Do you have nss_ldap installed? 28-07-2012 18:58, "Fosiul Alam" <fos...@gmail.com> napisał(a):
> hi yes.. i am not using ip . i am using fully host name > > this is my nsswitch > > cat /etc/nsswitch.conf > # > # /etc/nsswitch.conf > # > # An example Name Service Switch config file. This file should be > # sorted with the most-used services at the beginning. > # > # The entry '[NOTFOUND=return]' means that the search for an > # entry should stop if the search in the previous entry turned > # up nothing. Note that if the search failed due to some other reason > # (like no NIS server responding) then the search continues with the > # next entry. > # > # Legal entries are: > # > # nisplus or nis+ Use NIS+ (NIS version 3) > # nis or yp Use NIS (NIS version 2), also called YP > # dns Use DNS (Domain Name Service) > # files Use the local files > # db Use the local database (.db) files > # compat Use NIS on compat mode > # hesiod Use Hesiod for user lookups > # [NOTFOUND=return] Stop searching if not found so far > # > > # To use db, put the "db" in front of "files" for entries you want to be > # looked up first in the databases > # > # Example: > #passwd: db files nisplus nis > #shadow: db files nisplus nis > #group: db files nisplus nis > > passwd: files ldap > shadow: files ldap > group: files ldap > > #hosts: db files nisplus nis dns > hosts: files dns > > # Example - obey only what nisplus tells us... > #services: nisplus [NOTFOUND=return] files > #networks: nisplus [NOTFOUND=return] files > #protocols: nisplus [NOTFOUND=return] files > #rpc: nisplus [NOTFOUND=return] files > #ethers: nisplus [NOTFOUND=return] files > #netmasks: nisplus [NOTFOUND=return] files > > bootparams: nisplus [NOTFOUND=return] files > > ethers: files > netmasks: files > networks: files > protocols: files > rpc: files > services: files > > netgroup: files ldap > > publickey: nisplus > > automount: files ldap > aliases: files nisplus > > sudoers: files ldap > > > and /etc/ldap > > [root@home cacerts]# grep -v "^#" /etc/ldap.conf | sed -e '/^$/d' > base dc=fosiul,dc=lan > > timelimit 120 > bind_timelimit 120 > idle_timelimit 3600 > #nss_base_passwd ou=users,l=uk,dc=fosiul,dc=lan,?one > nss_initgroups_ignoreusers > > root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm > uri ldap://ldap-2.fosiul.lan/ > ssl start_tls > tls_cacertfile /etc/openldap/cacerts/ds-ca.crt > pam_password clear > > > On Sat, Jul 28, 2012 at 5:23 PM, Grzegorz Dwornicki <gd1...@gmail.com> > wrote: > > I assume you are using TLS. You need to use fqdn not ip of centos > directory > > server, configure firewall for 389 or 636 port. > > > > Please send content of /etc/nsswitch.conf and /etc/ldap.conf > > > > 28-07-2012 18:13, "Fosiul Alam" <fos...@gmail.com> napisał(a): > > > >> Hi > >> I configured another pc > >> with authconfig-tui > >> but there is not any luck > >> its same thing .. > >> > >> Fosiul > >> > >> On Sat, Jul 28, 2012 at 4:04 PM, Grzegorz Dwornicki <gd1...@gmail.com> > >> wrote: > >> > In other mail I've told you: use authconfig or authconfig-tui or > >> > system-config-authentication to setup system for ldap authentication. > >> > For > >> > example authconfig-tui has simple text-based interface, authconfig is > >> > CLI > >> > based and require arguments. Finally system-config-authentication has > >> > gui. > >> > > >> > 28-07-2012 16:50, "Fosiul Alam" <fos...@gmail.com> napisał(a): > >> >> > >> >> Hi > >> >> I have setup ldap server and from client its returning example : > >> >> > >> >> [root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx > -h > >> >> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" > >> >> # extended LDIF > >> >> # > >> >> # LDAPv3 > >> >> # base <dc=fosiul,dc=lan> with scope subtree > >> >> # filter: (cn=Fosiul Alam) > >> >> # requesting: ALL > >> >> # > >> >> > >> >> # falam, users, uk, fosiul.lan > >> >> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan > >> >> givenName: Fosiul > >> >> sn: Alam > >> >> loginShell: /bin/bash/bash > >> >> uidNumber: 1000 > >> >> gidNumber: 3000 > >> >> objectClass: top > >> >> objectClass: person > >> >> objectClass: organizationalPerson > >> >> objectClass: inetorgperson > >> >> objectClass: posixAccount > >> >> uid: falam > >> >> cn: Fosiul Alam > >> >> homeDirectory: /home/falam > >> >> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ= > >> >> = > >> >> > >> >> # search result > >> >> search: 3 > >> >> result: 0 Success > >> >> > >> >> # numResponses: 2 > >> >> # numEntries: 1 > >> >> > >> >> and in the access log : > >> >> > >> >> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from > >> >> 192.0.0.4 to 192.0.0.9 > >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT > >> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS" > >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120 > >> >> nentries=0 etime=0 > >> >> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES > >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory > >> >> manager" method=128 version=3 > >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97 > >> >> nentries=0 etime=0 dn="cn=directory manager" > >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH > >> >> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL > >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101 > >> >> nentries=1 etime=0 > >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND > >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1 > >> >> > >> >> > >> >> But From command line , when i do > >> >> [root@home ~]# id falam > >> >> id: falam: No such user > >> >> > >> >> > >> >> > >> >> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from > >> >> 192.0.0.4 to 192.0.0.9 > >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT > >> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS" > >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120 > >> >> nentries=0 etime=0 > >> >> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES > >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 > >> >> version=3 > >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97 > >> >> nentries=0 etime=0 dn="" > >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH > >> >> base="dc=fosiul,dc=lan" scope=2 > >> >> filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid > >> >> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos > >> >> description objectClass" > >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101 > >> >> nentries=0 etime=0 > >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1 > >> >> > >> >> > >> >> So basically, ldapsearch is working but authentication is not working > >> >> .. > >> >> > >> >> Can any one please help me with this . > >> >> and i am using Centos 5.8 > >> >> > >> >> Fosiul. > >> >> -- > >> >> 389 users mailing list > >> >> 389-users@lists.fedoraproject.org > >> >> https://admin.fedoraproject.org/mailman/listinfo/389-users > >> > > >> > > >> > -- > >> > 389 users mailing list > >> > 389-users@lists.fedoraproject.org > >> > https://admin.fedoraproject.org/mailman/listinfo/389-users > >> > >> > >> > >> -- > >> Regards > >> Fosiul Alam > >> 07877100621 > >> http://www.fosiul.co.uk > >> -- > >> 389 users mailing list > >> 389-users@lists.fedoraproject.org > >> https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > > > -- > > 389 users mailing list > > 389-users@lists.fedoraproject.org > > https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > -- > Regards > Fosiul Alam > 07877100621 > http://www.fosiul.co.uk > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users