Ubuntu :: Offline LDAP Client Cannot Login With Cached Credentials
Mar 17, 2011
I have an LDAP server holding user/pass/group for many users. Due to network issues, the server sometimes is unreachable and clients cannot login, current sessions usually freeze after a while. All client have ubuntu 10.04.2 x64.
I have went through the outdated howto to cache the LDAP credentials.
I setup the required packages
daily cron "nss_updatedb ldap"
and edited '/etc/nsswitch.conf' to have "files ldap [NOTFOUND=return] db" for both passwd and group.
[Code]....
View 2 Replies
ADVERTISEMENT
Aug 9, 2010
why i can't login on the ldap-client via ldap, so here is a short description of my machines (i use openvz virtualising)I have on the HN (Debian Lenny) 2 VE's, which are in the same subnet (192.168.1.0/24)The first VE (Hostname: ldap1, IP: 192.168.1.91) is the ldap-server, which is so configured, that i can manage the server via phpldapadmin.The second VE (Hostname: ftp1, IP: 192.168.1.31) is the ldap-client, there should run a sftp-server in the future and the sftp-server(ssh-server) should use ldap-usernames to login. on the ftp1, i get with this command getent passwd the users configured on the ldap-server, but with the command id USERNAME the result is, that the user doesn't exist. (USERNAME is this name, i get returned by getent) and if i try to login via ssh, i get permission denied. and because the machines are openvz-virtual-machines, so i can't login on them like on a normal system, but a su USERNAME doesn't work too, because the user is not known on the system.
my installation:
i don't think, that the ldap-server is the problem, because the phpldapadmin and getent on ftp1 are working perfectly, but if you want, i can post the config here too. the VE ftp1 was configured with the following how-to: [URL] and pam is configured like in the chapter "PAM setup with pam_ldap" on [URL]
View 3 Replies
View Related
Feb 8, 2011
Anyone out there having expirience with iFolder. I've used the following tutorial: [URL] to install it. I used libflaim as a database (no LDAP). All web interfaces work well (admin, ifolder). I can create users and make folders. But when I try to login with a desktop client (windows or linux) I get an error message invalid credentials and this message in Simias.log:
[Code]...
View 6 Replies
View Related
Jun 15, 2010
Any step by step guide for LDAP server & client configuration. From installation.... to.... client login to ldap ubuntu server.
View 2 Replies
View Related
Jan 26, 2010
I have 389-DS ( Fedora DS) setup on CentOS 5.3 and working fine. I configured LDAP Client and want to login as user created under fedora DS Client. From Client Machine, I can easily see:
Code:
[root@fedoraDS-Client ~]# id ajrain
uid=569(ajrain) gid=569 groups=569 context=root:
system_r:unconfined_t:SystemLow-SystemHigh
This is User from LDAP Server (fedora DS Server) which is showing in Client Machine. So It means its retreiving value from Server. Correct? Now When I am trying to login , it says "Server unexpectedly closed network Connection". When I supplied user password:
Code:
login as: ajrain
ajrain@fedoraDS-Client's password:
The File /var/log/secure says:
Code:
Jan 27 02:39:27 localhost sshd[3996]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0
tty=ssh ruser= rhost=10.210.53.104 user=ajrain
Jan 27 02:39:27 localhost sshd[3996]: Failed password for ajrain from 10.210.53.
104 port 1241 ssh2
Jan 27 02:39:27 localhost sshd[3997]: fatal: Access denied for user ajrain by PAM account configuration
View 1 Replies
View Related
Jul 11, 2010
how to login with ubuntu ldap server account from ubuntu client(karmic). Ubuntu server and client setup is done properly but not knowing how to login to ldap server graphically from ubuntu client. I don't want to login via SSH
View 2 Replies
View Related
Jan 26, 2009
So I've configured ldap on Centos5 64 bit and I can run "ldap search" and "gentent passwd" on the client/server and it shows my users info.
But I can't login via the cli or GUI.
I can login by doing;
su - username
at the client or server but I can't login by issuing;
login username
or at the GUI login screen.
View 2 Replies
View Related
Jul 28, 2010
I just tried to build my own samba/ldap server on opensuse 11.3 and i am continuously getting an invalid credentials error when doing the smbpasswd -a command. Below are my smb and ldap files.
smb.conf
# Primary Domain Controller smb.conf
# Global parameters
[global]
unix charset = utf8
workgroup = MERCDOMAIN
netbios name = mercserver
passdb backend =ldapsam:"ldap://mercserver.mercdomain.com"
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 0
#name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel '%u'
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
logon script = logon.bat
logon path = \mercserverprofiles\%u
logon drive = H:
domain logons = Yes
domain master = Yes
wins support = Yes
# peformance optimization all users stored in ldap
ldapsam:trusted = yes
ldap suffix = dc=mercdomain,dc=com
ldap machine suffix = ou=Computers,ou=Users
ldap user suffix = ou=People,ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=Manager,dc=mercserver,dc=com
ldap ssl = off
idmap backend = ldap://127.0.0.1
idmap uid = 10000-20000
idmap gid = 10000-20000
printer admin = root
printing = cups
# = Share Definitions =
[homes]
comment = Home Directories
valid users = %S
browseable = yes
writable = yes
create mask = 0600
directory mask = 0700
[sysvol]
path = /home/data/samba/sysvol
read only = no
[netlogon]
comment = Network Logon Service
path = /home/data/samba/sysvol/vavai.net/scripts
writeable = yes
browseable = yes
read only = no
[profiles]
path = /home/data/samba/profiles
writeable = yes
browseable = no
read only = no
create mode = 0777
directory mode = 0777
[Documents]
comment = share to test samba
path = /home/data/documents
writeable = yes
browseable = yes
read only = no
valid users = "@Domain Users"
slapd.conf
UW PICO 5.04 File: /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba3.schema
modulepath /usr/lib/openldap/modules/
# moduleload back_bdb.la
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
# Samba Primary Database mercdomain.com
database bdb
suffix "dc=mercdomain,dc=com"
directory /var/lib/ldap
rootdn "cn=Manager,dc=mercdomain,dc=com"
rootpw merc84
index entryCSN eq
index entryUUID eq
#access to attrs=userPassword,sambaLMPassword,sambaNTPassword
# by self write
# by dn="cn=Manager,dc=mercdomain,dc=com" write
# by * auth
#access to *
# by dn="cn=Manager,dc=mercdomain,dc=com" write
# by * read
# Indices to maintain
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
ldap.conf
UW PICO 5.04 File: ldap.conf # LDAP Master
host mercserver.mercdomain.com
base dc=mercdomain,dc=com
binddn cn=Manager,dc=mercdomain,dc=com
bindpw merc84
bind_policy soft
pam_password exop
nss_base_passwd ou=People,ou=Users,dc=mercdomain,dc=com?one
nss_base_shadow ou=People,ou=Users,dc=mercdomain,dc=com?one
nss_base_passwd ou=Computers,ou=Users,dc=mercdomain,dc=com?one
nss_base_shadow ou=Computers,ou=Users,dc=mercdomain,dc=com?one
nss_base_group ou=Groups,dc=mercdomain,dc=com?one
ssl no
View 1 Replies
View Related
Dec 2, 2010
I've setup an Ubuntu 10.10 LDAP Client to authenticate off my LDAP server. I've install the following: sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nscd ldap-utils pam_ccreds Here's my /etc/nsswitch.conf: passwd: files ldap [NOTFOUND=return] db group: files ldap [NOTFOUND=return] db
[Code]...
View 9 Replies
View Related
Mar 13, 2010
i have configured ldapserver on rhel4 for creating address book
following are configuration files on ldap server
/etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
i am able to import this ldif file into database.also when i perform the ldapsearch on this server with command"ldapsearch �x �W �D �cn=manager, dc=example, dc =com� �b �dc=example, dc=com�" i get correct output.
but when i am trying to search from another client machine, i am getting "error ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)"
also when i configured address book on mozilla on server., it is working fine.but not working on another machine.is any configuration is missing on client machine.both ldap server and client are configured on rhel4es without any firewall or selinux.
View 3 Replies
View Related
Apr 5, 2010
i have successful secure ldap replication but i could not make ldap client to direct its authentication to slave ldap
here is my config file on ldap client (i am not sure if it is the right place though)
ip : 192.168.1.183 is master ldap
ip : 192.168.1.185 is slave ldap
pico /etc/ldap/ldap.conf
#
# LDAP Defaults
code....
View 11 Replies
View Related
Sep 8, 2009
I installed CentOS 5.2 and then run yum update. I configured this server as LDAP/Samba primary domain controller. LDAP seems to be OK and for testing I am able to create users with:smbldap-tools useradd -am usernameI can ssh into the server as root and also as a Linux user which was locally created in the server. But ssh into the server as LDAP user fails (from a Fedora 11 machine) with "Permission denied, please try again", prompting again for password.Some data:
# rpm -qa | grep ldap
python-ldap-2.2.0-2.1
php-ldap-5.1.6-23.2.el5_3
[code]....
View 1 Replies
View Related
Oct 30, 2009
I installed openLdap on a debian machine for some testing. I followed the instructions here. [URL] Now when I try to do any thing it prompt me for password Which I do remember correctly. However it comes back with error.
Code:
~# ldapsearch cn=admin
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
View 1 Replies
View Related
Feb 15, 2011
I am setting a ldap server by reffering [URL] and getting following error in step #12
[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/adminmart.com.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
I am using RHEL 5.5.
View 4 Replies
View Related
Mar 7, 2010
1. I can connect to my slack 13 laptop via PuTTY on my GF's windows laptop. Can I actually copy things from my laptop to her machine using 'scp', or is PuTTY just used for browsing my linux filesystem on a windows machine? Google has been telling me about some software called 'WinSCP', which can copy files over, but I was just wandering if i can do this anyway using PuTTY?
2. The first time i did connect to my laptop from my GF's laptop (and also my ubuntu desktop) I get the warning about the host key is not cached in client machine("the server's rsa2 key fingerprint is: ssh-rsa XXXX xx:xx:xx:xx:xx:xx: etc etc). I understand why this happens, but I have no idea where to find this value on my host laptop. I can find the actual key, but not the fingerprint (i.e. the xx:xx:xx:xx:xx:xx:xx" etc). i blindly typed "yes" to get SSH working?
3. When i connect from the internet (rather than over my home network) will i need some kind of 'shell login account' to do this cuz i dont have a static IP. ie i'd like to do 'ssh tom@myAccount.com' rather than 'tom@123.432.32.23'? Where or how can i make this happen?
View 14 Replies
View Related
Sep 9, 2010
I have configured SquirrelMail on my RHEL 5.4 machine for learning purpose and I am stucked at the final step. I am following this doc.
After configuring, I have browsed to [URL] Here, server.red.com is the hostname of my server.
This page is asking Name and Password from me, but I haven't given any credentials while configuring it.
Are there any default credentials ? Or may be I need to change my config files or something ?
View 14 Replies
View Related
Sep 28, 2010
Just installed openldap server on a VM CentOS called 'ldapsrv', it works fine, ldapsearch returns all ldap information.
Installed openldap client on another VM CentOS called 'ldapclient1', configured it with most basic configuration, no ssl/tls etc. but ldapsearch returns error:
ldapsrv is pingable:
Some outputs:
PHP Code:
PHP Code:
View 20 Replies
View Related
Feb 28, 2016
I've been working on building an LTSP server for diskless booting. I have a tftp server that's booting the system. I followed the steps on [URL] .... to build the LTSP server.
I had to make one change from the guide. I have a cisco router that's acting as the DHCP, I'm not very familiar with Cisco IOS so instead of playing with that, I decided to modify the default file on the PXE.
I commented the kernel append line and added the following instead
/srv/tftp/ltsp/amd64/pxelinux.cfg/default
Code: Select allappend initrd=initrd.img-3.16.0-4-amd64 init=/sbin/init-ltsp root=/dev/nfs rw nfsroot=10.0.5.99:/opt/ltsp/amd64 ip=dhcp
I'm mounting the nfs as a rw file system for now. I'm planning to make it read only once I have it working the way I want. In addition to this, I also chroot into the LTSP root and installed lightdm + mate. As I understood what I read, this would boot the environment on the diskless system. All of this seem to work correctly.
What I need to do next is to find a way to setup the LTSP clients to log in by authenticating on the active directory. I understand that the login account used by the LTSP client has to exist on the LTSP server.
I have successfully added the LTSP server as a worksation within the windows domain and I can log into domain accounts from the LTSP server but domain credentials do not work when using an LTSP client, I can only log in if I use an account that exists on the LTSP server. I wanted to know if there is a way to accomplish AD authentication.
Do I have to build an LDAP server on the LTSP server, sync accounts with the Active Directory to be able to log in with AD credentials?
View 2 Replies
View Related
Dec 7, 2010
I've followed the Host Based Authentication Part from this page: [URL]...I cannot get it to work. When I delete the 'ldap' from the shadow line in /etc/nsswitch.com all my ldap users cannot login. Yes I've uploaded the ldapns.schema, activated hostObject and added the machine name to the host attribute to my test ldap users. I get this error from /etc/auth.log: sshd[3979]: pam_ldap: ldap_initialize Bad parameter to an ldap routine
[Code]...
View 3 Replies
View Related
Apr 15, 2010
I am getting a problem that whenever I loged in with my ldap user on a ldap client and try to change the password of ldap user it doesn't allow me to do so...
azizf@pc:~$ passwd
passwd: User not known to the underlying authentication module
passwd: password unchanged
azizf@pc:~$
[Code]..
View 14 Replies
View Related
Dec 6, 2010
At my Uni, we use a web-based login for our internet connections. Its based off of Cisco, and every Wednesday night every computer on campus must re-enter their credentials to use the network.
Normally on my several computers I simply pull up the Terminal, point links to google.com using
Code:
And enter my credentials when Cisco redirects to the login page.
Literally, the process is
Code:
Then ENTER to accept the redirect, down arrow to skip over the logo image, USERNAME, ENTER, PASSWORD, ENTER, ENTER.
Naturally, this is EXTREMELY time consuming, as I have about 5 computers located around campus and must physically walk to the machines and login every single week.
My question is, How would I formulate a program that does the following;
1) checks for connectivity (i.e. is able to reach/resolve to the greater part of the internet) and
2) automatically fills in the credentials on the links login page?
View 2 Replies
View Related
Jun 11, 2011
I configured openLdap in RHEL5 on virtual achines,everything is working fine, I created a user called ldapuser,in LDAP server and i created a home directory for ldapuser in my LDAP client, now i can able to login to the both Server and client with ldapuser account....
Now here what am expecting is i want to export my server's home directory to the client, i dont want to create home directories manually in the client machine, i googled about that, and it can be done through autofs.....
what need to be done on the client and server side.
View 6 Replies
View Related
Nov 19, 2010
(This was posted at the end of another thread, where it probably didn't belong, so reposting here)I have Active Directory set up on one machine (and I can't really adjust the settings very much) and Ubuntu Server 10.04, which I would like to use as a client.I followed the directions at https://help.ubuntu.com/community/LD...Authentication, but when I get to
Code:
getent passwd
I don't see anything from the LDAP, and ssh'ing into the box from an LDAP/AD username certainly doesn't work.
In addition, I've attempted to use Webmin's LDAP Configuration module to configure it. I can connect to the server and can browse it with the LDAP browser with my settings, but the Webmin package doesn't recognize the users (which are organized in one of four Organizational Units (OUs) within the OU that I have as my Search Base) as users,
View 1 Replies
View Related
Oct 10, 2010
We have several FC machines (from 6 to 12) that use an OpenLDAP server running on Centos 5.4 for authentication. I have now tried setting up a FC13 workstation. I notice that the authentication GUI has changed and wants me to use Kerberos or a TLS enabled server. Is there a way to get FC13 to behave like FC12 in this respect. Or (less desirable) what changes do I have to make to the server to accommodate FC13?
The workstation knows who the users are, but will not authenticate if they try and log in.
[URL]
but it didn't work for me
View 11 Replies
View Related
Jan 30, 2010
I tried collecting steps for LDAP Client setup.
View 3 Replies
View Related
Jan 10, 2010
I have 389 fedora Directory Server which is nothing but LDAP Server running on 389 Server.Its working fine on CentOS. Now I am in search of script which can be put on boot time so that the new Machine can automatically come under LDAP Client.Generally the machines are RHEL 4/5.
View 6 Replies
View Related
May 2, 2010
I am facing problem in adding new users in ldap server and client for a long time. I configure ldap server and client successfully and I can login the client machine by a user. User is created on server during configuring the server but after same time when I create a new user on server and create a home dir for the same user on client machine and assign 700 permission on home dir of same user and copy the /etc/skel/.* /home/user-dir and when run the command "#chown -R user:users /home/user" it shows invalid user error.
View 1 Replies
View Related
May 29, 2011
I have configured ldap client on openSUSE 11.3 with yast2config. Since I am able to get list of all users through getent, it seems configuration done properly. But while logging in with ldap id its prompting for password change.
Code:
login as: testuser
Using keyboard-interactive authentication.
Password:
Using keyboard-interactive authentication.
Your password has expired. Choose a new password.
You are required to change your LDAP password immediately.
Enter login(LDAP) password:
I have other solaris machine as ldap clints, which are working fine.
Do I need to change any pam config?
View 1 Replies
View Related
Jan 18, 2010
how to make a new Ubuntu 9.10 box use our LDAP/Samba server for user authentication. Our Red Hat and Windows machines all use it just fine. I've been trying to use the auth-client-config and libnss-ldap packages for this purpose, but I must be missing something. I'm pretty green with LDAP, so this is my first time diving in... Is there a good How-To or step-by-step read on this? All of my searches lead me to setting up Ubuntu as the server, and that isn't what I want. I've also tried the steps listed in [URL] for the LDAP Authentication section.
View 1 Replies
View Related
May 29, 2009
I'm new LDAP kind of stuff.I want to configure LDAP server and Client on windowsXP. could you tell me which Open source LDAP Server and client are best fit for windowsXP. Is OpenLdap not suitable for windows?
View 8 Replies
View Related