Ubuntu Servers :: Ubuntu 7.10 LDAP / Unable To Log In To The System After Reboot?
May 13, 2010
So I'm doing some tests to see if I can create a LDAP server + Domain controler with Samba on Ubuntu 7.10. It might seem weird to use such an old release but I've seen a few guides on that particular version and I thought I'd give it a tr using this guide
url
So far I'm good until I modify the pam.d and nsswitch with auth-client, after reboot I'm unable to log in to the system and I'm forced to go into safe mode and restore the backups of those files.
What should I be looking for to prevent this from happening? I'm assuming that it's essential to modify these files in order to enable the LDAP authentication on the server.
Today I'm trying to configure Postfix+Dovecot to use Samba4's LDAP database for authorisation and mail delivery. As I can see from /var/log/mail.log, Dovecot tries to bind to LDAP right after reboot , but fails:
Code:
pdcadmin@PDC1:~$ cat /var/log/mail.log Jun 9 13:06:46 PDC1 dovecot: auth(default): ldap_bind Jun 9 13:06:46 PDC1 dovecot: auth(default): ldap_simple_bind
[code].....
Believing this to be a sign of succesfull bind, I couldn't understand the reason behind it. Why do I need to restart or reload dovecot service to make it work (though it fails on the next step with "dict_ldap_lookup: Search error 1: Operations error" and "451 4.3.0 ... Temporary lookup failure")?
I'm wondering how I can enable LDAP support for my Ubuntu 10.04 LTS server running Apache 2 and PHP 5.3.2? What I'm trying to do is allow users on my existing company's LDAP system to login to my Elgg site automatically (and possibly have their details filled automatically).
I have a personal ubuntu server that provides apache, glassfish, firewall, routing, email, CVS, MySQL, etc.... This server has been running for a while with two hard drives configured into a RAID 1 array. The array has two partitions, one for swap and one for the data. I currently back up the data with a removable hard drive. I use dd and create an image of one drive and the MBRs (partition tables) of each drive.In a disaster situation I can use this data to recreate one drive and then re mirror it to the second, or just boot the back up.I like this solution because I can easily recover from bare metal, and the backup is transparent. I can browser it if needed since its an uncompressed image of the drive. The one drawback is that I need to reboot the system with a linux CD to do the backup.
My hard drive space is almost at capacity. So what I want to do is add a third drive to the array and migrate it to RAID 5. However this will cause my current backup method to no longer work. How can I back up this RAID 5 array. I need to back up the entire system, and not just the data. I have made many tweaks to the system over the years that it has been running that I can't lose if a restore is needed. I have seen a large thread here that people have been using tar. My concern with tar is how do you use a tar archive to restore a system to a new array. Im assuming that you would need to setup the array and then just restore the archive? Also, i don't have much faith in using tar on a running system. Doesn't this open yourself up to corrupted backups? My second idea is using rsync. While I consider myself experienced in linux from 10 years of personal and professions use, I have not had much experience with this utility. Would rsync provide a more reliable way to backup a running system that would enable a bare metal restore later? I once read something about people using rsync with hard links to create a backup that could store many incremental backups.My main concern with both rsync and tar is not being able to restore the OS to the state that it was in at the time of the backup.
School with linux running on students' laptops, connecting via wlan to a Debian NFS and LDAP server. Every student logs on his/her profile residing on the NFS server.The clients are set up with autofs. Earlier, I had set up the wireless network in /etc/network/interfaces, but this time I decided to configure network manager so as to bring up both wireless and wired network before logon. This setup has been working on for the last fire or five years with only minor changes. Also worked with Karmic Koala, but still with the interfaces file instead of networkmanager. The Vostro is also new here, we've previously used mostly Dell Latitude D505s.
So here is what works:
1: Clients can log on to LDAP and NFS servers both wired and wirelessly. Everything is smooth.
2: While on LAN, shutdown and restart works flawlessly (and quick as a breeze, I'm really impressed by startup/restart/shutdown times, under 25 secs!).
3: Shutdown and restart also works wirelessly when doing it either from a local account or from the GDM chooser.
What doesn't work, however, is shutting down or restarting directly from a networked account connected while only being connected over the wireless network. This is what's being displayed on the terminal after it has tried tho shut down for a while:
Code:
The system is going down for halt NOW!
acpid: exiting init: cron main process (1011) killed by TERM signal. init: tty1 main process (1365) killed by TERM signal.
[code]...
If I try ctrl-alt-del at this stage, it says:
"init: rc main process (3030) killed by TERM signal"
"Checking for running unattended-upgrades: "
And then it will hang again, until I hold the powerbutton for some seconds. The unattended-upgrades part is what seems to be the culprit. I suspect it is about the wireless network not being connected any longer or something like that, but I'm not sure about how to go about debugging shutdown scripts here. I'd be grateful for pointers. I will try and see how it goes with the old interfaces file setup, but I'd rather make nm work.
I am using CentOS 5.3. output of "uname -a" Linux localhost.localdomain 2.6.18-92.el5 #1 SMP Tue Jun 10 18:49:47 EDT 2008 i686 i686 i386 GNU/Linux
My kernal version is kernel-2.6.18-92.el5
Whenver i try to copy files from my centos to pendrive ( 2gb, kingston datatraveller) my system is gettin hanged leaving no option then to reboot. i tried from the terminal also, and as a diffrent user also. but same results. sometimes i can copy files of small size. but when i go above 5 mb..system hangs..
I am running Ubuntu Server 10.04.01. When I try to start the MySQL service with Code: sudo start mysql , I get this error:
Code: start: Unable to connect to system bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory What could I do to fix it?
Is it even possible to use LDAP on Ubuntu 11.04? After a full day of googling, every guide I can find is either for another version of Ubuntu or is horribly broken (including the official docs).
I've been working though [URL] tutorial trying to get openldap working.
When I get to the point where i'm setting up the client. More specifically when I do ldapaddgroup testgroup I am sent this error
"You must have OpenLDAP client commands installed before running these scripts"
I have installed the ldapscripts package along with all the required ones. Has anyone been through this, I imagine it's some little nuance that I am missing.
I've currently got Ubuntu server configured so that clients can login using LDAP user accounts that I've created using ldapadduser (from the ldapscripts package).
I've also got NFS exports working so that /home can be exported to clients. Kerberos authentication is enabled for NFS and clients require a nfs/clienthostname.domain principal to be able to mount the NFS share.
However, I now realise that for LDAP users to be able to access the mount they need their own Kerberos principal. If I run kinit dan@DANBISHOP.ORG then I can access /home/dan as user dan otherwise I get permission denied.
My question then is how best to proceed... is there a way to configure the client/server so that once a client has mounted the nfs share using Kerberos, all users can access it without their own principal?
It seems more usual to create kerberos principles for all users, but then how does one manage users? Using ldapscripts is very easy, but if the admin then has to manually create kerberos principals everytime, it could become very tedious. Furthermore how do users change their password if kerberos is used for authentication?
I've got 8.10 of Ubuntu and currently running openLDAP and have SAMBA domain using this along with the PAM changes on all machines to authenticate the logins.Now I've got a situation where I need to change the organization it currently is dc=mycomp, dc=local and I need to change the "local" part.
I thought that I could slapcat it out then change all dc=local to dc=blech and then reload the LDAP database. Then go around and change all the ldap configuration points to match.I don't think its as simple as change the base dn and everything below that will update.
I've just installed Ubuntu Server for the first time with the goal as setting it up as a proxy server for our Apple computers here since I can get neither ISA of OS X Server's firewall to play properly. So far I have the machine authenticating against our OS X OpenLDAP server and multiple NIC's setup ready to be connected to the outside world. My question is does anyone have a preference on what proxy I should be using? So far my search efforts seem to of turned up Squid Proxy as a favorite among Ubuntu users but I can't seem to work out how to get it authenticating against my OpenLDAP server.
My scenario is based on Ubuntu server guide, can be found at [URL].. Step 1: I do as chapter 6, install OPENLDAP server, populating LDAP => run ok. Step 2: do as LDAP Authentication section => run ok. Step 3: Install samba => ok. Step 4: do as OpenLDAP Configuration section => there's a problem here: when I run the command:
Quote:
ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn=samba.ldif.I can't login to LDAP server, it said that:
Quote: ldap_bind: Invalid credentials (49)
I am sure that the password is correct, but I still receive this message
However: <code> root@domainator:~# ldapaddgroup test >> 01/03/11 - 22:16 : Command : /usr/sbin/ldapaddgroup test ldap_bind: Invalid credentials (49) ldap_bind: Invalid credentials (49) Error adding group test to LDAP Error adding group test to LDAP </code>
Here's various parts of my /etc/ldapscripts/ldapscripts.conf: <code> SERVER="domainator" BINDDN="cn=root,dc=example,dc=home" BINDPWDFILE="/etc/ldapscripts/ldapscripts.passwd" SUFFIX="dc=example,dc=home" # Global suffix GSUFFIX="ou=Groups" # Groups ou (just under $SUFFIX) USUFFIX="ou=Users" # Users ou (just under $SUFFIX) MSUFFIX="ou=Computers" # Machines ou (just under $SUFFIX) GIDSTART="10000" # Group ID UIDSTART="10000" # User ID MIDSTART="20000" # Machine ID </code> /etc/ldapscripts/ldapscripts.passwd permissions are root:root, 0400 a
And I have quadruple checked my password is correct. Is there a way to print out debugging from ldapscripts so I know what commands it is generating?
i am taking another stab at this. The last time i attempted it, it seemed like everyone had a different way to do it, but nobody could give me an answer on how to do it...
I currently have a Domain Controller Running sme server and a domain controller, using ldap as a backend. I have two file servers runing ubuntu 10.04. My overall goal is to have it so when i create a username on the domain controller, it is then automatically copied over to the fileservers. This way everyone will have their own username and password to access the fileservers and ill be able to track what people do on the fileservers.
The next necessity is for me to be able to apply permissions to the folders on the fileserver based on the users that are created on the domain controller.
I have been stuck with this for quite some time now. I have installed ldap and configured it as per instructions fromI am able to query the ldap server without forcing the TLS operation to be successful.But with ldapsearch -d -1 -x -h servername -ZZ -b dc=example,dc=eduI get the error
I have configured and installed LDAP.in /etc/ldapscripts/ldapscripts.conf I have set:UTEMPLATE="/etc/ldapscripts/ldapadduser.template"File which contains:
I have a query regarding login to roundcube via dovecot ldap. I have installed and set up the openldap on Ubuntu Server 11.04 with the help of the following article [URL]. I have also installed Postfix, Dovecot, Dovecot-ldap and roundcube as the mail client. Then, I went on to test if I can login through roundcube. I received "login failed". I'm sure the dovecot is running fine as well as Postfix and openLDAP server. All I can find from the log was "auth(default) LDAP: Can't connect to server: localhost".
LDAP Authentication for Web Access I am trying to build a LDAP server to allow access to the wireless network in conjunction with Meraki wireless access points. I am using Ubuntu 10.10 and trying to install OpenLDAP from their documentation but I keep running into the error "configure: error: MozNSS not found - please specify the location to the NSPR and NSS header files in CPPFLAGS and the location to the NSPR and NSS libraries in LDFLAGS (if not in the system location)" I have OpenSSL installed but I also got these when I ran ./configure
checking openssl/ssl.h usability... no checking openssl/ssl.h presence... no checking for openssl/ssl.h... no checking gnutls/gnutls.h usability... no
I've been trying to set up a Linux-only network and currently have a working DHCP, DNS, LDAP and NFS server, with a client that can authenticate with the LDAP server and a central /home folder.However, if I wanted to share folders on the NFS server, how would I make the share available to, for example, a particular group of users in the directory?I've never used NIS(+) on a network, but believe you can add a 'group' of users in the /etc/exports file--simples!Does anyone know of the best way to do it (even better anyone who is doing this in a production environment)?
I would like to know whether ldap can be used to authenticate wireless clients with my server.server and clients are connected to a wireless router and i am able to get wireless adapter work in my ubuntu. Is there any anything extra which is required or the openldap server will work for wireless clients?
I need to host a user directory and home directors on a Ubuntu 10.04 box. I've installed openLDAP and I can connect a mac to it. how to install the mac schema or add users etc to it. I can view the directory in Workgroup Manager on Mac OS X Server but I also dont know how to set the admin username or password.
I have tomcat installed with port forwarding to http port 80. I configure ldap authentication for apache2(/var/www). But I could not configure tomcat for ldap authentication.
I have installed servers(10.04 LTS Server) with Kerberos + LDAP, now I can ssh to all those servers and login with kerberos principle. But when I want to change password, I got such error:
Code: Current Kerberos password: Enter new Kerberos password: Retype new Kerberos password: Password change rejected: Password not changed. Kerberos database constraints violated while trying to change password.
passwd: Authentication token manipulation error passwd: password unchanged I have search this issue but cannot any useful information. Would someone give me a direction?
neither of which exist in the repositories, or anywhere on the internet. the best I could find was a request to build a package from over a year ago...
I did find source that I can build... the Perl module builds and starts to begin the setup process -- but I get stuck at the point where it requires the SDK... which I cannot find anywhere in a plain downloadable form. the one I found seems incomplete:
