Re: question about the libpam-ldap debian package.

2008-05-07 Thread Alex Samad 
On Wed, May 07, 2008 at 11:05:24AM +0200, Anthony wrote:
>
>
> Alex Samad a écrit :
>> On Tue, May 06, 2008 at 01:08:19PM +0200, Anthony wrote:
>>   
>>> hi,
>>>
>>> 
>> [snip]
>>
>>   
>>> If the interface is not configure, after a first auth on the ldap, 
>>> the  user authenticated
>>> If a interface is NOT configure (Only loopback) , it take a long, 
>>> long  time, and the user is not auth on the ccreds file.
>>>
>>>
>>> WATH's the problem
>>> 
>>
>> are you talking to your ldap server on the public address (interface )? if 
>> so its
>> down!
>>
>>   
>
>
> Sorry, i wanted to say:
>
> I try to connect to the ldap server, all is fine, the user is  
> authenticated and the credentials files are updated.
> And know, itry this:
>
> If the interface IS NOT configure (Only loopback)
> , (after a first auth on the ldap) so the ldap server is unreachable, the 
>  user is authenticated on the credentials files. => this is what want..!! 
> OK
> BUT now
> If a interface IS configure (eth0) and network become unreachable , it 
> take a long, long  time, and the user is not auth on the ccreds file 
> because of the time out.

is this a tcp time out issue, there are timeout parameters in config
files
>
>
> I would like that if the network become unreachable, the user will be  
> authenticated.
>
> what i have to do ?
>
> Thank you for your help
>
> Anthony
>
>
>>> Is there some configuration to add.
>>> The package have been compiled with hard options
>>>
>>> Thank you very much for your help
>>>
>>>
>>> Anthony
>>>
>>>
>>>
>>>
>>>
>>> 
>>
>>   
>
>
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a 
> subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
>

-- 
"I will have a foreign-handed foreign policy."

- George W. Bush
09/27/2000
Redwood, CA


signature.asc
Description: Digital signature

Re: question about the libpam-ldap debian package.

2008-05-07 Thread Anthony 



Alex Samad a écrit :

On Tue, May 06, 2008 at 01:08:19PM +0200, Anthony wrote:
  

hi,



[snip]

  
If the interface is not configure, after a first auth on the ldap, the  
user authenticated
If a interface is NOT configure (Only loopback) , it take a long, long  
time, and the user is not auth on the ccreds file.



WATH's the problem



are you talking to your ldap server on the public address (interface )? if so 
its
down!

  



Sorry, i wanted to say:

I try to connect to the ldap server, all is fine, the user is 
authenticated and the credentials files are updated.

And know, itry this:

If the interface IS NOT configure (Only loopback)
, (after a first auth on the ldap) so the ldap server is unreachable, the  
user is authenticated on the credentials files. => this is what want..!! OK

BUT now
If a interface IS configure (eth0) and network become unreachable , it take a long, long  
time, and the user is not auth on the ccreds file because of the time out.



I would like that if the network become unreachable, the user will be 
authenticated.


what i have to do ?

Thank you for your help

Anthony



Is there some configuration to add.
The package have been compiled with hard options

Thank you very much for your help


Anthony








  



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: question about the libpam-ldap debian package.

2008-05-06 Thread Alex Samad 
On Tue, May 06, 2008 at 01:08:19PM +0200, Anthony wrote:
> hi,
>
[snip]

> If the interface is not configure, after a first auth on the ldap, the  
> user authenticated
> If a interface is NOT configure (Only loopback) , it take a long, long  
> time, and the user is not auth on the ccreds file.
>
>
> WATH's the problem

are you talking to your ldap server on the public address (interface )? if so 
its
down!

>
> Is there some configuration to add.
> The package have been compiled with hard options
>
> Thank you very much for your help
>
>
> Anthony
>
>
>
>
>

-- 
Prototype designs always work.
-- Don Vonada


signature.asc
Description: Digital signature

question about the libpam-ldap debian package.

2008-05-06 Thread Anthony 

hi,

i try to contact you to get some help...

i try to configure the auth of my all users by a openldap server.
So
i configure libpam-ldap
libnss-ldap (with db in nsswitch.conf) and nss_udatedb  (with a cron to 
update de db users)
configure the libpam_ccreds to be able to auth the user even if the 
network is down (more specially Laptop)

So my pam.d/common_auth looks like this :

/authsufficient  pam_unix.so nullok_secure
auth[authinfo_unavail=ignore success=1 default=2]   pam_ldap.so 
use_first_pass debug

auth[default=done]  \
   pam_ccreds.so action=validate 
ccredsfile=/var/db/.security.db use_first_pass

auth[default=done] \
   pam_ccreds.so action=store 
ccredsfile=/var/db/.security.db use_first_pass

auth[default=bad]   \
   pam_ccreds.so action=update 
ccredsfile=/var/db/.security.db use_first_pass/



if the user is a local user, he is authenticated,
if the user is a ldap, and if the ldap server is available, the user is 
auth and the  credential are added to /security.db/
if he user is a ldap and if the ldap server is unavailable, the user is 
auth throught the /security.db/


All the configuration is OK if  network interface is up.

If the interface is not configure, after a first auth on the ldap, the 
user authenticated
If a interface is NOT configure (Only loopback) , it take a long, long 
time, and the user is not auth on the ccreds file.



WATH's the problem

Is there some configuration to add.
The package have been compiled with hard options

Thank you very much for your help


Anthony

Re: ldap & debian

2001-02-23 Thread Frank Copeland 
On 23 Feb 01 00:50:46 GMT, Known Human Nick Rusnov <[EMAIL PROTECTED]> wrote:
>
>Well I'm having a heck of a time getting a freshly installed Potato box to
>authenticate with an openldap server. 
>
>I'm new to this whole ldap thing, is there a guide somewhere to reconfiguring
>debian to use ldap for things?

Not that I was able to find. I did find these:

 
 
 

>All the guides I've found just have a pam.conf example that I'm not
>sure how to translate into using with the pam.d setup... (I tried, for
>example, taking the lines that started with login in the examples and
>addinf them to the login file in pam.d).

The general idea is to precede each pam_unix.so line in the pam.d/*
files with a line like this:

  auth  sufficient  pam_ldap.so

Frank

Re: ldap & debian

2001-02-22 Thread Andrew Wettstein 
On Thu, Feb 22, 2001 at 04:50:46PM -0800, Known Human Nick Rusnov wrote:
> 
> Well I'm having a heck of a time getting a freshly installed Potato box to
> authenticate with an openldap server. 
> 
> I'm new to this whole ldap thing, is there a guide somewhere to reconfiguring
> debian to use ldap for things? All the guides I've found just have a pam.conf
> example that I'm not sure how to translate into using with the pam.d setup...
> (I tried, for example, taking the lines that started with login in the 
> examples
> and addinf them to the login file in pam.d).

I'd probably apt-get -b source libpam-ldap from the unstable dist.  While
you're building it take a look that directory, it has a bunch of examples
for pam.d configs.

you may want libnss-ldap, too, but that means you're storing posixAccounts
in the ldap server.  

> 
> pam doesn't seem to produce much debugging inyformation, but it did produce 
> some
> lines saying incorrect (or was that insufficient?) credentials.. this is 
> wether
> I have it bind as the admin acccount or not.

yeah it doesn't.  i had a heck of a time setting it up myself.  i can help
you out if you need more help, but you probably want to CC me because I
don't keep up with list on a regular basis.

> 
> Any help would be greatly appreciated.
> 
> I'd be really suprised if there were no debian-specific info out there, given
> that the whole debian cluster seems to use ldap for everything.

which debian cluster?

> 
> thanks
> 
> as always,
> nick
> [EMAIL PROTECTED] * http://www.fargus.net/nick
> Developer - Systems Engineer - Mad System Guru - MOO Sales
> He picks up scraps of information/He's adept at adaptation
> Because for strangers and arrangers/Constant change is here to stay
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

ldap & debian

2001-02-22 Thread Known Human Nick Rusnov 

Well I'm having a heck of a time getting a freshly installed Potato box to
authenticate with an openldap server. 

I'm new to this whole ldap thing, is there a guide somewhere to reconfiguring
debian to use ldap for things? All the guides I've found just have a pam.conf
example that I'm not sure how to translate into using with the pam.d setup...
(I tried, for example, taking the lines that started with login in the examples
and addinf them to the login file in pam.d).

pam doesn't seem to produce much debugging inyformation, but it did produce some
lines saying incorrect (or was that insufficient?) credentials.. this is wether
I have it bind as the admin acccount or not.

Any help would be greatly appreciated.

I'd be really suprised if there were no debian-specific info out there, given
that the whole debian cluster seems to use ldap for everything.

thanks

as always,
nick
[EMAIL PROTECTED] * http://www.fargus.net/nick
Developer - Systems Engineer - Mad System Guru - MOO Sales
He picks up scraps of information/He's adept at adaptation
Because for strangers and arrangers/Constant change is here to stay