[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: linux-authentication via openldap

To: Christian Guenther <madram@wtal.de>
Subject: Re: linux-authentication via openldap
From: Harry Hoffman <hhoffman@ip-solutions.net>
Date: Tue, 27 Nov 2001 09:31:14 -0500 (EST)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <1006855800.16195.8.camel@dorian.blaue-elise.net>

Hey Christian,
  If you need to you can always bring the server down to single user mode.
On redhat hit ctrl-alt-delete (which is aliased to reboot) and when the
Linux splash screen comes up type ctrl-x for text mode and type "linux
single" at the Lilo boot prompt.
  As for your problem there are a couple of things you can try.
1) change the ldap host to ipaddr instead of host name
2) turn off the "starttls" and use ngrep to monitor the traffic btwn your
workstation and server to make sure everything is happening ok.
3) for the /etc/pam.d/sshd comment out the references for ldap so that you
can at least get back in via ssh if all else fails.

If you need I can share my configs, I'm using RH 7.1 though. But I'm doing
the same thing just for imap instead.

HTH,
Harry

On 27 Nov 2001, Christian Guenther wrote:

>
> I have a couple of groups and users and of course aliases in this
> structure and I can change there passwords via ldappasswd. Then I set up
> my workstation (the one I'm writing this mail from) to use ldap for
> authentification AFTER looking in files like this:
>
> /etc/nsswitch.conf
>  passwd:     files ldap
>  shadow:     files ldap
>  group:      files ldap
>
> I created the /etcldap.conf and it looks like this:
>  host ldap.blaue-elise.net
>  base dc=blaue-elise,dc=net
>  binddn cn=proxyuser,dc=blaue-elise,dc=net
>  bindpw secret
>  pam_groupdn cn=PAM,ou=Group,ou=Account,dc=blaue-elise,dc=net
>  pam_member_attribute uniquemember
>  pam_password md5
>  nss_base_passwd         ou=User,ou=Account,dc=blaue-elise,dc=net?one
>  nss_base_shadow         ou=User,ou=Account,dc=blaue-elise,dc=net?one
>  nss_base_group          ou=Group,ou=Account,dc=blaue-elise,dc=net?one
>  nss_base_aliases        ou=Aliases,ou=Account,dc=blaue-elise,dc=net?one
>  ssl start_tls
>
> Now, whenever I try to do su on my workstation, or use a virtuel console
> to log in, I get errors: su says I typed in the wrong password and when
> trying to log in as a testuser (which I created on my ldap before) I can
> see "syntax error" for a millisecond then the login-screen reappears.
>
> Can anyone help me with this??? I can't log out my current user from the
> Xsession, because I'm afraid I won't be able to log in again.
>
> Why does my system look for user-authentification only in ldap and not
> first in files - I mean it schould find root there - and then in ldap???
>
>
> PLEEEEASE help me,
>
>         chris
>
>         madram@wtal.de
>
>

Follow-Ups:
- Re: linux-authentication via openldap
  - From: "John Madden" <jmadden@ivy.tec.in.us>

References:
- linux-authentication via openldap
  - From: Christian Guenther <madram@wtal.de>

Prev by Date: Re: linux-authentication via openldap
Next by Date: inconsistent replication behavior
Index(es):
- Chronological
- Thread