I have this group "cn=admins,ou=groups,dc=home,dc=com" And I've configured slapd in the new way so I'm not using slapd.conf (I think). First I thought about just modifying the files at /etc/ldap/cn=config/....... but that didn't work. How do I make that group into an admin-group with all the rights ?
View 3 RepliesNow I have set up a terminal server at work, with Ubuntu 10.04LTS and Free NX terminal server. All works great, over all expectations. But I have some file permission problems. In the home folder I have mad a folder where files that all users should have full access to is put. The problem is that when a user puts a file there, only that user have full access to that file, other users only have read rights. How can I make it so that all files put in this folder have full rights for members in the group "staff"?
View 3 Replies View RelatedWhen I run an exe-File, I become the message: -bash: ./a.out: Keine Berechtigung (No rights)
I have all Rights on the Folder and on the file. I suppose that the problem is that my group "Benutzer" has no rights to execute files. Where can I change the rights of my group?
I have joined the domain (server 2003) and can log in consistently now. Now I would like to give all the windows users in on specific group (domain power users) SUDO rights on the machines in question. I have found one way to add users on a pr. user basis, but adding 30 users will take some time.
View 4 Replies View RelatedI've installed Directory Server (LDAP). The setup has been done according to the tutorials online. Able to access the interface as well. So far so good. The issue I have is with permissions. I can assign file permissions to a user created in the Directory Server ( user not created on the local server). But the same can't be done for a group - alteast the way I currently see it. How could i assign file system rights to a group created in the directory server.
View 5 Replies View RelatedI am trying to set up a simple home file-server for media and backups, using an old Atom board I had lying around and 1GB memory, so I don't want a full desktop. All goes well with installing server 10.10, using LVM for my data disk. However, I wanted some GUI tools since I am not familiar with the CLI, so I installed gdm, xorg, and gnome-core as suggested in some threads and forums.So far so good, it boots into the Gnome desktop, but I can't get sudo access with anything (synaptic, gkedit, etc.) - always "incorrect password". I am fine from the console; I reset my user password, no luck; I set up another admin user, and that also works in console but not the desktop.I have no idea where to go next and can't find anything that works in the forum
View 4 Replies View RelatedI have OpenVPN setup and running on my home server (Lucid Lynx). I move around alot and use Portable OpenVPN to connect to my home server. The problem is a lot of the computers I use I do not have admin rights to install the necessary routes to connect. So my question is this. Can OpenVPN be configured to use PPTP protocol? Because I have PortableVPN on my U3 flash drive and that VPN client does not need admin rights to run. If OpenVPN cannot do this, and from my understanding of its archetecture it cannot, but I must admit i am no authority on the matter. Can you suggest a workable solution, ie. install and setup this server software and use this portable client software.
View 1 Replies View RelatedI want to create a new LDAP database.
Part of the new configuration is
Code:
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
[Code].....
There are several parts of problems in my question.
1. Install openLDAP and authenticate clients
2. Simple way to authenticate Ubuntu clients (just like Windows simple domain model, but Linux)
Part 1 What I have done: I have been working on openLDAP for the past 4 weeks. There is a lot of information on LDAP and I have read a lot of it There are several guides out there for openLDAP installation on Ubuntu, and I have tried many of them, and reinstalled the server between tests.
[Code]...
Part 2 Simple way to authenticate Ubuntu clients (just like Windows simple domain model, but Linux)
I have tried to find something similar to Windows client login, but haven't found anything that works. I just need to be pointed to somewhere to read about the authentication model in Linux. I can work out my from there. It must be something very simple I am missing, because when I read som echapters in The Ubunutu Bible, I can't find anything on it.
I'm using openldap(slapd) to store user account..But how can i ensure that each UserID can be only login on one machine at any one time?
I'm using ubuntu for both client and server..
I'm trying to set up an OpenLDAP server on a clean install of 10.04 server (AMD64). Following the server guide [URL] I get down to the "Setting up ACL" step:
$ ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W oldDatabase=hdb oldAccess
This command fails with "ldap_bind: Invalid credentials (49)"
When I replace the dn with what it seems like it should be:
$ ldapsearch -xLLL -b cn=config -D cn=admin,dc=example,dc=com -W oldDatabase=hdb oldAccess
I get "No such object (32)"
I have a feeling this is because 10.04 no longer asks you for the admin username and password during the initial debconf (nor does dpkg-reconfigure).
I can continue through the guide using this form of the commands (which were used earlier in the Guide):
$ sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config olcDatabase=hdb olcAccess
But I'm a little concerned that I'm not able to properly use the admin user to make LDAP changes to the configuration. It also seems like the Server Guide ought to use the 'sudo ... -Y EXTERNAL' form of the commands throughout if cn=admin,cn=config isn't going to work.
I have slapd-server running but it seems to refuse connections in a very odd way. Wireshark shows that everytime JavaEE-client tries to connect, only 2 packages are sent. As I understand, in tcp/ip protocol, the first is just "hello, who's there". The last is just a message consisting of ACK and RST. I think RST means "we're done". At this point I don't think any credentials are checked so I don't know what could be wrong
View 1 Replies View RelatedI'm trying to follow the OpenLDAP docs that are part of the Ubuntu 10.04 Server Guide, listed here:
I get about halfway through, to this command:
sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif
When it asks me to "Enter LDAP Password:" and nothing I have tried works. I thought it might have been "olcRootPW: secret" set in the backend file in the step before, but that isn't working.
I recently followed a tutorial on how to get OpenLDAP running with Samba on Lucid. It worked pretty well.Here's my very frustrating problem with it. For the first 5 - 10 minutes after rebooting, password handling (possibly PAM?) is hosed, including for users in LDAP authenticating via Samba.In fact, I think the only reason I can SSH into the machine during that window is because I happen to have certificate authentication enabled and my client uses that.When I try to do a sudo command after logging in, though, and have to enter the password, it hangs. I've searched logs and haven't come up with much.I *think* it's related to this bug, but I'm not sure.And here's what's killing me ... it's not easy for me to figure out how to ensure that slapd starts before smbd and rsyslog (I read somewhere else that it needs to start before that for some reason) b/c most of the jobs are upstart jobs, but slapd is not.By default it runs at S19 in rc2.d, and I've tried manually lowering that as far as S05 or S07, but I'm still having trouble.
View 1 Replies View RelatedI work for a college with many departments. I'd like to just deploy one LDAP/krb5 server (plus slave replicas) to authenticate all users in all departmentsIs it possible to do this?The proposed DNs for the departments matches what is done for NIS now.If anyone has any pointers or URLs that describe how to properly do this.
View 1 Replies View RelatedI have set up an OpenLDAP server to use as an common address book for my users.
I have all the addresses in a spreadsheet.
Is there a easy way to get this data into LDAP?
I am new to ubuntu and just installed the vsftpd service by this tutorial: [URL]. Now my question is how can I give users rights to one specific folder?
useradd username -d /home/folder/new
Thats the command id used but when I login to the ftp the user is able to see all other folders as well ..
I have Unbuntu 2.32.1 Build date 14/4/11 I have Samba Installed I also have 8 Sata drives all with NTFS most of them have a lot of data on them. All my drives were used on an old windows 7 system, and now I wish to have them in a server setup.
My clients are all windows users apart from 1 witch is an Unbuntu desktop user. The problem I have is access rights or permissions none of the clients can gain access to my NTFS shares. I am using a GUI on my server (Gnome) as I am not very clued up with command lines in Unbuntu just yet.
Small office... 20-30 computers all windows based. xp/vista/windows 7. 3 Servers running ubuntu 10.04... 1 domain controller, and two file servers with samba. We want to be able to login once in the morning, and then not have to worry about users/passwords at all throughout the day. So I was thinking that I could setup a PDC and then make the two filservers both BDC's and use ldap to authenticate everything. Would this even work out? and is there a better way to do it?
View 9 Replies View RelatedI am planning to deploy an OpenLDAP server in my LAN for basic authentication, but I have no idea how to do it. I would like to know how to configure an OpenLDAP Server, and I would also like to know about knowledge resources, if any.
View 3 Replies View RelatedAfter installing F11, I installed OpenLdap with the command "yum -y install openldap*" And added the password obtained through the command "slappasswd -s password -h {MD5}" into /etc/openldap/slapd.conf. Also, I specified the domain information within the file on "suffix" and "rootdn". I also modified the domain name in both /etc/openldap/ldap.conf and /etc/ldap.conf. I copied the Copied the /usr/share/doc/openldap-servers-2.4.15/DB_CONFIG.example to /var/lib/ldap/DB_CONFIG. Then started the server with the command /etc/rc.d/init.d/ldap start I then was able to create and delete OU's and CN's with the help of ldapadd and ldapdelete. I also created PERSON records using the base.ldif file with the content ;
dn: cn=user1, ou=domain, dc=example, dc=com
objectClass: person
cn: user1
sn: user1
Everything is OK until I try to add a person with an email address in the "mail" attribute. The error message is ;
***************************
adding new entry "cn=user1, ou=domain, dc=example, dc=com
ldap_add: Object class violation (65)
additional info: attribute 'mail' not allowed
***************************
This error message is appearing also with "uid" attribute. I have searched some forums and found some suggestions to include the line
"include /etc/openldap/schema/inetorgperson.scheme" in the file /etcopenldap/slapd.conf, which is already in.
A time ago I've been trying to implement a PDC linux server with Samba and Openldap for centralized authentication for windows and linux clients, but I can NOT get it. So I read somewhere that there is another option called Directory Server and maybe that is possible to do. According to your experience do you recommend any 'how to' or 'tutorial' that will permit implement a PDC server for authenticating and sharing files and printers for windows and linux clients?
View 2 Replies View RelatedI've setup an openldap server, and am trying to add .ldif files to the database.
I am constantly getting the following error, no matter what I do:
Code:
$ su -c 'yum install wine'
this forum won't let me put all the text in Transaction Check Error: package openldap-2.4.21-6.fc13.x86_64 (which is newer than openldap-2.4.21-4.fc13.i686) is already installed package nss-softokn-freebl-3.12.4-19.fc13.x86_64 (which is newer than nss-softokn-freebl-3.12.4-17.fc13.i686) is already installed
I have set up Ubuntu 10.04 and am running it on a VPS. I have everything the way I want it but I have encountered a problem. When I created my user, I did this:
adduser myname
that worked fine, it also assigned me to group called myname, which isn't what i wanted. so i tried to change my group to staff with the following:
sudo usermod -g staff myname
it works fine and i can verify my new group by:
groups myname
and get:
staff
but...now here come the bit I don't understand, when I make a new file/folder and then look at their ownership it is the old group (ie. myname). is this right? shouldn't the ownership of the file now be myname staff? not myname myname.
this is what i did to create a new file, while logged in under myname:
touch a
mkdir da
ls -al
I've been trying to set up a Linux-only network and currently have a working DHCP, DNS, LDAP and NFS server, with a client that can authenticate with the LDAP server and a central /home folder.However, if I wanted to share folders on the NFS server, how would I make the share available to, for example, a particular group of users in the directory?I've never used NIS(+) on a network, but believe you can add a 'group' of users in the /etc/exports file--simples!Does anyone know of the best way to do it (even better anyone who is doing this in a production environment)?
View 5 Replies View RelatedI have server 9.04 and joined thru winbind to Windows Domain and subversion installed.Windows AD users can use their own credentials to join and everything is working fine.However the group svn which is used to access the repos in /etc/groups has some users.However I would like to add the domain users group to the svn group but the domain users contains Space. And /etc/groups does not happend to read the space any ideas on how to add "domain users" to the svn group in /etc/groups
View 1 Replies View Relatedi created a directory in my webserver as well as a group "webdevs" which I want to give write permissions to, and include my user so that i can edit.i used [addgroup webdevs] then [adduser MYUSER webdevs].then [sudo chown root:webdevs MYDIR]then [sudo chmod 774 MYDIR]when I try to cd to MYDIR under MYUSER, I get permission denied.
View 3 Replies View RelatedI've installed OpenLDAP and libnss-ldap, as instructed in this tutorial. Then I try to login but I got the error
Code:
groups: cannot find name for group ID 10000
Here's the user and group ldif entry that I use to login
Code:
dn: uid=iwan,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
[code]....
Me and 2 others are working on a website (Bob, Mike, and Joe). We made a group called developers and each of us are in the developers group. The Apache server runs as www-data. When we upload files, the file owner is the users name and the group is "developers".
/etc/group has the following
Code:
www-data:x:33:
bob:x:1000:
mike:x:1001:
[Code]....
I have always just set everything to 775 and just called it good. Well I don't want to wake up to a Russian political message plastered all over the site. It's time I do things properly.