OpenSUSE Network :: Kerberos + LDAP With YaST?

May 26, 2011

In the OpenSUSE documentation I red this very exciting chapter Chapter 6. Network Authentication with Kerberos That mentions "Using LDAP and Kerberos" which combined with NFSv4 would give my office net functionality of a M$ Win network.

We are still on 11.2 (we have no win clients at all) and I was testing different setups of 11.4 in VM, but I can't get YaST to configure the LDAP with Kerberos setup (our current setup does not use Kerberos only LDAP). Unfortunately I could not find any meaningful HOWTO on how to do it in SuSE. The page in docs involves editing config files, but I would like to avoid this, because from my former experience with Samba, as it would mean I cannot use yast anymore and that is sad.

Is there a way to configure LDAP + Kerberos (in terms of issuing of krb tickets at login) with YaST?

PS: I basically need Kerberos for NFS and Intranet site.

View 5 Replies


ADVERTISEMENT

OpenSUSE Network :: Setup A LDAP Server Using The Yast-LDAP Server Configuration Tool

May 31, 2010

we have a weird problem with our opensuse 11.2 server installation.

We want to set up a LDAP Server using the Yast-LDAP Server configuriation tool.

This indeed already worked weeks ago until....this week.
Maybe some updates??!

I do not know what happend exactly. The server just does not want to start again and throws following error:

Starting ldap-serverstartproc: exit status of parent of /usr/lib/openldap/slapd: 1 failed

This happend after a little check of the configuration, but without a change, with Yast. Google delivered only "reinstall your box"-answers.

So.. i did that. And now the "mystical" part: The SAME ERROR occurs with a fresh vanilla system with a brand new and simple configuration (certificats, database, pw...the first Yast config dialog...). I did not change the way i set it up.

I remember, when i did this the first time with 11.2 on that machine, when no problems occured...everything was running out of the box (except the "use commen server certificate" option...).

View 4 Replies View Related

OpenSUSE Network :: Can Make Yast / Ldap Accept Usernames That Start With Number

Mar 31, 2010

Can I make Yast/Ldap accept usernames that start with a number. All our current users have the format 09-first.last or 10-first.last etc.

View 2 Replies View Related

OpenSUSE :: Ldap Via Yast - Ldap-sasl-interactive_bind_s - Local Error - 2

Jul 2, 2010

I took to yast to install ldap. I creating the CA cert, server key and server cert and specified them during the yast ldap server dialogs.

The firewall is open for ldap.

I also went through yast's ldap client ... though I didn't exactly see to anything (presuably it wrote up a configuration file somewhere).

However when trying use the basic ldap tools, like ldapwhoami. Well it doesn't connect and gives me the above error. Of coure the ldap db is unpopulated as yet, so it probably is not able to say who am at all. But ldapadd doesn't work either.

It seems to point to my SSL usage not being correct .. so I'm trying to double check that now.

View 2 Replies View Related

OpenSUSE :: Create An User With Yast Using Ldap?

Mar 28, 2011

If I create a user with Yast using ldap than at some later point delete that users ( also using Yast ) I cannot recreate a user of the same name until I have rebooted the machine, which seems a bit excessive ! Closing and reopening Yast doesn't work, it still thinks the users exists. Even though it doesn't appear in the Yast and if you look in the ldap browser it is gone. Is there something else that need restarting ( other than the whole box )

View 1 Replies View Related

Ubuntu Servers :: Kerberos - LDAP - NFS ?

Feb 7, 2011

I've currently got Ubuntu server configured so that clients can login using LDAP user accounts that I've created using ldapadduser (from the ldapscripts package).

I've also got NFS exports working so that /home can be exported to clients. Kerberos authentication is enabled for NFS and clients require a nfs/clienthostname.domain principal to be able to mount the NFS share.

However, I now realise that for LDAP users to be able to access the mount they need their own Kerberos principal. If I run kinit dan@DANBISHOP.ORG then I can access /home/dan as user dan otherwise I get permission denied.

My question then is how best to proceed... is there a way to configure the client/server so that once a client has mounted the nfs share using Kerberos, all users can access it without their own principal?

It seems more usual to create kerberos principles for all users, but then how does one manage users? Using ldapscripts is very easy, but if the admin then has to manually create kerberos principals everytime, it could become very tedious. Furthermore how do users change their password if kerberos is used for authentication?

View 1 Replies View Related

Security :: Kerberos Versus LDAP SSL

Apr 21, 2011

I am integrating my Unix box to the Windows AD using PAM_LDAP and Kerberos enabled. I was wondering, since Kerberos is enabled is there any point to enable SSL on my LDAP.conf? My understanding is that since Kerberos is enabled, therefore the username/password is sent securely there isn't any benefit of enabling SSL on the LDAP.conf? It's one of or another.

View 1 Replies View Related

Red Hat :: Kerberos Versus LDAP SSL - Benefits?

Apr 21, 2011

I am confused with the concept of Kerberos and LDAP SSL. I am in the midst of integrating my Unix box with the Active Directory hence the use of PAM_LDAP method. I understand that since it's non-secure transmission hence We use Kerberos to authenticate. If we already used kerberos to authenticate i.e. it means that the username/password is not transmitted in clear text. Why we still need LDAP SSL? What is the benefit?

View 3 Replies View Related

Ubuntu Servers :: CANNOT Change Password, Kerberos + LDAP?

Jul 29, 2010

I have installed servers(10.04 LTS Server) with Kerberos + LDAP, now I can ssh to all those servers and login with kerberos principle. But when I want to change password, I got such error:

Code:
Current Kerberos password:
Enter new Kerberos password:
Retype new Kerberos password:
Password change rejected: Password not changed.
Kerberos database constraints violated while trying to change password.

passwd: Authentication token manipulation error
passwd: password unchanged
I have search this issue but cannot any useful information. Would someone give me a direction?

View 1 Replies View Related

Ubuntu Networking :: Remote Authenticaiton / Login ~ LDAP - Kerberos?

Jul 27, 2011

I am interested learning about networks in Linux and prefer to use Ubuntu. I hope the title is reflects what I really need to know. If not sorry about that.I have an requirement, it is to have a server to handle authenticaition of users so generally users can use that server to use specific services such as login (to linux), mail (postfix) and perhaps a file server (to hold user data, lets say what we have on /home/[username])I did some reading, and it looks like I will need LDAP and Kerberos. But I couldn't get a good understanding on how to practically deploy such a service.I would be obliged if some you guys can give me some guidelines on how to achieve my goal. Topics I need to read, books I could refer would be a plus.To tell you some thing about me, I am not a *NIX guy, my knowledge is kinda just above basic.

View 1 Replies View Related

OpenSUSE Network :: Device YaST - Can't Identify YaST - "Unknown Network Device"

Dec 8, 2010

In my YaST Network Settings (11.3), I see an entry labelled "Unknown Network Device" how to remove the confusion? The Overview tab also correctly lists my three known network devices (listed below), as does the Hardware Information utility. This is the output of lspci, and as far as I can tell, is accurate and complete. So what has YaST seen that it can't identify?

Code:
00:00.0 Host bridge: Intel Corporation 82845 845 [Brookdale] Chipset Host Bridge (rev 11)
00:01.0 PCI bridge: Intel Corporation 82845 845 [Brookdale] Chipset AGP Bridge (rev 11)
00:1d.0 USB Controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #1 (rev 01)
00:1d.1 USB Controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI [Code].....

View 7 Replies View Related

OpenSUSE Network :: Kerberos Kdb5_util Segmentation Fault?

Apr 16, 2010

I am amidst installing an MIT Kerberos server right now and I got stuck on the initialization of the realm. Whenever I issue the krb5_util create command I end up getting a segmentation fault, the principals don't get created and the server is still pretty much useless.

Code:
linux-z0kg:/var/lib/kerberos/krb5kdc # kdb5_util create -r METROPOLIA.LAN -s Loading random data Initializing database '/var/lib/kerberos/krb5kdc/principal' for realm 'METROPOLIA.LAN', master key name 'K/M@METROPOLIA.LAN' You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter KDC database master key: Re-enter KDC database master key to verify: Segmentation fault Whenever I try to start the kadmind or krb5kdc services I get the following error:

Code:
Error. Default principal database does not If anyone has an idea how to solve this

View 2 Replies View Related

Server :: Unable To Use DBUS After Changing LDAP/Kerberos/NSCD Settings

Apr 23, 2011

we're running an Ubuntu 10.04 LTS network on our company, authenticating against an Openldap/heimdal-kerberos server.Previously, the clients were authenticating against a Windows 2003 Domain without any problems.After modifying the krb.conf, ldap.conf, nsswitch.conf and nscd.conf files to authenticate the machines against the openldap/heimdal setup, we started experiencing strange problems.

One issue is, for example, the polkit-agent-gnome not starting. This component integrates policykit into gnome. It looks like the agent is unable to start due to some kind of delay with DBUS. Starting the agent manually keeps giving errors until about 70 seconds after login, when the agent can be started without problems. During the delay it is also impossible, for instance, to open the "shut down" menu on the top right of gnome. You can click on the menu, but nothing appears.Trying to start the polkit-agent manually gives these errors (I'll be attaching detailed errors when at work!):

Code:

DBus error org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken

GLIB ERROR ** default - Not enough memory to set up DBusConnection for use with GLib It really looks like DBus or something related to it is starting "too late" but I can't seem to find the reason. I'm pretty sure this has to do with some timings or whatever in the krb/ldap config files...

View 3 Replies View Related

Fedora Installation :: LDAP - NIS - Kerberos - Add Mint Machines To Server To Use New Security Settings

Dec 10, 2009

I wish to setup a network that works like windows but for with lunix of course!. It will need to be able to handle security/DNS/DHCP & Document store from one location. I've been doing some reading and have found that I think I need to be using one of the following:

LDAP
NIS
Kerberos

I have looked at a few Linux based OS's. I did notice that when you install fedora live desktop it gives you the option to connect to one of the above. So I am looking for a complete solution.

1. How to setup fedora to act as server for my needs (or other Linux build)

2. Add fedora/linux mint machines to server to use new security settings. (or other linux build)

View 3 Replies View Related

Security :: Kerberos And LDAP - Users Will Be Able To Login In To A Server On The Edge Of The LAN And Establish A SSH Connection

Feb 19, 2010

I am trying to deploy Kerberos and LDAP so users will be able to login in to a server on the edge of the LAN, and afterwards be able to establish a SSH connection to all the computers in that LAN without the need to type any passwords, and without the need for me to manage SSH keys [beside the SSH keys on the login server] and local user accounts.

1. When i create the users in OpenLDAP i use a template that i created by reading documentation from the Internet. In the template one piece of information that is neede is the UID. Is there any clever way the keep track of the numbers so i do not assign the same UID to two users, besides using a pen and paper?

2. For the users to be able to establish SSH connections between the computers, the host is going to be added to the keytab like this: ktadd host/client.example.com Is is possible to replace client with something genric so i do not need to mange these keytab files between the hosts?

3. Users will be logging on the the server on the edge of LAN by using SSH keys. How can i configure the setup so the users will recieve a ticket automatically when the logon without executing kinit and without entering a password, just by having a valid SSH key?

4. krb5kdc is running on all the network interfaces in the server i want it to only run on eth1, how can this be done?

View 2 Replies View Related

OpenSUSE Network :: Configure A Connection With YAST As Well As With Network Manager?

Feb 1, 2010

Im new in this world of linux and suse. I have just installed the opensuse 11.2 in a Dell Inspiron 5160. Such laptop has a BCM4306 Wireless LAN controller. When I tried to configure a wlan connection, I found that the firmware was not installed. After looking in different forums, I installed the firmware b43. Now, my wlan card is abled to find the wireless of my router.

I have tried to configure a connection with YAST as well as with Network Manager, but both cases failled. Specifically, when I use Network manager, Im able to see in the applet my connection, how strong is the signal, but I see a yellow symbol (in one forum, such a box is shown with a green symbol).

I have check many time all about the secutity, encryption, and so one and all seems to be correct. But when I open the mozila firefox or the konqueror browser, no chance to surffer in internet. Now Im just a step to become crazy. The drivers are ok, the information about the router and the keys are ok, but in such a way, I am still harmloss.

View 1 Replies View Related

OpenSUSE Network :: 11.2 Install - When Exit YaST The Network Doest Show Up - No Icon In The System Tray And Doesn't Even Try To Connect

Jan 16, 2010

I am relatively new at Linux and am having some problems with an install of openSUSE 11.2. I installed 11.2 on my Thinkpad X31 dual boot with WinXP. It seems to work very well except the network. I looked up swerdna's instructions on setting network cards up. I used YaST to try and set the system up as described in swerdna's instructions. Everything looks fine my network card and wireless card show up in the overview settings screen and everything sets up fine. But when I exit YaST the network doest show up no icon in the system tray and it doesn't even try to connect.

I did go into hardware to see if it was identifying my hardware and my network card shows up as "Thinkpad R40" and the wireless shows up as Cisco Aironet Wireless 802.11b. As far as I know this is correct. I have tried three other distro's and this one has gotten the closest to working so far.

View 8 Replies View Related

OpenSUSE Network :: Using Yast / Ifup Instead Of Network Manager?

May 27, 2010

How do you mannually set up a network using Yast/ifup? I'm trying to get my wireless running on a Broadcom 1390 WLAN. I've gone through the stickies in the wireless forum (this is my first stab at Linux) and have gotten the drivers installed and the internet working (albeit intermittently) using Knetwork manager. It seems that some folks that have had the same issue did not have problems setting the network up manually with Yast & ifup. I've disabled network manager in Yast, and I went through man ifup. It seems I need a "pre-configured interface," but I don't know how to make that happen.

View 9 Replies View Related

OpenSUSE :: Yast Unable To Restart Network?

Dec 9, 2010

When I change something in network setings using yast (for example hostname) it failes to restart the network. I have to start knetworkmanager manually from the terminal. Does anyone get the same type of behaviour ? I'm attaching the relevant yast log.I'm using 11.3 KDE 4.5.4 2.6.34.7-0.5-desktop kernel.

Code:
2010-12-08 07:06:17 <1> opensusetest(6010) [YCP] network/runtime.ycp:28 Running SuSEconfig ...

[code]....

View 9 Replies View Related

OpenSUSE Network :: Set Up Dial Up Modem Using Yast

Jun 28, 2010

I have a US Robotics serial modem, and I have smpppd enabled in system services, with wvdial and kppp installed. When I try to set the modem up using yast, I keep getting hung up by the different screens. First a screen that asks if I need to dial a number to get out. I have to dial 9, so I have that entered. Then a screen that asks for "country" and "provider."

When I try to enter anything, nothing shows in the boxes, so I go to a screen that asks for the phone number, provider, user name and password. When I enter those, it goes to a screen that wants "Connection Parameters", with default settings and the "buttons" at the bottom of the screen "muted," or flattened out, i.e. unusable. That makes it impossible for me to set the information as saved, so it's back to the beginning and sart over, with the same results over and over. How do I get the modem so it dials out?

View 9 Replies View Related

OpenSUSE Network :: Connect To DSL Using YAST Manually?

Aug 23, 2010

I have installed 11.3. Now for DSL I use PPP over Ethernet. I have configured DSL via YAST and it works fine. The connection is set at boot.

Now I want DSL to connect manually not at boot time. I did changes in the YAST/DSL to start Manual and rebooted. Once rebooted how do I connect?? Like any button/applet ??

View 1 Replies View Related

OpenSUSE Network :: How To Configure YaST Firewall

Mar 5, 2011

I'm looking forward to the release of openSUSE 11.4, which I'm looking to install as an Internet facing gateway on a mini-ITX machine with 2 Ethernet cards. As such I've been reading up on the YaST Firewall trying to find out to configure it, and there's one thing I'd like to be able to do: 'stealth' all the firewall ports.

In other words, if someone were to hypothetically do a port scan of my external IP address, I would rather they not know whether any of the ports on my gateway are open or closed, so instead of replying with the status of those ports the packets get dropped. I've been able to do this with a product called Astaro Security Gateway, which I currently have installed on a second hand Dell Optiplex machine, but I am now looking into the possibility of installing this as a virtual machine inside an openSUSE 11.4 host (extra level of security) and would like the same functionality for the host OS.

View 9 Replies View Related

OpenSUSE Network :: Yast Won't Set DNS Servers / Resolve It?

Apr 29, 2011

When I set my DNS servers via Yast>Network Devices>Network Settings>Hostname DNS it accepts the addresses, but then when I check then the next time they are faded out. I set them again, but same results.

View 6 Replies View Related

OpenSUSE Network :: Configure YAST To Work With A Proxy?

Mar 14, 2009

I work with a proxy serverWhen i try to update my system i am not being allowed access. it tells me that i am denied access. what can i do?

View 7 Replies View Related

OpenSUSE Network :: Using OpenLDAP With Yast Configure Tool

May 9, 2009

I am new to using OpenLDAP on OpenSUSE with the yast configure tool. I have used Openldap on Fedora before and there was a slapd.conf file that I could modify. It appears that the yast does something different. Anyway I need to find out what the rootdn password is, but I cannot find it since there is no slapd.conf file.

View 2 Replies View Related

OpenSUSE Network :: YaST Package Manager Wants IPv6?

Apr 12, 2010

it's a couple of weeks I can't perform YaST updates from my openSUSE 11.2. The reason is that YaST wants to connect to repositories "only" through IPv6, but my network doesn't support it. I quoted only because I suppose it prefers v6 over v4, but it keeps trying to connect without switching to v4 or returning error.

Even if I disabled IPv6 from YaST/Networking/Network Settings, I still have a local scope address. I connect to Wifi using KNetworkManager. The TCP/IP stack should know that if an interface has a local scope v6 address and a global v4 address, it's a bad idea to keep trying with v6. Italian mirror, garr.it, of openSUSE repository both has v4 and v6 addresses. If I try to ping opensuse.mirror.garr.it I ping v4, but if I try to telnet that host on port 80 it tries to connect to v6. Same if I try to connect with Firefox.

How to tell Linux that I don't have IPv6? I'm connecting from University of Naples wireless network. While unina has IPv6 via GARR's Teredo tunnel (2001:760::/32 as I remember), it doesn't reach students' network because DHCP server doesn't release IPv6, nor Zeroconf obtains one. I just would like to use classic IPv4 until, at least for now.

View 2 Replies View Related

OpenSUSE Network :: Yast Could Not Connect With HTTP Proxy

Apr 25, 2010

My box has to connect to internet using specified http proxy.I have set proxy in both kde control center and yast2 control center. They both tell me the proxy works fine. But when I really try to use yast2 to update my system, it report an error:

Code:
Failed to download ./repo/repoindex.xml from [URL]
History: - [AbstractCommand.cc:195] URI = [URL]

Even I try
Code:
export http_proxy=http://XXXX
yast in command line,the error still exist.

In debian apt-get and slackware slackpkg,my proxy works fine. So I am sure it is not my fault and maybe it is a bug of yast2.

View 7 Replies View Related

OpenSUSE Network :: Has The YaST Proxy Module Changed From 11.2 To 11.3

Sep 1, 2010

I'm currently running 11.2 and I configured Proxy settings in the YaST module. It seems that when I use a proxy I have problems updating. It can retrieve some files, but while getting others it fails. Furthermore, I can't establish a connection with the timeserver in the YaST -> NTP configuration module.

My question is if there have been changes from this version to 11.3 regarding the Proxy settings.

View 1 Replies View Related

OpenSUSE Network :: Getting Yast DHCP Out Of Expert Mode?

Dec 22, 2010

I feel really dumb for asking this but I cant figure out how to get it back to simple mode

View 4 Replies View Related

OpenSUSE Wireless :: How To Change From Network Manger To Yast

Mar 24, 2010

I'm having a wireless issue (go figure) where I can't get to the internet, can get to my LAN just fine, but trying to ping anywhere on the net just gives me "network unavailable" message.One thing I've seen noted here time and again is people saying "Use Yast vs Network manager" when I go through the Yast Network Devices GUI it tells me it's using network manager, and I need to use ifup (if I want to use Yast), however I have no clue how to go about changing it from one to the other?

Currently I'm using hard-link to get all the updates and see if that will resolve my problems, but figured I'd learn how I'm supposed to switch it for the future.

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved