[Fedora-directory-users] Master-Master with ADS
by Aaron Cline
Hello:
We are looking at using FDS in our environment to authenticate our
Linux servers against. We have existing ADS servers/accounts that we
would like to use so that hopefully we can just have one passwd
database. I'd like to try to run FDS/ADS servers in a Master/Master
configuration. Is this advisable? Are there any caveats? Can anyone
tell me what has to be done on the Windows side of things to make this
happen?
Thanks for any info.
Aaron
18 years, 7 months
[Fedora-directory-users] FC3 - SetupUtil make - Prb2
by Jason Kullo Sam
Ok...still making SetupUtil, after the ncurses problems, this next one
occured. Did a search through google...but still didn't find anything.
=================================================================
++ -c -fPIC -pipe -DLINUX -Dlinux -DBSD -D_POSIX_SOURCE -D_XOPEN_SOURCE
-D_BSD_SOURCE -DHAVE_STRERROR -DNO_DBM -DNO_NODELOCK -DXP_UNIX -DLinux
-O2 -DSPAPI20 -DBUILD_NUM=\"2005.266.215\"
-I../../../../mozilla/dist/public/ldap -I../../include ux-wrapper.cc -o
/root/Desktop/dsbuild-static/ds/fedora-setuputil-devel-7.1/built/Linux2.6.9-domestic-optimize-normal-pth-installer/lib/libinstall/ux-wrapper.o
In file included from
/usr/lib/gcc/i386-redhat-linux/3.4.4/../../../../include/c++/3.4.4/backward/iostream.h:31,
from ../../include/ldapu.h:273,
from ux-util.h:124,
from ux-wrapper.cc:61:
/usr/lib/gcc/i386-redhat-linux/3.4.4/../../../../include/c++/3.4.4/backward/backward_warning.h:32:2:
warning: #warning This file includes at least one deprecated or
antiquated header. Please consider using one of the 32 headers found in
section 17.4.1.2 of the C++ standard. Examples include substituting the
<X> header for the <X.h> header for C++ includes, or <iostream> instead
of the deprecated header <iostream.h>. To disable this warning use
-Wno-deprecated.
gmake[3]: *** No rule to make target `-ltermcap', needed by
`/root/Desktop/dsbuild-static/ds/fedora-setuputil-devel-7.1/built/Linux2.6.9-domestic-optimize-normal-pth-installer/lib/libinstall.a'.
Stop.
gmake[3]: Leaving directory
`/root/Desktop/dsbuild-static/ds/fedora-setuputil-devel-7.1/installer/unix/lib'
gmake[2]: *** [all] Error 2
gmake[2]: Leaving directory
`/root/Desktop/dsbuild-static/ds/fedora-setuputil-devel-7.1/installer/lib'
gmake[1]: *** [installerSDK] Error 2
gmake[1]: Leaving directory
`/root/Desktop/dsbuild-static/ds/fedora-setuputil-devel-7.1'
gmake: *** [buildInstaller] Error 2
18 years, 7 months
[Fedora-directory-users] Core 3 SetupUtil make problem
by Jason Kullo Sam
Ok, bit of a newbie here...
Tried the dsbuild...didn't wanna work for me...so finally, after banging
my head off of that for a while, I gave up and did it all by
hand(following directions on
page...http://directory.fedora.redhat.com/wiki/SetupUtil) Got through
all everything, then came to SetupUtil...where I failed miserably. Below
is a log...any ideas? Helpful hints? flames? Thanks...
PS- Everything to this point has been built with "optimize" parameters...
====================================================================
[root@genie ds]# ls
cyrus-sasl-2.1.20 mozilla-components.tar.gz
cyrus-sasl-2.1.20.tar.gz net-snmp-5.2.1
db-4.2.52.NC net-snmp-5.2.1.tar.gz
db-4.2.52.NC.tar.gz patch.4.2.52.1
fedora-setuputil-devel-7.1.tar.gz patch.4.2.52.2
icu patch.4.2.52.3
icu-2.4.tgz patch.4.2.52.4
mozilla
[root@genie ds]# gunzip -c fedora-setuputil-devel-7.1.tar.gz | tar xf-
tar: Old option `f' requires an argument.
Try `tar --help' for more information.
[root@genie ds]# gunzip -c fedora-setuputil-devel-7.1.tar.gz | tar xf -
[root@genie ds]# ls
cyrus-sasl-2.1.20 icu patch.4.2.52.1
cyrus-sasl-2.1.20.tar.gz icu-2.4.tgz patch.4.2.52.2
db-4.2.52.NC mozilla patch.4.2.52.3
db-4.2.52.NC.tar.gz mozilla-components.tar.gz patch.4.2.52.4
fedora-setuputil-devel-7.1 net-snmp-5.2.1
fedora-setuputil-devel-7.1.tar.gz net-snmp-5.2.1.tar.gz
[root@genie ds]# cd fedora-setuputil-devel-7.1 ; gmake
BUILD_DEBUG=optimize BUILD_RPM=1
cat:
/root/Desktop/dsbuild-static/ds/fedora-setuputil-devel-7.1/Linux2.6.9/buildnum.dat:
No such file or directory
if test ! -d Linux2.6.9; then mkdir Linux2.6.9; fi;
perl buildnum.pl -p Linux2.6.9
perl pumpkin.pl 90 pumpkin.dat
The components are up to date
==== Starting Server Installer Build ==========
gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic
MOZILLA_SOURCE_ROOT_EXT= BUILD_MODULE=SetupSDK installerSDK
gmake[1]: Entering directory
`/root/Desktop/dsbuild-static/ds/fedora-setuputil-devel-7.1'
cd installer/lib; gmake BUILD_OPT=1 USE_PTHREADS=1 SECURITY=domestic
MOZILLA_SOURCE_ROOT_EXT= -w PERL5=perl
gmake[2]: Entering directory
....................yadda, yadda,
yadda...make-spam..........................
/usr/lib/gcc/i386-redhat-linux/3.4.4/../../../../include/c++/3.4.4/backward/backward_warning.h:32:2:
warning: #warning This file includes at least one deprecated or
antiquated header. Please consider using one of the 32 headers found in
section 17.4.1.2 of the C++ standard. Examples include substituting the
<X> header for the <X.h> header for C++ includes, or <iostream> instead
of the deprecated header <iostream.h>. To disable this warning use
-Wno-deprecated.
gcc -c -fPIC -pipe -DLINUX -Dlinux -DBSD -D_POSIX_SOURCE
-D_XOPEN_SOURCE -D_BSD_SOURCE -DHAVE_STRERROR -DNO_DBM -DNO_NODELOCK
-DXP_UNIX -DLinux -O2 -DSPAPI20 -DBUILD_NUM=\"2005.266.2012\"
-I../../../../mozilla/dist/public/ldap -I../../include ux-curse.c -o
/root/Desktop/dsbuild-static/ds/fedora-setuputil-devel-7.1/built/Linux2.6.9-domestic-optimize-normal-pth-installer/lib/libinstall/ux-curse.o
In file included from ux-curse.c:33:
ux-curse.h:52:38: curses.h: No such file or directory
ux-curse.c: In function `exit_message':
ux-curse.c:78: error: `stdscr' undeclared (first use in this function)
ux-curse.c:78: error: (Each undeclared identifier is reported only once
ux-curse.c:78: error: for each function it appears in.)
ux-curse.c: In function `grab_string_generic':
ux-curse.c:217: error: `stdscr' undeclared (first use in this function)
ux-curse.c: In function `print_oneplace':
ux-curse.c:313: error: `stdscr' undeclared (first use in this function)
ux-curse.c: In function `new_page':
ux-curse.c:325: error: `stdscr' undeclared (first use in this function)
ux-curse.c: In function `w_initscr':
ux-curse.c:354: warning: comparison between pointer and integer
ux-curse.c:356: warning: comparison between pointer and integer
ux-curse.c:358: warning: comparison between pointer and integer
gmake[3]: ***
[/root/Desktop/dsbuild-static/ds/fedora-setuputil-devel-7.1/built/Linux2.6.9-domestic-optimize-normal-pth-installer/lib/libinstall/ux-curse.o]
Error 1
gmake[3]: Leaving directory
`/root/Desktop/dsbuild-static/ds/fedora-setuputil-devel-7.1/installer/unix/lib'
gmake[2]: *** [all] Error 2
gmake[2]: Leaving directory
`/root/Desktop/dsbuild-static/ds/fedora-setuputil-devel-7.1/installer/lib'
gmake[1]: *** [installerSDK] Error 2
gmake[1]: Leaving directory
`/root/Desktop/dsbuild-static/ds/fedora-setuputil-devel-7.1'
gmake: *** [buildInstaller] Error 2
[root@genie fedora-setuputil-devel-7.1]#
18 years, 7 months
[Fedora-directory-users] Hide groups, GroupOfNames or GroupOfUniqueNames ?
by mustang4@free.fr
Hi all !
I actually test this great FD 7.1, and i have a question ;
In my database, i've groups define as ; ObjectClass = GroupOfName with attribute
name ; member = john.doe...
So, theses groups are not viewable by FD when i search a group for example...
I noticed that FD use ; ObjectClass = GroupOfUniqueNames with attribute name ;
uniqueMember = john.doe....
There 's a solution to configure FD to accept both of theses types ? Without
change ObjectClasses and attributes of all my database !...
Like mapping with OpenLDAP ;
map objectClass groupOfNames groupOfUniqueNames
map attribute member uniqueMember
Or another solution ?
Thanks
Yann
18 years, 7 months
[Fedora-directory-users] Startconsole errors
by Ajay
Hi
The directory server is successfully installed and we configured a
administrative domain intially. The server is accessible via browser,
but the startconsole fails with the error output pasted below
________________________________________________________________________________________________________
[root@cad-station-7 fedora-ds]# ./startconsole
sh: -c: line 0: syntax error near unexpected token `('
sh: -c: line 0: `/opt/fedora-ds/bin/base/jre/bin/java -ms8m -mx64m -cp
.:./base.jar:./nmclf70.jar:./ldapjdk.jar:./mcc70_en.jar:./nmclf70_en.jar:./jss3.jar:./mcc70.jar
-Djava.library.path=/opt/fedora-ds/lib/jss
-Djava.util.prefs.systemRoot=/opt/fedora-ds/java/.java
-Djava.util.prefs.userRoot=/opt/fedora-ds/java
com.netscape.management.client.console.Console -A
http://cad-station-7.(none):11334'
_________________________________________________________________________________________________________
The startconsole was starting normally and prompting for username,
before the server was configured via ./setup/.setup
I am running CentOS4 with the lastest updates installed.
Ajay
18 years, 7 months
RE: [Fedora-directory-users] fds on solaris 9 with PAM
by Tay, Gary
It is recommended that latest kernel and LDAP patch be applied to Solaris boxes.
You may follow:
http://web.singnet.com.sg/~garyttt/Configuring%20Solaris%20Native%20LDAP%...
and
http://web.singnet.com.sg/~garyttt/Installing%20and%20configuring%20OpenS...
You should add "shadowAccount" objectclass to the LDAP user entries if it is not already there, as there may be evidence in access log file that Solaris LDAP client is looking for these attributes "uid userPassword shadowFlag", i.e. it needs shadowAccount objectClass which provides shadowFlag.
FDS may create ou=Groups which is based on groupOfUniqueNames, Solaris LDAP Client would probably use posixGroup/memberUid, so you should create an ou=group to contain all posixGroups.
If you use OpenSSH, you should compile/build it "--with-pam" and have "UsePAM" (it may be called PAMAuthenticationViaKbdInt yes in older version of OpenSSH) in sshd_config file, SUN version of SSH should already have PAM support compiled in.
Gary
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com on behalf of Basile Mathieu
Sent: Tue 9/20/2005 3:03 AM
To: fedora-directory-users(a)redhat.com
Cc:
Subject: [Fedora-directory-users] fds on solaris 9 with PAM
hi
i ve got FDS install on a Solaris 9 server and want use
FDS as /etc/passwd and /etc/shadow files
FDS works fine i can populate the directory ( and use all ldapcommand ) and
id , getent , su ldaplist commands works fine
here are my problems :
login, ssh , telnet don t work with users in the directory
here are logs of sshd
sshd[1523]: [ID 800047 auth.error] error: PAM: No account present for user for
bmathieu from gentoo1
and for login
login: [ID 293258 auth.error] libsldap: Status: 49 Mesg: openConnection: simple
bind failed - Invalid credentials
a user can t change his passwd ( root can , and i can modify the password
with ldapmodify binding as this user )
i think that PAM don t work
here is my /etc/pam.conf
#
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_cred.so.1
login auth required pam_dial_auth.so.1
login auth binding pam_unix_auth.so.1 server_policy
login auth required pam_ldap.so.1
#sshd auth requisite pam_authtok_get.so.1
#sshd auth required pam_dhkeys.so.1
#sshd auth binding pam_unix_auth.so.1 server_policy
#sshd auth required pam_ldap.so.1
#sshd account required pam_unix_account.so.1
sshd auth requisite pam_authtok_get.so.1
sshd auth required pam_dhkeys.so.1
sshd auth sufficient pam_unix_auth.so.1
sshd auth required pam_ldap.so.1
sshd account required pam_unix_account.so.1
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
#rlogin auth required pam_unix_cred.so.1
rlogin auth binding pam_unix_auth.so.1 server_policy
rlogin auth required pam_ldap.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
rsh auth sufficient pam_rhosts_auth.so.1
#rsh auth required pam_unix_cred.so.1
rsh auth binding pam_unix_auth.so.1 server_policy
rsh auth required pam_ldap.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_dial_auth.so.1
ppp auth binding pam_unix_auth.so.1 server_policy
ppp auth required pam_ldap.so.1
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
#other auth required pam_unix_cred.so.1
other auth binding pam_unix_auth.so.1 server_policy
other auth required pam_ldap.so.1
#
# passwd command (explicit because of a different authentication module)
#
passwd auth binding pam_passwd_auth.so.1 server_policy
passwd auth required pam_ldap.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron account required pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other account requisite pam_roles.so.1
other account binding pam_unix_account.so.1 server_policy
other account required pam_ldap.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other session required pam_unix_session.so.1
#
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
#
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1 server_policy
thanks
--------------------------------------------------------
Ce message a été envoyé par le Webmail Sorbonne via IMP.
http://courrier.sorbonne.fr/ http://mail.sorbonne.fr/
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
18 years, 7 months
Re: [Fedora-directory-users] mailing lists , FDS , WinSync
by John Dennis
On Tue, 2005-09-20 at 21:12 +0530, Nabeel Moidu wrote:
> Hi
> I am ready to use any of the mailing lists available for postfix.
> But i think mailman or ezmlm would be the preferable
postfix does not have mailing lists, it has aliases. If you want a full
featured mailing list (e.g. mailman) that is an entirely different piece
of software (which may elect to utilize postfix as its MTA if it so
desires).
I am the maintainer for the mailman package here at Red Hat and I'm just
finishing an LDAP module for mailman. But you need to realize mailman
uses its own set of users based off of its own set of mailing lists,
there isn't an automatic mapping of system users to mailing list
members, which is what you seem to be expecting.
--
John Dennis <jdennis(a)redhat.com>
18 years, 7 months