Hi I think i am very close to fix the issue Please have a look to the bellow commands I can do this from SErver or client .. this result i get
root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" # extended LDIF # # LDAPv3 # base <dc=fosiul,dc=lan> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# fosiul.lan dn: dc=fosiul,dc=lan dc: fosiul objectClass: domain objectClass: top
# uk, fosiul.lan dn: l=uk,dc=fosiul,dc=lan l: uk objectClass: locality objectClass: top
# groups, uk, fosiul.lan dn: ou=groups,l=uk,dc=fosiul,dc=lan objectClass: organizationalUnit objectClass: top ou: groups
# users, uk, fosiul.lan dn: ou=users,l=uk,dc=fosiul,dc=lan objectClass: organizationalUnit objectClass: top ou: users
# techops-uk, groups, uk, fosiul.lan dn: cn=techops-uk,ou=groups,l=uk,dc=fosiul,dc=lan gidNumber: 3000 objectClass: top objectClass: groupofuniquenames objectClass: posixgroup cn: techops-uk
# falam, users, uk, fosiul.lan dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan givenName: Fosiul sn: Alam loginShell: /bin/bash/bash uidNumber: 1000 gidNumber: 3000 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: falam cn: Fosiul Alam homeDirectory: /home/falam userPassword:: e1NTSEF9UGtqNjhvazF1SFR0NUR5T0Roa2FSU1pSR0RrSWNYYkVvYVU2V2c9PQ= =
# search result search: 3 result: 0 Success
# numResponses: 7 # numEntries: 6
so falam is in LDAP
so from linux client or server if i type
id falam
or ssh falam@ldap-2 it should accept the password but i get this
[root@home ~]# id falam id: falam: No such user
or
Jul 28 13:31:33 ldap-2 sshd[6071]: pam_succeed_if(sshd:auth): error retrieving information about user falam Jul 28 13:31:34 ldap-2 sshd[6071]: Failed password for invalid user falam from 192.0.0.4 port 60072 ssh2
Please help with my last problem thanks
Hello
On Sat, Jul 28, 2012 at 6:07 PM, fosiul alam expertalert@gmail.com wrote:
Hi I think i am very close to fix the issue Please have a look to the bellow commands I can do this from SErver or client .. this result i get
root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" # extended LDIF # # LDAPv3 # base <dc=fosiul,dc=lan> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# fosiul.lan dn: dc=fosiul,dc=lan dc: fosiul objectClass: domain objectClass: top
# uk, fosiul.lan dn: l=uk,dc=fosiul,dc=lan l: uk objectClass: locality objectClass: top
# groups, uk, fosiul.lan dn: ou=groups,l=uk,dc=fosiul,dc=lan objectClass: organizationalUnit objectClass: top ou: groups
# users, uk, fosiul.lan dn: ou=users,l=uk,dc=fosiul,dc=lan objectClass: organizationalUnit objectClass: top ou: users
# techops-uk, groups, uk, fosiul.lan dn: cn=techops-uk,ou=groups,l=uk,dc=fosiul,dc=lan gidNumber: 3000 objectClass: top objectClass: groupofuniquenames objectClass: posixgroup cn: techops-uk
# falam, users, uk, fosiul.lan dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan givenName: Fosiul sn: Alam loginShell: /bin/bash/bash uidNumber: 1000 gidNumber: 3000 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: falam cn: Fosiul Alam homeDirectory: /home/falam userPassword:: e1NTSEF9UGtqNjhvazF1SFR0NUR5T0Roa2FSU1pSR0RrSWNYYkVvYVU2V2c9PQ= =
# search result search: 3 result: 0 Success
# numResponses: 7 # numEntries: 6
so falam is in LDAP
so from linux client or server if i type
id falam
or ssh falam@ldap-2 it should accept the password but i get this
[root@home ~]# id falam id: falam: No such user
or
Jul 28 13:31:33 ldap-2 sshd[6071]: pam_succeed_if(sshd:auth): error retrieving information about user falam Jul 28 13:31:34 ldap-2 sshd[6071]: Failed password for invalid user falam from 192.0.0.4 port 60072 ssh2
Is client a RHEL-5 or RHEL-6 ?
Do you want to use pam_sss.so or pam_ldap.so, Google them on internet for more info..
Could you come online on #389 Freenode channel, This will fasten the process.
Regards Arpit Tolani
389-users@lists.fedoraproject.org