| 1 |
Hi, |
| 2 |
|
| 3 |
I'm trying to setup a environment where I want my users for main |
| 4 |
services, such as sshd, samba and so on to auth on a LDAP server. |
| 5 |
I installed pam_ldap and I have my LDAP up. After following some |
| 6 |
guides, I have a problem which I don't know how to solve. When I type |
| 7 |
on shell: |
| 8 |
|
| 9 |
# getent passwd |
| 10 |
{the content of /etc/passwd file} |
| 11 |
after this... |
| 12 |
request done: ld 0x51cda0 msgid 1 |
| 13 |
request done: ld 0x5445e0 msgid 1 |
| 14 |
request done: ld 0x5445e0 msgid 1 |
| 15 |
request done: ld 0x5445e0 msgid 1 |
| 16 |
request done: ld 0x5445e0 msgid 1 |
| 17 |
request done: ld 0x5445e0 msgid 1 |
| 18 |
request done: ld 0x5445e0 msgid 1 |
| 19 |
|
| 20 |
When I check the syslogd file I can see: |
| 21 |
|
| 22 |
Jun 22 03:17:02 embedded slapd[23890]: conn=22 fd=12 ACCEPT from |
| 23 |
IP=150.165.63.1:57920 (IP=0.0.0.0:636) |
| 24 |
Jun 22 03:17:02 embedded slapd[23890]: conn=22 fd=12 TLS established |
| 25 |
tls_ssf=256 ssf=256 |
| 26 |
Jun 22 03:17:02 embedded slapd[23890]: conn=22 op=0 STARTTLS |
| 27 |
Jun 22 03:17:02 embedded slapd[23890]: conn=22 op=0 RESULT oid= err=1 |
| 28 |
text=TLS already started |
| 29 |
Jun 22 03:17:02 embedded getent: nss_ldap: reconnecting to LDAP server |
| 30 |
(sleeping 8 seconds)... |
| 31 |
Jun 22 03:17:02 embedded slapd[23890]: conn=22 op=1 UNBIND |
| 32 |
Jun 22 03:17:02 embedded slapd[23890]: conn=22 fd=12 closed |
| 33 |
Jun 22 03:17:02 embedded slapd[23890]: connection_read(12): no connection! |
| 34 |
|
| 35 |
I'm using TLS and everything seems to works fine by using |
| 36 |
phpldapadmin, lam and ldap command line, such as ldapsearch, |
| 37 |
ldapadd, when I use -x option, in this last case. |
| 38 |
|
| 39 |
Well, here are the main configuration: |
| 40 |
|
| 41 |
/etc/openldap/ldap.conf |
| 42 |
|
| 43 |
BASE dc=embedded,o=Embedded,c=BR |
| 44 |
URI ldaps://myhost.mydomain.com |
| 45 |
TLS_REQCERT allow |
| 46 |
PORT 636 |
| 47 |
|
| 48 |
/etc/ldap.conf |
| 49 |
|
| 50 |
host myhost.mydomain.com |
| 51 |
base o=Embedded,c=BR |
| 52 |
uri ldaps://myhost.mydomain.com/ |
| 53 |
binddn cn=Manager,o=Embedded,c=BR |
| 54 |
rootbinddn cn=Manager,o=Embedded,c=BR |
| 55 |
port 636 |
| 56 |
pam_filter objectclass=account |
| 57 |
pam_login_attribute uid |
| 58 |
pam_password md5 |
| 59 |
debug 256 |
| 60 |
logdir /var/log/nss_ldap |
| 61 |
nss_base_passwd ou=People,o=Embedded,c=BR |
| 62 |
nss_base_shadow ou=People,o=Embedded,c=BR |
| 63 |
nss_base_group ou=Group,o=Embedded,c=BR |
| 64 |
ssl start_tls |
| 65 |
tls_checkpeer yes |
| 66 |
tls_cacertfile /etc/ssl/ldap.pem |
| 67 |
tls_cacertdir /etc/ssl |
| 68 |
|
| 69 |
In which format should I enter the secret password in /etc/ldap.secret |
| 70 |
file? I'm putting something like: |
| 71 |
|
| 72 |
{MD5}md5-hash-here |
| 73 |
|
| 74 |
Is it correct? |
| 75 |
|
| 76 |
I also made proper chances in /etc/nsswitch.conf and /etc/pam.d/system-auth |
| 77 |
|
| 78 |
Does someone can help me. Any pointer/suggestion will be greatufully accepted. |
| 79 |
|
| 80 |
Thank you, |
| 81 |
|
| 82 |
Leandro. |
| 83 |
|
| 84 |
|
| 85 |
-- |
| 86 |
Leandro Melo de Sales. |
| 87 |
Computer Science Student |
| 88 |
Laboratório de Sistemas Distribuídos - www.lsd.ufcg.edu.br |
| 89 |
Laboratório de Sistemas Embarcados e Computação Pervasiva - |
| 90 |
www.embeddedacademy.org |
| 91 |
Universidade Federal de Campina Grande - UFCG |
| 92 |
Campina Grande - PB - Brasil |
| 93 |
|
| 94 |
-- |
| 95 |
gentoo-user@g.o mailing list |
Archives