i have an old fc4 server running ldap, and decided to upgrade to fc5, to use the new versions of ldap. after the upgrade the ldap wont start.i manage to restore my database, copy the DB_CONFIG.example to the var/lib/ldap and set the corretc path of the pid files in slapd.conf, but now the server just dont start and gives me no error messages...half of the guys here at work are not working cause of this.
View 5 RepliesLDAP server failed to start.. Please check error log for problems.
View 2 Replies View RelatedRunning RHEL 5.4 on a HP server. Ran into a issue today where ldap was working fine then was informed it was failing. During the troubleshooting process, I found out that the ldap service failed to start up. See error below:
/sbin/runuser: /usr/sbin/slaptest: Permission denied
I checked the permissions of the ldap.conf and slapd.conf files and they appeared to be correct. Any ideas why ldap will not start up?
using centos 5.2
unbale to start ldap server.
see below info
[root@system ~]# yum install openldap
Loading "fastestmirror" plugin
Loading mirror speeds from cached hostfile
* base:
[Code]....
After setup Openldap server with TLS/SSL use ldaps, I install phpldapadmin and have an issue LDAP Server is configured and running. make some ldapsearch and it oki. I couldn't use https to browse LDAP server when I use http and I can't connect Could not start TLS. check your LDAP server configuration. This is my config
[Code]....
How do I go about to troubleshoot the failure of ldap server start on openSUSE 11.2? I added a custom configuration (through GUI) and now the server does not whant to start with that configuration.
View 1 Replies View RelatedI recently configured my client to log on using my (open)ldap account. Since then I could not get thunderbird started from my ldap account. But if I su to one of the local accounts, it opens.
My client is Fedora14.
Can I make Yast/Ldap accept usernames that start with a number. All our current users have the format 09-first.last or 10-first.last etc.
View 2 Replies View RelatedSo I am creating a LDAP server for my school's Linux lab, so users on our school network can log into the Linux machines.
I found a guide here url...Authentication
But during the install, I get the following error.
update-rc.d: warning: libnss-ldap start runlevel arguments (2 3 4 5) do not match LSB Default-Start values (none)
i have configured ldapserver on rhel4 for creating address book
following are configuration files on ldap server
/etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
i am able to import this ldif file into database.also when i perform the ldapsearch on this server with command"ldapsearch �x �W �D �cn=manager, dc=example, dc =com� �b �dc=example, dc=com�" i get correct output.
but when i am trying to search from another client machine, i am getting "error ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)"
also when i configured address book on mozilla on server., it is working fine.but not working on another machine.is any configuration is missing on client machine.both ldap server and client are configured on rhel4es without any firewall or selinux.
I took to yast to install ldap. I creating the CA cert, server key and server cert and specified them during the yast ldap server dialogs.
The firewall is open for ldap.
I also went through yast's ldap client ... though I didn't exactly see to anything (presuably it wrote up a configuration file somewhere).
However when trying use the basic ldap tools, like ldapwhoami. Well it doesn't connect and gives me the above error. Of coure the ldap db is unpopulated as yet, so it probably is not able to say who am at all. But ldapadd doesn't work either.
It seems to point to my SSL usage not being correct .. so I'm trying to double check that now.
i have successful secure ldap replication but i could not make ldap client to direct its authentication to slave ldap
here is my config file on ldap client (i am not sure if it is the right place though)
ip : 192.168.1.183 is master ldap
ip : 192.168.1.185 is slave ldap
pico /etc/ldap/ldap.conf
#
# LDAP Defaults
code....
I installed CentOS 5.2 and then run yum update. I configured this server as LDAP/Samba primary domain controller. LDAP seems to be OK and for testing I am able to create users with:smbldap-tools useradd -am usernameI can ssh into the server as root and also as a Linux user which was locally created in the server. But ssh into the server as LDAP user fails (from a Fedora 11 machine) with "Permission denied, please try again", prompting again for password.Some data:
# rpm -qa | grep ldap
python-ldap-2.2.0-2.1
php-ldap-5.1.6-23.2.el5_3
[code]....
I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
Code:
AuthType Basic
AuthBasicProvider ldap anon
Order allow,deny
Allow from all
This part by itself works for the LDAP authentication:
Code:
AuthName "System Admins"
AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com
This part works by itself for guest access:
Code:
Anonymous guest
Anonymous_VerifyEmail Off
Anonymous_MustGiveEmail Off
Anonymous_LogEmail on
Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?
I'm trying to set up a Linux server and I am new to this. I have gone through most of the configuration using SAMBA 3.0 and when I populate the ldap directory all I get this error before the password request:
Then when I perform an ldapsearch to see if the directory is populated I get this message:
I'm positive all my .conf files are done right.
I'm checking with a sniffer and there's activity going on between the client and the LDAP server... as a matter of fact, the sniffer shows that the search is producing one ldap item, however, php says it can't contact the ldap server (after it has bound and everything):
The script is working beautifully on another host with debian.
why i can't login on the ldap-client via ldap, so here is a short description of my machines (i use openvz virtualising)I have on the HN (Debian Lenny) 2 VE's, which are in the same subnet (192.168.1.0/24)The first VE (Hostname: ldap1, IP: 192.168.1.91) is the ldap-server, which is so configured, that i can manage the server via phpldapadmin.The second VE (Hostname: ftp1, IP: 192.168.1.31) is the ldap-client, there should run a sftp-server in the future and the sftp-server(ssh-server) should use ldap-usernames to login. on the ftp1, i get with this command getent passwd the users configured on the ldap-server, but with the command id USERNAME the result is, that the user doesn't exist. (USERNAME is this name, i get returned by getent) and if i try to login via ssh, i get permission denied. and because the machines are openvz-virtual-machines, so i can't login on them like on a normal system, but a su USERNAME doesn't work too, because the user is not known on the system.
my installation:
i don't think, that the ldap-server is the problem, because the phpldapadmin and getent on ftp1 are working perfectly, but if you want, i can post the config here too. the VE ftp1 was configured with the following how-to: [URL] and pam is configured like in the chapter "PAM setup with pam_ldap" on [URL]
I've setup an Ubuntu 10.10 LDAP Client to authenticate off my LDAP server. I've install the following: sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nscd ldap-utils pam_ccreds Here's my /etc/nsswitch.conf: passwd: files ldap [NOTFOUND=return] db group: files ldap [NOTFOUND=return] db
[Code]...
I've compiled openssh-5.4p1 on RHEL 4.8 with Openssl 0.9.8m + pam It works perfect without pam (pam-0.77-66), both with password and public key auth. Whith pam enabled and LDAP (openldap-2.4.21, from scratch) something strange happens: system users: I can do ssh with both password and public key LDAP users: public key works for remote users, still I cannot do ssh with just password. I'm trying a custom PAM configuration, because the default one (even with authconfig + LDAP ) blocks ssh even with system users.
My pam SSHD configuration is:
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_ldap.so use_first_pass
[code]....
My LDAP users are ok: i can do "su - " remote LDAP (so that nss_ldap is OK), also getent passwd and getent group is ok.
I have LDAP authentication working via SSSD using authconfig-tui and a few minor modifications to sssd.conf (ie: max_id etc). The problem I am having is it would appear /etc/ldap.conf is being ignored and/or setups that work perfectly on RHEL5, F11 and F12 no longer work on F13. Specifically Im referring to "pam_check_host_attr" and "nss_map_attribute". It refuses to honor either of these options and I can only assume a number of the other options in our ldap.conf. For instance, "nss_map_attribute" is defaulting to the standard "homeDirectory" rather than "homeDirectoryLinux". This is related to a bunch of OSX clients we have and its not optional to use another setup. The host restriction is also a major issue.
Relevant sssd.conf:
[domain/default]
auth_provider = ldap
cache_credentials = True
can anyone tell me what is the difference between these two files of LDAP client /etc/ldap.conf and /etc/ldap/ldap.conf and for what purposes these two files gives services. Is it necessary to have these two files at a time ?
I use these files to install LDAP client to authenticate with our LDAP server by creating a symbolic link of /etc/ldap.conf to /etc/ldap/ldap.conf.
I had a machine that is using ldap, but need to remove it completely.I edited the /etc/nsswitch.conf and removed all references of ldapand renamed /etc/ldap.conf to /etc/ldap.conf.bakI can log in as root, but cannot log in as any user in /etc/passwdIn the /var/log it shows pam_ldap: missing file "/etc/ldap.conf"I am guessing I am missing something else?I never set this machine up for ldap, was here when i got here, so not sure of steps to even put ldap on.
View 2 Replies View Relatedwe have a weird problem with our opensuse 11.2 server installation.
We want to set up a LDAP Server using the Yast-LDAP Server configuriation tool.
This indeed already worked weeks ago until....this week.
Maybe some updates??!
I do not know what happend exactly. The server just does not want to start again and throws following error:
Starting ldap-serverstartproc: exit status of parent of /usr/lib/openldap/slapd: 1 failed
This happend after a little check of the configuration, but without a change, with Yast. Google delivered only "reinstall your box"-answers.
So.. i did that. And now the "mystical" part: The SAME ERROR occurs with a fresh vanilla system with a brand new and simple configuration (certificats, database, pw...the first Yast config dialog...). I did not change the way i set it up.
I remember, when i did this the first time with 11.2 on that machine, when no problems occured...everything was running out of the box (except the "use commen server certificate" option...).
Just installed openldap server on a VM CentOS called 'ldapsrv', it works fine, ldapsearch returns all ldap information.
Installed openldap client on another VM CentOS called 'ldapclient1', configured it with most basic configuration, no ssl/tls etc. but ldapsearch returns error:
ldapsrv is pingable:
Some outputs:
PHP Code:
PHP Code:
Upgraded from 10.04 to 10.10, gnome didn't load on reboot, tried typing startx and got this error:
Code:
(EE) Failed to load /usr/lib/xorg/extra-modules/nvidia_drv.so
(EE) Failed to load module "nvidia" (loader failed, 7)
(EE) No drivers available.
Fatal server error: no screens found I had the nvidia proprietary driver installed before upgrade. Using a nvidia g-force 7300 graphic card. Anything I can do on my end to fix this? Any easy way to go back to 10.04? Or should I just reinstall 10.04 from the CD-ROM and forget about 10.10 before it's stable?
I have upgraded from 13.1 to 13.37 on three PCs. No problems on 2 of these (home server and laptop), but on the third machine (main Desktop, where most KDE customisation had been done of course), KDE refuses to start for the main user (me). It will start OK for root and xfce will start OK for me, so X is OK with the updated NVIDIA driver that I have also installed. The KDE splash screen starts up and four of the five splash icons come into focus, but the fifth one never does. Some disk rattling goes on for a while but then ceases.
I have tried renaming the .kde folder and .kderc but this has not helped. Are there other KDE config files that I could try renaming / removing? Or are there log files / error messages somewhere that I should consult.
Obviously I am not in a position to change any KDE system settings from the KDE application.
Just tried KDE with a newly-created user and it's the same as with my user - no desktop. So KDE is only starting for root.
I have a machine running Centos and hosting 3 KVM VM also running Centos. After applying upgrade C 5.6 to host and to VMs one of my machines does not start with nwfilter option enabled in it's domain definition. Only following error is visible on console:
marcinw$ sudo virsh start av
error: Failed to start domain av
error: internal error Could not get access to ACL tech driver 'ebiptables'
Before upgrade everything worked as expected. Packages iptables ( enabled ) and ebtables ( not enabled ) are installed on host. SELinux is disabled.
I am aware that there is a qmail-ldap package to have ldap back end for qmail. But I need only user authentication for qmail through ldap (not the backend; i.e still keeping Mysql as the database). I am pretty new to mail server configuration. I have just configured a (q)mail server (which is currently my sand box) and am able send and receive emails. I am planning to add ldap authentication (just that) to it. Can anyone point me to the right direction?
View 6 Replies View RelatedSome quick background info: I am not a Linux expert, but I'm not sure I can still qualify as a "newbie", since my first Linux install was RH9 in 2003. I later upgraded to FC3 and continued to use it until my hard drive crashed around a year ago. I suffered on an old WinXP machine until I was able to buy a new system from someone on Craig's list. Although the guy didn't realize it (hence neither did I), it has a 64-bit processor, so when I installed Fedora 10, I installed the x86_64 version.I chose F10 since I use the Planet CCRMA pro audio packages, and they lag slightly behind the latest and greatest distro versions. I'm also not a bleeding-edge kinda guy, since - as I said above - I am not an expert.
So, then, here's what's happened: I installed F10 by downloading the 64-bit DVD image from the Fedora Unity respin site. As I had hoped, after the installation when I asked yum if I was due for an upgrade it said I was up to date.That was fine for a few weeks, but then this past Sunday I got a pop-up message saying that I was due for a system upgrade. I was hesitant, as I usually am before making any drastic changes, but I figured this is Fedora, they want to do the upgrade, this has got to be pretty safe. Not so much.I fired off the upgrade before heading to bed and let it run overnight (it actually took only an hour or two, but I started it late). In the morning I found my system with a blank screen and essentially unresponsive. I can move a block cursor around the screen, and if I type anything it is echoed on the screen, but there is no response; I don't believe I am in a shell of any kind.
Hitting CTRL-ALT-DEL reboots the system, and it gets past the grub menu and the Fedora start-up progress bar (the dark blue/light blue/white text blocks with "Fedora 10" at the right). After the progress bar finishes, though, the screen goes blank (maybe X is starting up?) but never gets anywhere. That's when I can type stuff on the screen, but nothing provokes any kind of response (except for CTRL-ALT-DEL).I'm mildly curious to know if the recommendation about upgrades vs. fresh installs, as given in the sticky post on this forum, still applies, or if it is now considered safer to let the system upgrade itself when it feels ready.
What I really need to know, however, is where I should start in order to get my system back. Should I go to the command line from the grub menu? Boot from my install disc in rescue mode? I'm not even sure what I should look for once I've done either of these, so I'm kind of floundering ...This PC has a dual-core Pentium 4 running at 2.9 GHz, and apparently it's a 64-bit processor. The video card is by NVidia, but I don't know the exact card off-hand. There's a built-in Intel sound card of some kind and I added an M Audio Delta 1010LT multi-channel card.
I had postgresql 8.3 running on opensuse 11.0, recently upgraded to 11.2 (so postgres is now 8.4) and have problems starting it. I make, su, then as root run:
# /etc/init.d/postgresql start
Your databases are still using the format of PostgreSQL 8.3.
Therefore a backup of the old PostgreSQL server program will be used
until you have saved and removed your old database files
See also /usr/share/doc/packages/postgresql/README.SuSE.{de,en} .
Starting PostgreSQLsu: incorrect password
[Code]...