
Mar 2 15:55:15 fileserver smbd[3768]: [2010/03/02 15:55:15, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(546)
Mar 2 15:55:15 fileserver smbd[3768]: _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client DATA-SYNC machine account DATA-SYNC$
[Code]...
I have configured samba server on fedora machine and i am trying to authenticate a winxp machine through samba server but the issue is winxp machine is not becoming the part of the domain. The error is A domain controller for the domain HOMEDOMAIN could not be contacted.Ensure that the domain name is typed correctly.
If the name is correct, click Details for troubleshooting information.
here is the configuration file text..
# Samba config file created using SWAT
# from UNKNOWN (8)
# Date: 2010/01/31 18:51:36
[global]
workgroup = HOMEDOMAIN
server string = Samba as Domain Controller.
[Code]...
i have configured ldapserver on rhel4 for creating address book
following are configuration files on ldap server
/etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
i am able to import this ldif file into database.also when i perform the ldapsearch on this server with command"ldapsearch �x �W �D �cn=manager, dc=example, dc =com� �b �dc=example, dc=com�" i get correct output.
but when i am trying to search from another client machine, i am getting "error ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)"
also when i configured address book on mozilla on server., it is working fine.but not working on another machine.is any configuration is missing on client machine.both ldap server and client are configured on rhel4es without any firewall or selinux.
i have successful secure ldap replication but i could not make ldap client to direct its authentication to slave ldap
here is my config file on ldap client (i am not sure if it is the right place though)
ip : 192.168.1.183 is master ldap
ip : 192.168.1.185 is slave ldap
pico /etc/ldap/ldap.conf
#
# LDAP Defaults
code....
I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
Code:
AuthType Basic
AuthBasicProvider ldap anon
Order allow,deny
Allow from all
This part by itself works for the LDAP authentication:
Code:
AuthName "System Admins"
AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com
This part works by itself for guest access:
Code:
Anonymous guest
Anonymous_VerifyEmail Off
Anonymous_MustGiveEmail Off
Anonymous_LogEmail on
Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?
I'm looking to setup a home server for the purpose of backing up and storing the files on our multiple (Windows) computers. What kind of server should I set up? Samba? Lamp?
View 5 Replies View RelatedI'm trying to set up a Linux server and I am new to this. I have gone through most of the configuration using SAMBA 3.0 and when I populate the ldap directory all I get this error before the password request:
Then when I perform an ldapsearch to see if the directory is populated I get this message:
I'm positive all my .conf files are done right.
I'm checking with a sniffer and there's activity going on between the client and the LDAP server... as a matter of fact, the sniffer shows that the search is producing one ldap item, however, php says it can't contact the ldap server (after it has bound and everything):
The script is working beautifully on another host with debian.
I am configuring a new ubuntu nis client and have all the configuration files exactly the same as existing clients (nsswitch.conf, passwd, group, host.conf, hosts, yp.conf)
The new client returns a dump of the passwd file with a "ypcat passwd" command. ypwhich returns the correct domainname. Ypmatch seems to work as well but the client won't authenticate!
NFS is mounted and I can see home directories
The debian server is working fine with existing clients.
Could this be an issue with running updates on the new client?? could debian and ubuntu be not getting along.
I am looking for ideas for getting windows users into an ldap server. I am currently running a Linux server for my department and need to create an LDAP server which mirrors the username/password information for all of us as they are stored in the windows server here. I have the openldap server up and running on Ubuntu 8.04 and it works great; I now need to find some way to import user info into this from windows. I've seen discussions of using ldifde.exe to export the AD users into an ldif file. Is this the simplest way to go about it?
Our Linux server is currently providing us with much needed services using apache, and apache is authenticating using LDAP to our windows server (Using our windows username / password is required functionality). This windows server has some problem which causes it to delay for inordinate amounts of time between authentication requests and responses. The situation is such that this problem will not be addressed by IT staff. However, I have control over the Linux server so I am looking to just mirror the windows server on an LDAP server of my own. I could get away with updating the passwords in the Linux server.
I have a problem with sendmail. I am using the zen.spamhaus.org dnsbl, and it is doing a wonderful job of blocking incoming spam from open relays. But it is blocking my users who are on a dynamic ip range from any isp remotely. They should be able to authenticate and send messages no matter where they are as long as they authenticate right? I just want to use the blacklist to block incoming mail to my server that is being distributed to our email addresses.
I want to block people that are hosting mail servers and sending mail to my domain from isp sub-nets. But I don't want to block my users that are sitting on isp subnets using their mail client to authenticate over smtp and send an email from my mail servers.
In the past I found some great help on this forum, so here goes. Bare with me because it's a long story. I'll try to be as complete as possible. I've installed and configured OpenLdap on a virtual machine with ip 192.168.39.134. I've added 2 users via LAM. In the ou WikiUsers and the domain is wiki.local.
I've then created another host with ip 192.168.39.133 with mediawiki installed on it. Then I added the extension LDAPAuthenthication. In the LdapAuthentication file I added this code (only the last paragraph is mine, I added the others to show it's location in the script):
Quote:
$path = array( $IP, "$IP/includes", "$IP/languages" );
set_include_path( implode( PATH_SEPARATOR, $path ) . PATH_SEPARATOR . get_include_path() );
[code]...
I know I'm close because I can't register any new users or accounts on the mediawiki site. Although I could before I added the LDAP service. This is indeed all just to test and get to know how LDAP works. That's why it's all virtual in VMWare. I did not really configure anything on the LDAP, i just installed it and chose a domain (wiki.local).
I installed Apache Tomcat6,every thing is running fine but facing problem in Tomcat administration webapps:- in manager webapp [URL] in this i am using username=manager password=s3cret but not it is not authenticating with these credentials in host-manager webapp [URL] in this,i am using username=admin password=s3cret
but it is also not authenticating with these credentials i edited file /etc/tomcat6/tomcat-users.xml
[Code]...
can anyone tell me what is the difference between these two files of LDAP client /etc/ldap.conf and /etc/ldap/ldap.conf and for what purposes these two files gives services. Is it necessary to have these two files at a time ?
I use these files to install LDAP client to authenticate with our LDAP server by creating a symbolic link of /etc/ldap.conf to /etc/ldap/ldap.conf.
I had a machine that is using ldap, but need to remove it completely.I edited the /etc/nsswitch.conf and removed all references of ldapand renamed /etc/ldap.conf to /etc/ldap.conf.bakI can log in as root, but cannot log in as any user in /etc/passwdIn the /var/log it shows pam_ldap: missing file "/etc/ldap.conf"I am guessing I am missing something else?I never set this machine up for ldap, was here when i got here, so not sure of steps to even put ldap on.
View 2 Replies View RelatedI am aware that there is a qmail-ldap package to have ldap back end for qmail. But I need only user authentication for qmail through ldap (not the backend; i.e still keeping Mysql as the database). I am pretty new to mail server configuration. I have just configured a (q)mail server (which is currently my sand box) and am able send and receive emails. I am planning to add ldap authentication (just that) to it. Can anyone point me to the right direction?
View 6 Replies View RelatedI have installed Ubuntu 10.4 LTS and I want to share a printer on that computer with my windows network (mix of XP and Vista). I have network connectivity and and can see other windows computers and they can see me, I am just stumped on how to share a printer on my linux machine with all of the Windows computers on my network.
View 4 Replies View RelatedHow to wipe this hard drive clean like new, formated #4 linux when finished.W/D 500 GB
View 10 Replies View RelatedI have a LAN of about 70 computers that I would like to share media files between. I have gotten to the point with Samba that I can view the files without a username/password from client PC's. I would like to make all the folders read only except for one which will be writable for everyone. The thing that I am having a hard time with is allowing a couple of administrators (on Windows 7 machines) read/write access for all files/folders. I am completely new to Ubuntu and Samba so please make explanations thorough. Here is /etc/samba/smb.conf file:
[Code]...
i just one to emulate the windows 2003 - windows XP easy VPN deployment, with my ubuntu server.I got my server side (ubuntu) and client side ( openVPN gui) and everything looks okbut now, i cant make a //server/SHARED and get from my house to the office's docs, despite the conection its ok... whats wrong?
View 14 Replies View RelatedI have two machines on a local area network (xp box and xubuntu box) and I want audio from both machines to be played from the same set of speakers. The problem is, the xubuntu machine doesn't have any sound output. There is no onboard sound card and all expansion slots are pci-x, so short of buying a pci-x sound card my only option for playing sound is to route audio through LAN to my xp computer.
I already have a program that will let me play music on one computer from another's speakers, but I am trying to set up a stream so that games and internet sound can be heard. Is it possible for me to do this?
but Im thinkng of completely switiching to Ubuntu,But all of my friends are on Windows...We have a LAN of abt 100-150 .. Is there is any GUI software thru which I can see all the files which are being shared on the network by Windows PCs,I know abt Samba ...but that is only computer specific & also that is reverse way...& doing from command will be tiresome task for all PCs.
View 3 Replies View RelatedI have a question about connections with an ubuntu server. Is there a way to know if the terminal computer (which is connected to my linux server) is using WinSCP to connect (on a Windows platform) or a linux system? It seems they are using the same port (22) and I think the exact same protocol (SSH / SFTP), is there a way to differentiate between the two though? And going farther there, is it possible to limit the connections only to linux terminal computers and reject requests coming from Windows computers?
View 2 Replies View Related
