Server :: Su: Authentication Service Cannot Retrieve Authentication Info?
Mar 12, 2010
I have a problem with ldap client authentication in ubuntu. I am using rhel5 as openldap server and I configured ubuntu as client, when I am trying to login the following message is coming."su: Authentication service cannot retrieve authentication info. Sorry"
But when I do search through "ldapsearch" command output is coming without any errors, Can anybody explain what would be problem.
I am setting up Fedora-13 with "389 directory server" for authentication. I had performed the following steps.
1. Install FD-13. 2. Yum install 389-ds. 3. Run script to configure. 4. Start 389-condole and create few group and user for testing.
I can see these user with "ldapsearch" and with "phpldapadmin". It looks my server is responding. However, I am unable to see any user name with "getent passwd". also "ssh server_user@server" is not able to login. Whereas "getent passwd" shows local user and "ssh local_user@server" is able to login. Also note that I am not using ssl, so want to avoid ssl.
I am re setting up a server of mine running red hat enterprise Linux server 6 and I had all of this working befor but for some reason I had troubles getting sasl to work and now when I login my smtp server I get an error stating that my username or password is incorrect though I am sure I am entering both correctly. Would anyone know what could be happening? I have been spending days on the web looking for the solution and only went from sasl not working when started as a service to this. For some reason I can't use Pam with saslauthd and had to use shadow instead of which from what I hear I get to use better methods of secure authentication with smtp
On Ubuntu server 10.10, with a relay smtp server with authentication via postfix; I keep getting 535: Incorrect authentication data. I'm sure my username and password is correct. Heres how I set up postfix: I created a file called smarthosts.conf in my /etc/postfix/ directory that contains the following:
[Code].....
my server uses plain text authentication on port 25. I would like to use security like SSL, but this particular server is unsecured.
I am trying to solve problem with software which needs to have access to network card I suppose. Installation run without any problems but when I am launch software I get such message as normal user: Cannot register service: RPC: Authentication error; why = Client credential too weak.
When I launch program as root I get this: WARNING: localhost appears to have the loopback address 127.0.0.2 as IP address This may imply that processes on arlin may not be able to connect to non-local processes but program starting with success at least. What I should do to run program as normal user?
If I am running a script, let's say a install script. Is there a way to make Su repeat authentication rather then just returning "Authentication failed" and continuing the script?
I need to make a choice on what authentication protocol I want to use for Authentication and Authorization. I was looking at Radius and then literature suggested that Diameter was a better protocol. Keep in mind I need this on a hetrogeneous setup ( linux & windows together). Diameter seemed like a good fit until I discovered that the open source code no longer seems to be maintained ( C/C++).
I was also looking at Kerberos as an option though there is alot overhead with the server. SSL/TLS or EAP? I am looking for simple but secure and am new at the security protocols.
I have set up the 389 server using the default configuration. Adding user and http/pam authentication works fine. The problem I have is the client authentication. On the client machine, using "authconfig-tui" to turn on LDAP authentication it turns on sssd and use 'sss' in etc/nsswitch.conf after 'files'. I couldn't get sss working. In the end, I disabled sssd and manually changed 'sss' to 'ldap' for all configuration files including: modify /etc/nsswitch.conf modify /etc/pam.d/password-auth, change all sss to ldap modify /etc/pam.d/system-auth change /etc/sysconfig/authconfig FORCELEGACY=yes
After these, client authentication works. I can log in to the client machine using user/password set on the LDAP server. I thought this is done but everyday the LDAP service stop functioning once or twice. I can't log in to the client machine using LDAP username/password. After restart the dirsrv on ldap server, things back to normal. I can't find any reasons from /var/log/dirsrv/ldap-xxx error file and don't know how to debug the problem.
We have installed the Centos on server. I have enabled the ssh key authentication in that server. Now we can connect through ssh only with key file.Since this server is protected with SSH, I am unable to use the SCP command. If I use this command it says "Permission denied (publickey,keyboard-interactive).". Please let me know How Can I disable SSH Key or why SCP command is not working ?
I installed Nconf software on a Debian server.I am trying to configure Nconf Authentication with LDAP.I edited nconf's authentication.php file accordingly and I installed php5-ldap package.When i enter user-name and password in Nconf's login screen.
this setup makes squid authenticate both the employees and admin network. how can i make squid just authenticate only the employees network? admin network should connect to squid without authentication.
If users are a memebr of a certain AD group, they are granted access to the web. I have this working but there is a glitch. I have to restart squid everytime I add or remove a user from the active directory group for the change to kick in. I could set up cron to restart squid every x amount of minutes but that is no good. see settings
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes
[code]...
Any work arounds for this. I need to able to add an AD user to an AD group so they can have instant access to the web without me having to restart squid
Pretty much as described in the thread title. I'm running RHEL6 on both the server and the client.I followed Red Hat's own instructions to set the kdc upI have a user called krb, that has been added to the KDC and I can get a ticket from the KDC, by using
Code: kinit -p krb If I then try to log in to the KDC, from the KDC, with
I have configured sendmail with startssl. In my case i have not used certificate for client (so i have integrity and privacy but not sure authentication, i.e.identification of peer by certificate From my log i see:
When I am trying to run the Xserver using the command startx I am getting the below mentioned error
xauth: creating new authority file /oracle/oracle10g/.serverauth.22555 Fatal server error:PAM authentication failed, cannot start X server. Perhaps you do not have console ownership?
I have set up a Ubuntu server to handle Dan's Guardian for protection of the children. I need next to set up a centralized file server and some kind of authentication method.
We are dual booting the computers just now since we need to use "Rosetta Stone" language software and they will not release a certain plugin for Linux according to our assigned help person. We also use pure Windows XP in some classrooms for now, and will do so until the school's children gets used to Ubuntu.
So, what is the best authentication method for a mixed environment? Where might I find a Ubuntu "howto" on the method?
What is the best way to set up a file server? Howto? Can the box running Dan's Guardian also be the authentication box and file server? (it is our newest box, only 2 years old and has a large hard drive)
is it possible to create a dhcp server which will ask for authentication from client before providing ip to that client ? i am using rhel5 os. i have configured dhcp server and it is working fine.
Above mentioned is my configuration. when i try to connect client with SSH it is not sending a request for authenticating user to RADIUS server. what else configuration i have to do, or if there are any mistakes in my configuration
As part of the project I'm working on, I need to set up a server with IPSec authentication only connections to a large number of low bandwidth clients. I'm making use of the PF_KEY interface to populate the keys on the server and while prototyping things I've found that the initial setup is taking longer than I had expected. At the start of my test, entries are being added to the database at a rate of around 30/second, but as time goes on this is dropping significantly. I ran a test up to around 100k entries and by then the rate had dropped to 10/second. It's key to me that if I reboot my server that the Security Associations can be repopulated in a very short period, so I do genuinely need this to be much faster.
Two questions: 1) Does anyone have any experience of running with a large number of SAs set up, and if so what sort of setup rate did you get? 2) Are there things I can do to speed up the provisioning of these SAs? I'd really like to see a rate in the thousands per second. We've been doing the prototyping on the 2.6 kernel.
I'm new in UNIX & trying to access the server using SSH but I encounter this error PAM Authentication Error. I use edit /etc/ssh/sshd_login & set the PermitRootLogin to yes. But didn't work. I used this command ps -ef | grep sshd & saying Process environment requires procfs(5). I don't know what to do now. What I want is access it by SSH but I got Access Denied. [MOD]Pruned from [URL]. create your own thread instead of resurrecting a five year old one.[/MOD]
If your machine is connected to the Internet, you'll probably want to disallow ssh password authentication (which is advised but not mandatory). Edit the /etc/ssh/sshd_config file and change/add the following lines:
PasswordAuthentication no AllowUsers nx
Don't forget to restart the sshd daemon after making that change: service sshd restart I already have PasswordAuthentication yes in my file as I need it to login to the server through ssh. Do I just skip that line and only add AllowUsers nx mynxuser at the end? Also, I followed the rest of the manual and when I tried the client on Windows it failed: I put in a user and password to login but shouldn't it be using the key instead? I think the problem is related to the above due to:
Quote:
NX> 203 NXSSH running with pid: 1428 NX> 285 Enabling check on switch command NX> 285 Enabling skip of SSH config files