Hi I have setup ldap server and from client its returning example :
[root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" # extended LDIF # # LDAPv3 # base <dc=fosiul,dc=lan> with scope subtree # filter: (cn=Fosiul Alam) # requesting: ALL #
# falam, users, uk, fosiul.lan dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan givenName: Fosiul sn: Alam loginShell: /bin/bash/bash uidNumber: 1000 gidNumber: 3000 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: falam cn: Fosiul Alam homeDirectory: /home/falam userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ= =
# search result search: 3 result: 0 Success
# numResponses: 2 # numEntries: 1
and in the access log :
28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory manager" method=128 version=3 [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
But From command line , when i do [root@home ~]# id falam id: falam: No such user
[28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 version=3 [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101 nentries=0 etime=0 [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
So basically, ldapsearch is working but authentication is not working ..
Can any one please help me with this . and i am using Centos 5.8
Fosiul.
In other mail I've told you: use authconfig or authconfig-tui or system-config-authentication to setup system for ldap authentication. For example authconfig-tui has simple text-based interface, authconfig is CLI based and require arguments. Finally system-config-authentication has gui. 28-07-2012 16:50, "Fosiul Alam" fosiul@gmail.com napisał(a):
Hi I have setup ldap server and from client its returning example :
[root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" # extended LDIF # # LDAPv3 # base <dc=fosiul,dc=lan> with scope subtree # filter: (cn=Fosiul Alam) # requesting: ALL #
# falam, users, uk, fosiul.lan dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan givenName: Fosiul sn: Alam loginShell: /bin/bash/bash uidNumber: 1000 gidNumber: 3000 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: falam cn: Fosiul Alam homeDirectory: /home/falam userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ= =
# search result search: 3 result: 0 Success
# numResponses: 2 # numEntries: 1
and in the access log :
28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory manager" method=128 version=3 [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
But From command line , when i do [root@home ~]# id falam id: falam: No such user
[28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 version=3 [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101 nentries=0 etime=0 [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
So basically, ldapsearch is working but authentication is not working ..
Can any one please help me with this . and i am using Centos 5.8
Fosiul.
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Hi I configured another pc with authconfig-tui but there is not any luck its same thing ..
Fosiul
On Sat, Jul 28, 2012 at 4:04 PM, Grzegorz Dwornicki gd1100@gmail.com wrote:
In other mail I've told you: use authconfig or authconfig-tui or system-config-authentication to setup system for ldap authentication. For example authconfig-tui has simple text-based interface, authconfig is CLI based and require arguments. Finally system-config-authentication has gui.
28-07-2012 16:50, "Fosiul Alam" fosiul@gmail.com napisał(a):
Hi I have setup ldap server and from client its returning example :
[root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" # extended LDIF # # LDAPv3 # base <dc=fosiul,dc=lan> with scope subtree # filter: (cn=Fosiul Alam) # requesting: ALL #
# falam, users, uk, fosiul.lan dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan givenName: Fosiul sn: Alam loginShell: /bin/bash/bash uidNumber: 1000 gidNumber: 3000 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: falam cn: Fosiul Alam homeDirectory: /home/falam userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ= =
# search result search: 3 result: 0 Success
# numResponses: 2 # numEntries: 1
and in the access log :
28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory manager" method=128 version=3 [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
But From command line , when i do [root@home ~]# id falam id: falam: No such user
[28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 version=3 [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101 nentries=0 etime=0 [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
So basically, ldapsearch is working but authentication is not working ..
Can any one please help me with this . and i am using Centos 5.8
Fosiul.
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
I assume you are using TLS. You need to use fqdn not ip of centos directory server, configure firewall for 389 or 636 port.
Please send content of /etc/nsswitch.conf and /etc/ldap.conf 28-07-2012 18:13, "Fosiul Alam" fosiul@gmail.com napisał(a):
Hi I configured another pc with authconfig-tui but there is not any luck its same thing ..
Fosiul
On Sat, Jul 28, 2012 at 4:04 PM, Grzegorz Dwornicki gd1100@gmail.com wrote:
In other mail I've told you: use authconfig or authconfig-tui or system-config-authentication to setup system for ldap authentication. For example authconfig-tui has simple text-based interface, authconfig is CLI based and require arguments. Finally system-config-authentication has
gui.
28-07-2012 16:50, "Fosiul Alam" fosiul@gmail.com napisał(a):
Hi I have setup ldap server and from client its returning example :
[root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" # extended LDIF # # LDAPv3 # base <dc=fosiul,dc=lan> with scope subtree # filter: (cn=Fosiul Alam) # requesting: ALL #
# falam, users, uk, fosiul.lan dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan givenName: Fosiul sn: Alam loginShell: /bin/bash/bash uidNumber: 1000 gidNumber: 3000 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: falam cn: Fosiul Alam homeDirectory: /home/falam userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ= =
# search result search: 3 result: 0 Success
# numResponses: 2 # numEntries: 1
and in the access log :
28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory manager" method=128 version=3 [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
But From command line , when i do [root@home ~]# id falam id: falam: No such user
[28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128
version=3
[28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101 nentries=0 etime=0 [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
So basically, ldapsearch is working but authentication is not working
..
Can any one please help me with this . and i am using Centos 5.8
Fosiul.
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- Regards Fosiul Alam 07877100621 http://www.fosiul.co.uk -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
hi yes.. i am not using ip . i am using fully host name
this is my nsswitch
cat /etc/nsswitch.conf # # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # nisplus or nis+ Use NIS+ (NIS version 3) # nis or yp Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far #
# To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis
passwd: files ldap shadow: files ldap group: files ldap
#hosts: db files nisplus nis dns hosts: files dns
# Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files netmasks: files networks: files protocols: files rpc: files services: files
netgroup: files ldap
publickey: nisplus
automount: files ldap aliases: files nisplus
sudoers: files ldap
and /etc/ldap
[root@home cacerts]# grep -v "^#" /etc/ldap.conf | sed -e '/^$/d' base dc=fosiul,dc=lan
timelimit 120 bind_timelimit 120 idle_timelimit 3600 #nss_base_passwd ou=users,l=uk,dc=fosiul,dc=lan,?one nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm uri ldap://ldap-2.fosiul.lan/ ssl start_tls tls_cacertfile /etc/openldap/cacerts/ds-ca.crt pam_password clear
On Sat, Jul 28, 2012 at 5:23 PM, Grzegorz Dwornicki gd1100@gmail.com wrote:
I assume you are using TLS. You need to use fqdn not ip of centos directory server, configure firewall for 389 or 636 port.
Please send content of /etc/nsswitch.conf and /etc/ldap.conf
28-07-2012 18:13, "Fosiul Alam" fosiul@gmail.com napisał(a):
Hi I configured another pc with authconfig-tui but there is not any luck its same thing ..
Fosiul
On Sat, Jul 28, 2012 at 4:04 PM, Grzegorz Dwornicki gd1100@gmail.com wrote:
In other mail I've told you: use authconfig or authconfig-tui or system-config-authentication to setup system for ldap authentication. For example authconfig-tui has simple text-based interface, authconfig is CLI based and require arguments. Finally system-config-authentication has gui.
28-07-2012 16:50, "Fosiul Alam" fosiul@gmail.com napisał(a):
Hi I have setup ldap server and from client its returning example :
[root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" # extended LDIF # # LDAPv3 # base <dc=fosiul,dc=lan> with scope subtree # filter: (cn=Fosiul Alam) # requesting: ALL #
# falam, users, uk, fosiul.lan dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan givenName: Fosiul sn: Alam loginShell: /bin/bash/bash uidNumber: 1000 gidNumber: 3000 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: falam cn: Fosiul Alam homeDirectory: /home/falam userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ= =
# search result search: 3 result: 0 Success
# numResponses: 2 # numEntries: 1
and in the access log :
28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory manager" method=128 version=3 [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
But From command line , when i do [root@home ~]# id falam id: falam: No such user
[28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 version=3 [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101 nentries=0 etime=0 [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
So basically, ldapsearch is working but authentication is not working ..
Can any one please help me with this . and i am using Centos 5.8
Fosiul.
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- Regards Fosiul Alam 07877100621 http://www.fosiul.co.uk -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Do you have nss_ldap installed? 28-07-2012 18:58, "Fosiul Alam" fosiul@gmail.com napisał(a):
hi yes.. i am not using ip . i am using fully host name
this is my nsswitch
cat /etc/nsswitch.conf # # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # nisplus or nis+ Use NIS+ (NIS version 3) # nis or yp Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far #
# To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis
passwd: files ldap shadow: files ldap group: files ldap
#hosts: db files nisplus nis dns hosts: files dns
# Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files netmasks: files networks: files protocols: files rpc: files services: files
netgroup: files ldap
publickey: nisplus
automount: files ldap aliases: files nisplus
sudoers: files ldap
and /etc/ldap
[root@home cacerts]# grep -v "^#" /etc/ldap.conf | sed -e '/^$/d' base dc=fosiul,dc=lan
timelimit 120 bind_timelimit 120 idle_timelimit 3600 #nss_base_passwd ou=users,l=uk,dc=fosiul,dc=lan,?one nss_initgroups_ignoreusers
root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm uri ldap://ldap-2.fosiul.lan/ ssl start_tls tls_cacertfile /etc/openldap/cacerts/ds-ca.crt pam_password clear
On Sat, Jul 28, 2012 at 5:23 PM, Grzegorz Dwornicki gd1100@gmail.com wrote:
I assume you are using TLS. You need to use fqdn not ip of centos
directory
server, configure firewall for 389 or 636 port.
Please send content of /etc/nsswitch.conf and /etc/ldap.conf
28-07-2012 18:13, "Fosiul Alam" fosiul@gmail.com napisał(a):
Hi I configured another pc with authconfig-tui but there is not any luck its same thing ..
Fosiul
On Sat, Jul 28, 2012 at 4:04 PM, Grzegorz Dwornicki gd1100@gmail.com wrote:
In other mail I've told you: use authconfig or authconfig-tui or system-config-authentication to setup system for ldap authentication. For example authconfig-tui has simple text-based interface, authconfig is CLI based and require arguments. Finally system-config-authentication has gui.
28-07-2012 16:50, "Fosiul Alam" fosiul@gmail.com napisał(a):
Hi I have setup ldap server and from client its returning example :
[root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx
-h
ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" # extended LDIF # # LDAPv3 # base <dc=fosiul,dc=lan> with scope subtree # filter: (cn=Fosiul Alam) # requesting: ALL #
# falam, users, uk, fosiul.lan dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan givenName: Fosiul sn: Alam loginShell: /bin/bash/bash uidNumber: 1000 gidNumber: 3000 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: falam cn: Fosiul Alam homeDirectory: /home/falam userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ= =
# search result search: 3 result: 0 Success
# numResponses: 2 # numEntries: 1
and in the access log :
28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory manager" method=128 version=3 [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
But From command line , when i do [root@home ~]# id falam id: falam: No such user
[28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 version=3 [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101 nentries=0 etime=0 [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
So basically, ldapsearch is working but authentication is not working ..
Can any one please help me with this . and i am using Centos 5.8
Fosiul.
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- Regards Fosiul Alam 07877100621 http://www.fosiul.co.uk -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- Regards Fosiul Alam 07877100621 http://www.fosiul.co.uk -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
yes its
rpm -qa | grep nss_ldap nss_ldap-253-49.el5 nss_ldap-253-49.el5
i there is some other problem ..
example : when i execute this :
ldapsearch -x -ZZ -D "cn=Directory Manager" -w meditation -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
i get output example :
ldapsearch -x -ZZ -D "cn=Directory Manager" -w xxxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" # extended LDIF # # LDAPv3 # base <dc=fosiul,dc=lan> with scope subtree # filter: (cn=Fosiul Alam) # requesting: ALL #
# falam, users, uk, fosiul.lan dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan givenName: Fosiul sn: Alam loginShell: /bin/bash/bash uidNumber: 1000 gidNumber: 3000 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: falam cn: Fosiul Alam homeDirectory: /home/falam userPassword:: e1NTSEF9bkM0dyFlLaFlJYUVPclZHRENiT1Y2RnA1MDAwdnZZQ1E9PQ= =
# search result search: 3 result: 0 Success
# numResponses: 2 # numEntries: 1
when i do this ( i dont get anythin) ==================
ldapsearch -x -ZZ -D "uid=falam,ou=users,l=uk,dc=fosiul,dc=lan" -w xxxxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" dn cn sn
# extended LDIF # # LDAPv3 # base <dc=fosiul,dc=lan> with scope subtree # filter: (cn=Fosiul Alam) # requesting: dn cn sn #
# search result search: 3 result: 0 Success
# numResponses: 1
and log i get : [28/Jul/2012:19:18:48 +0100] conn=141 fd=69 slot=69 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:19:18:48 +0100] conn=141 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:19:18:48 +0100] conn=141 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:19:18:48 +0100] conn=141 SSL 256-bit AES [28/Jul/2012:19:18:48 +0100] conn=141 op=1 BIND dn="uid=falam,ou=users,l=uk,dc=fosiul,dc=lan" method=128 version=3 [28/Jul/2012:19:18:48 +0100] conn=141 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=falam,ou=users,l=uk,dc=fosiul,dc=lan" [28/Jul/2012:19:18:48 +0100] conn=141 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs="distinguishedName cn sn" [28/Jul/2012:19:18:48 +0100] conn=141 op=2 RESULT err=0 tag=101 nentries=0 etime=0 [28/Jul/2012:19:18:48 +0100] conn=141 op=3 UNBIND [28/Jul/2012:19:18:48 +0100] conn=141 op=3 fd=69 closed - U1
do know where is the problem
but its not working
On Sat, Jul 28, 2012 at 7:13 PM, Grzegorz Dwornicki gd1100@gmail.com wrote:
Do you have nss_ldap installed?
28-07-2012 18:58, "Fosiul Alam" fosiul@gmail.com napisał(a):
hi yes.. i am not using ip . i am using fully host name
this is my nsswitch
cat /etc/nsswitch.conf # # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # nisplus or nis+ Use NIS+ (NIS version 3) # nis or yp Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far #
# To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis
passwd: files ldap shadow: files ldap group: files ldap
#hosts: db files nisplus nis dns hosts: files dns
# Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files netmasks: files networks: files protocols: files rpc: files services: files
netgroup: files ldap
publickey: nisplus
automount: files ldap aliases: files nisplus
sudoers: files ldap
and /etc/ldap
[root@home cacerts]# grep -v "^#" /etc/ldap.conf | sed -e '/^$/d' base dc=fosiul,dc=lan
timelimit 120 bind_timelimit 120 idle_timelimit 3600 #nss_base_passwd ou=users,l=uk,dc=fosiul,dc=lan,?one nss_initgroups_ignoreusers
root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm uri ldap://ldap-2.fosiul.lan/ ssl start_tls tls_cacertfile /etc/openldap/cacerts/ds-ca.crt pam_password clear
On Sat, Jul 28, 2012 at 5:23 PM, Grzegorz Dwornicki gd1100@gmail.com wrote:
I assume you are using TLS. You need to use fqdn not ip of centos directory server, configure firewall for 389 or 636 port.
Please send content of /etc/nsswitch.conf and /etc/ldap.conf
28-07-2012 18:13, "Fosiul Alam" fosiul@gmail.com napisał(a):
Hi I configured another pc with authconfig-tui but there is not any luck its same thing ..
Fosiul
On Sat, Jul 28, 2012 at 4:04 PM, Grzegorz Dwornicki gd1100@gmail.com wrote:
In other mail I've told you: use authconfig or authconfig-tui or system-config-authentication to setup system for ldap authentication. For example authconfig-tui has simple text-based interface, authconfig is CLI based and require arguments. Finally system-config-authentication has gui.
28-07-2012 16:50, "Fosiul Alam" fosiul@gmail.com napisał(a):
Hi I have setup ldap server and from client its returning example :
[root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" # extended LDIF # # LDAPv3 # base <dc=fosiul,dc=lan> with scope subtree # filter: (cn=Fosiul Alam) # requesting: ALL #
# falam, users, uk, fosiul.lan dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan givenName: Fosiul sn: Alam loginShell: /bin/bash/bash uidNumber: 1000 gidNumber: 3000 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: falam cn: Fosiul Alam homeDirectory: /home/falam userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ= =
# search result search: 3 result: 0 Success
# numResponses: 2 # numEntries: 1
and in the access log :
28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory manager" method=128 version=3 [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
But From command line , when i do [root@home ~]# id falam id: falam: No such user
[28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 version=3 [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101 nentries=0 etime=0 [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
So basically, ldapsearch is working but authentication is not working ..
Can any one please help me with this . and i am using Centos 5.8
Fosiul.
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- Regards Fosiul Alam 07877100621 http://www.fosiul.co.uk -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- Regards Fosiul Alam 07877100621 http://www.fosiul.co.uk -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Sorry for the top posting.
But your test is not sufficient. can you do a ldap simple bind with the user , not with the directory admin, you want to authenticate ? This is the first question to answer . so you can be sure no ldap acl problem, no password mismatch and the like.
Regards
2012/7/28, Fosiul Alam fosiul@gmail.com:
Hi I have setup ldap server and from client its returning example :
[root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" # extended LDIF # # LDAPv3 # base <dc=fosiul,dc=lan> with scope subtree # filter: (cn=Fosiul Alam) # requesting: ALL #
# falam, users, uk, fosiul.lan dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan givenName: Fosiul sn: Alam loginShell: /bin/bash/bash uidNumber: 1000 gidNumber: 3000 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: falam cn: Fosiul Alam homeDirectory: /home/falam userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ= =
# search result search: 3 result: 0 Success
# numResponses: 2 # numEntries: 1
and in the access log :
28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory manager" method=128 version=3 [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
But From command line , when i do [root@home ~]# id falam id: falam: No such user
[28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 version=3 [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101 nentries=0 etime=0 [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
So basically, ldapsearch is working but authentication is not working ..
Can any one please help me with this . and i am using Centos 5.8
Fosiul.
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
HI thanks
if i try this
ldapsearch -x -ZZ -D "uid=falam,ou=users,l=uk,dc=fosiul,dc=lan" -w xxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" dn cn sn
now if i give a wrong password it will say , authentication failed
but with correct password.. It does not return anything .. and i get this in the log
On Sat, Jul 28, 2012 at 8:31 PM, yersinia yersinia.spiros@gmail.com wrote:
Sorry for the top posting.
But your test is not sufficient. can you do a ldap simple bind with the user , not with the directory admin, you want to authenticate ? This is the first question to answer . so you can be sure no ldap acl problem, no password mismatch and the like.
Regards
2012/7/28, Fosiul Alam fosiul@gmail.com:
Hi I have setup ldap server and from client its returning example :
[root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" # extended LDIF # # LDAPv3 # base <dc=fosiul,dc=lan> with scope subtree # filter: (cn=Fosiul Alam) # requesting: ALL #
# falam, users, uk, fosiul.lan dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan givenName: Fosiul sn: Alam loginShell: /bin/bash/bash uidNumber: 1000 gidNumber: 3000 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: falam cn: Fosiul Alam homeDirectory: /home/falam userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ= =
# search result search: 3 result: 0 Success
# numResponses: 2 # numEntries: 1
and in the access log :
28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory manager" method=128 version=3 [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
But From command line , when i do [root@home ~]# id falam id: falam: No such user
[28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 version=3 [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101 nentries=0 etime=0 [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
So basically, ldapsearch is working but authentication is not working ..
Can any one please help me with this . and i am using Centos 5.8
Fosiul.
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- Inviato dal mio dispositivo mobile -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Hi again
all informations you provided looks ok. At times like this when error was hard to find I looked /var/log/dirsrv/slapd-instance_name/access log for debug info. Run tail -f on access log and try to use id command again. The logs will provide some tracing info commbined with information you provided already.
Greg.
2012/7/28 Fosiul Alam fosiul@gmail.com
HI thanks
if i try this
ldapsearch -x -ZZ -D "uid=falam,ou=users,l=uk,dc=fosiul,dc=lan" -w xxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" dn cn sn
now if i give a wrong password it will say , authentication failed
but with correct password.. It does not return anything .. and i get this in the log
On Sat, Jul 28, 2012 at 8:31 PM, yersinia yersinia.spiros@gmail.com wrote:
Sorry for the top posting.
But your test is not sufficient. can you do a ldap simple bind with the user , not with the directory admin, you want to authenticate ? This is the first question to answer . so you can be sure no ldap acl problem, no password mismatch and the like.
Regards
2012/7/28, Fosiul Alam fosiul@gmail.com:
Hi I have setup ldap server and from client its returning example :
[root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" # extended LDIF # # LDAPv3 # base <dc=fosiul,dc=lan> with scope subtree # filter: (cn=Fosiul Alam) # requesting: ALL #
# falam, users, uk, fosiul.lan dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan givenName: Fosiul sn: Alam loginShell: /bin/bash/bash uidNumber: 1000 gidNumber: 3000 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: falam cn: Fosiul Alam homeDirectory: /home/falam userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ= =
# search result search: 3 result: 0 Success
# numResponses: 2 # numEntries: 1
and in the access log :
28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory manager" method=128 version=3 [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
But From command line , when i do [root@home ~]# id falam id: falam: No such user
[28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128
version=3
[28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101 nentries=0 etime=0 [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
So basically, ldapsearch is working but authentication is not working
..
Can any one please help me with this . and i am using Centos 5.8
Fosiul.
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- Inviato dal mio dispositivo mobile -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- Regards Fosiul Alam 07877100621 http://www.fosiul.co.uk -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Did you configure the nsswitch.conf file to define ldap as a source of authentication, or you could select use LDAP authentication in "setup".
Thank you,
Ryan Palamara ZAIS Group, LLC 2 Bridge Avenue, Suite 322 Red Bank, New Jersey 07701 Phone: (732) 450-7444 Ryan.palamara@zaisgroup.com
-----Original Message----- From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-bounces@lists.fedoraproject.org] On Behalf Of Fosiul Alam Sent: Saturday, July 28, 2012 10:50 AM To: 389-users@lists.fedoraproject.org Subject: [389-users] ldapsearch is fine but from authentication purpose its not doing anything
Hi I have setup ldap server and from client its returning example :
[root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" # extended LDIF # # LDAPv3 # base <dc=fosiul,dc=lan> with scope subtree # filter: (cn=Fosiul Alam) # requesting: ALL #
# falam, users, uk, fosiul.lan dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan givenName: Fosiul sn: Alam loginShell: /bin/bash/bash uidNumber: 1000 gidNumber: 3000 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: falam cn: Fosiul Alam homeDirectory: /home/falam userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ= =
# search result search: 3 result: 0 Success
# numResponses: 2 # numEntries: 1
and in the access log :
28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory manager" method=128 version=3 [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
But From command line , when i do [root@home ~]# id falam id: falam: No such user
[28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 version=3 [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101 nentries=0 etime=0 [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
So basically, ldapsearch is working but authentication is not working ..
Can any one please help me with this . and i am using Centos 5.8
Fosiul. -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users ________________________________
This e-mail message is intended only for the named recipient(s) above. It may contain confidential information. If you are not the intended recipient you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and delete the message and any attachment(s) from your system. Thank you.
This is not an offer (or solicitation of an offer) to buy/sell the securities/instruments mentioned or an official confirmation. This is not research and is not from ZAIS Group but it may refer to a research analyst/research report. Unless indicated, these views are the author's and may differ from those of ZAIS Group research or others in the Firm. We do not represent this is accurate or complete and we may not update this. Past performance is not indicative of future returns.
IRS CIRCULAR 230 NOTICE:.
To comply with requirements imposed by the IRS, we inform you that any U.S. federal tax advice contained herein (including any attachments), unless specifically stated otherwise, is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending any transaction or matter addressed herein to another party. Each taxpayer should seek advice based on the taxpayer's particular circumstances from an independent tax advisor.
"ZAIS", "ZAIS Group" and "ZAIS Solutions" are trademarks of ZAIS Group, LLC.
389-users@lists.fedoraproject.org