I have a structure where my clients ADSL internet, authenticate using the LDAP basis fedora-Ds. via freeradius + pap + ldapI tried to implement the same feature with CHAP however unsuccessfully.As I read several tutorials on the item checkItem Cleartext-Password userPassword the ldap.attrmap should be changed.Yet when consultantsradtest-t chap jonas.isaias 102 030 0 localhost testing123 results in Access-RejectHowever, radtest-t chap jonas.isaias 102 030 0 localhost testing123 results in Access-AcceptI can not authenticate chap in Fedora-ds. Why? Could you help me
How do I configure the DNA plugin? I enabled it through the console - do I just now add entries to dse.ldif? I'd like to do this without restarting the service if possible.
Senior Systems Administrator
Hi, i am working on a difficult project that consist on migrate an old
server Redhat 4 (fedora-ds 1.0.4 + samba 3.5.3) to a new Redhat 6
server(389-ds + samba 3.5.10)
I have followed the procedure to migrate fedora-ds to 389-ds (last version)
and it seem to be right. I can use ldapsearch on the new server, and see
all the ldap tree and his users.
But, i'm not sure on how to make the samba migration.The document in this
link referred to a fresh installation:
I need a document that explains the step to migrate samba.
Please help me.
We have a cluster of 4 directory servers that we are trying to put into
production. One of our admins was doing some experimenting on one of them
and it looks like he deleted netscaperoot. What is weird though is that we
can still start and access the admin server (after multiple reboots and
other things). I don't want to have to rebuild this server from scratch if
I can help it. Does anyone know if I can rebuild netscaperoot without
rebuilding the entire server? And can anyone explain to me how the admin
server is able to run without netscaperoot? Actually everything on this
server seems to be running fine and it is usable, but I would like it to
match the other 3.
I was wondering if anyone could help me with this setup. I have would like
to have 2 ldap servers specified on the clients using SSSD.
Without TLS/Encryption (PAD NSS) it works just fine, however, the moment I
turn on TLS/StratTLS only one server works whereas other does not and gives
the "Certification Not trusted" error.
Here what I did.
certutil -S -n "CA certificate" -s "cn=My Org CA cert,dc=my,dc=net" -2 -x
-t "CT,," -m 1000 -v 120 -d . -k rsa -f /tmp/pwdfile
# Generate Directory server clients certs
certutil -S -n "Server-Cert" -s "cn=ldap.my.net" -c "CA certificate" -t
"u,u,u" -m 1001 -v 120 -d . -k rsa -f /tmp/pwdfile
# Export it for ldap clients and other servers
certutil -d . -L -n "CA certificate" -a > cacert.asc
Then I imported the same cacert.asc file to another 389 server using
"certutil". And copied it at the client as well.
I would see the certificate got imported in the GUI console but due to some
reason everytime I query from the client to secondary server (where I
imported the key) it just does not work.
Would appreciate any help. Not sure what step I am using or what am I doing
good morning, I need help migrating from fedora-ds (installed on Redhat 4)
to another server (389-ds installed on Redhat Server 6.3).
I followed the procedure, based on the documentation and the topics on the
forum, but at the end, i get this error message:
[root@abelardo ~]# migrate-ds-admin.pl --oldsroot /tmp/fedora-ds
--actualsroot /opt/fedora-ds General.ConfigDirectoryAdminPwd=generica
Beginning migration of Directory and Administration servers from
/tmp/fedora-ds . . .
Beginning migration of directory server instances in /tmp/fedora-ds . . .
The target directory server instance already exists at
/etc/dirsrv/slapd-abelardo-ldap/dse.ldif. Skipping migration. Note that
if you want to migrate the old instance you will have to first remove the
new one of the same name.
Beginning migration of Administration server from /tmp/fedora-ds . . .
Creating Admin Server files and directories . . .
The server 'ldap://abelardo-ldap.mecon.ar:389/o%3DNetscapeRoot' is not
reachable. Error: unknown error
Exiting . . .
Log file is '/tmp/migratea7ojkn.log'
I attach the procedure that i followed for make the migration:
on the fedora-ds server:
1) /etc/init.d/ldap stop
2) cd /opt/fedora-ds/slapd-abelardo-ldap/db
3) ./db2ldif -n userRoot -a
4) ./db2ldif -n NetscapeRoot -a
5) Edit the NetscapeRoot.ldif and change Fedora Directory to 389
Directory, and Fedora Administration to 389 Administration.
6) make the tar and send this to the new server: tar -cpvf
on the new 389-ds server:
1) Install Redhat 6.3 server
2) yum update
3) Install EPEL:
4) rpm -ivh epel-release-6-8.noarch.rpm
5) Install 389-ds:
--enablerepo=epel-testing install 389-ds
6) extract the tar to /tmp on the new server: tar -xpvf
7) Remove the 10presense.ldif files:
rm -rf ./bin/slapd/install/schema/10presence.ldif
8) Change Fedora to 389 in the following files:
9) Run the migration script:
migrate-ds-admin.pl --oldsroot /tmp/fedora-ds --actualsroot
Got the following error when trying to ADD "userPassword" attribute to an entry, but the same user has no problem to REPLACE or DELETE "userPassword" attribute. The use has the "write" privillage to "userPassword" attribute.
error code 50 - Insufficient 'write' privilege to the 'unhashed#user#password' attribute of entry
DS version 126.96.36.199
Does it mean that ADD "userPassword" attribute will automatically ADD 'unhashed#user#password' attribute ?
Is there a way to disable it?
Each time I restart my master server I get the following warning message in the error log:
[11/Jan/2013:14:04:29 -0500] - CentOS-Directory/8.2.8 B2012.041.1227 starting up
[11/Jan/2013:14:04:29 -0500] NSMMReplicationPlugin - replica_check_for_data_reload: Warning: data for replica dc=<my_domain>,dc=net was reloaded and it no longer matches the data in the changelog (replica data > changelog). Recreating the changelog file. This could affect replication with replica's consumers in which case the consumers should be reinitialized.
[11/Jan/2013:14:04:29 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests
CentOS release 5.5 (Final)
Multi master setup with consumers
I guess this is just a warning, but does it mean there is a problem? I get this on all four of my master servers when I restart dirsrv. I tested and replication is working. Would be nice to get rid of this error.
This e-mail, including attachments, is intended for the person(s)
or company named and may contain confidential and/or legally
privileged information. Unauthorized disclosure, copying or use of
this information may be unlawful and is prohibited. If you are not
the intended recipient, please delete this message and notify the
I have 3 root-suffixes served by 1 instance of slapd in fedora-ds v1.0.4 :
I'm trying to import them into an instance of 389-ds v1.2.10, but I can only get the 1st one imported. This is how I did that:
1) run 'setup-ds' for dc=example,dc=com
2) import the dumped ldif for that root-suffix by runnint this: 'ldapmodify -h localhost -cax -S ~/import.errors -D "cn=directory manager" -W -f ~/dc-example-dc-com.ldif
To create the next 2 root-suffixes, I assumed I should not run setup-ds again, because I don't want another slapd instance. Instead, I try to create them with like this (leaving the last out for brevity):
ldapmodify -avv -h localhost -D cn="Directory Manager" -W <<EOI
dn: cn="o=example.com",cn=mapping tree,cn=config
However, when I try to import the data from the o=example.com suffix:
a) ldapmodify fails every record with "760 # Error: No such object (32)", and
b) the error log for this slapd instance says this once for every record:
"Warning: Mapping tree node entry for o=example.com point to an unknown backend : ihcComRoot", where "ihcComRoot" is the nsslapd backend I used in the ldapmodify command above.
Any ideas what I'm doing wrong?
Sr. Systems Administrator