1 |
Hi, |
2 |
|
3 |
I'm trying to setup a environment where I want my users for main |
4 |
services, such as sshd, samba and so on to auth on a LDAP server. |
5 |
I installed pam_ldap and I have my LDAP up. After following some |
6 |
guides, I have a problem which I don't know how to solve. When I type |
7 |
on shell: |
8 |
|
9 |
# getent passwd |
10 |
{the content of /etc/passwd file} |
11 |
after this... |
12 |
request done: ld 0x51cda0 msgid 1 |
13 |
request done: ld 0x5445e0 msgid 1 |
14 |
request done: ld 0x5445e0 msgid 1 |
15 |
request done: ld 0x5445e0 msgid 1 |
16 |
request done: ld 0x5445e0 msgid 1 |
17 |
request done: ld 0x5445e0 msgid 1 |
18 |
request done: ld 0x5445e0 msgid 1 |
19 |
|
20 |
When I check the syslogd file I can see: |
21 |
|
22 |
Jun 22 03:17:02 embedded slapd[23890]: conn=22 fd=12 ACCEPT from |
23 |
IP=150.165.63.1:57920 (IP=0.0.0.0:636) |
24 |
Jun 22 03:17:02 embedded slapd[23890]: conn=22 fd=12 TLS established |
25 |
tls_ssf=256 ssf=256 |
26 |
Jun 22 03:17:02 embedded slapd[23890]: conn=22 op=0 STARTTLS |
27 |
Jun 22 03:17:02 embedded slapd[23890]: conn=22 op=0 RESULT oid= err=1 |
28 |
text=TLS already started |
29 |
Jun 22 03:17:02 embedded getent: nss_ldap: reconnecting to LDAP server |
30 |
(sleeping 8 seconds)... |
31 |
Jun 22 03:17:02 embedded slapd[23890]: conn=22 op=1 UNBIND |
32 |
Jun 22 03:17:02 embedded slapd[23890]: conn=22 fd=12 closed |
33 |
Jun 22 03:17:02 embedded slapd[23890]: connection_read(12): no connection! |
34 |
|
35 |
I'm using TLS and everything seems to works fine by using |
36 |
phpldapadmin, lam and ldap command line, such as ldapsearch, |
37 |
ldapadd, when I use -x option, in this last case. |
38 |
|
39 |
Well, here are the main configuration: |
40 |
|
41 |
/etc/openldap/ldap.conf |
42 |
|
43 |
BASE dc=embedded,o=Embedded,c=BR |
44 |
URI ldaps://myhost.mydomain.com |
45 |
TLS_REQCERT allow |
46 |
PORT 636 |
47 |
|
48 |
/etc/ldap.conf |
49 |
|
50 |
host myhost.mydomain.com |
51 |
base o=Embedded,c=BR |
52 |
uri ldaps://myhost.mydomain.com/ |
53 |
binddn cn=Manager,o=Embedded,c=BR |
54 |
rootbinddn cn=Manager,o=Embedded,c=BR |
55 |
port 636 |
56 |
pam_filter objectclass=account |
57 |
pam_login_attribute uid |
58 |
pam_password md5 |
59 |
debug 256 |
60 |
logdir /var/log/nss_ldap |
61 |
nss_base_passwd ou=People,o=Embedded,c=BR |
62 |
nss_base_shadow ou=People,o=Embedded,c=BR |
63 |
nss_base_group ou=Group,o=Embedded,c=BR |
64 |
ssl start_tls |
65 |
tls_checkpeer yes |
66 |
tls_cacertfile /etc/ssl/ldap.pem |
67 |
tls_cacertdir /etc/ssl |
68 |
|
69 |
In which format should I enter the secret password in /etc/ldap.secret |
70 |
file? I'm putting something like: |
71 |
|
72 |
{MD5}md5-hash-here |
73 |
|
74 |
Is it correct? |
75 |
|
76 |
I also made proper chances in /etc/nsswitch.conf and /etc/pam.d/system-auth |
77 |
|
78 |
Does someone can help me. Any pointer/suggestion will be greatufully accepted. |
79 |
|
80 |
Thank you, |
81 |
|
82 |
Leandro. |
83 |
|
84 |
|
85 |
-- |
86 |
Leandro Melo de Sales. |
87 |
Computer Science Student |
88 |
Laboratório de Sistemas Distribuídos - www.lsd.ufcg.edu.br |
89 |
Laboratório de Sistemas Embarcados e Computação Pervasiva - |
90 |
www.embeddedacademy.org |
91 |
Universidade Federal de Campina Grande - UFCG |
92 |
Campina Grande - PB - Brasil |
93 |
|
94 |
-- |
95 |
gentoo-user@g.o mailing list |