>require ldap-user "greg.machin"
Pretty sure that needs to be a DN... Do you actually have sAMAccountName
Names written as x.x? Strange...
When I visit the site I get the expected login prompt, authentication
fails with my own account.
>root@nzhmlwks0091:~# ldapsearch -h 192.168.32.2 -p 389 -D
>
Hi.
Please advise if you can.
I'm trying to configure apache to authenticate to MS AD server 2008R2,
using LDAP.
I have created a user in AD that is member of "Users" and nothing
else. I can log into my workstation using this user with the password
I set.
My Apache configuration as follows :
#
relevant path is the one built into sshd at compile time,
> and reported in /etc/ssh/sshd_config, right?[1] That's just
> /usr/local/bin:/bin:/usr/bin.
>
> I took at shot at "ps faux" to see if I could find any child processes
> invoked by sshd to test the ldap authenti
onf
> /etc/ldap.conf
> /etc/ssh/ssh_config
> /etc/ssh/sshd_config
> /etc/auto.master and subsidiary files
>
> The only two hosts where LDAP authentication fails are the two Oracle
> servers. All are running on the same RHEL 5.4.
>
> Anyone seen anything like this, before
Good Morning!
Take 30 hosts, all with identical
/etc/nsswitch.conf
/etc/ldap.conf
/etc/ssh/ssh_config
/etc/ssh/sshd_config
/etc/auto.master and subsidiary files
The only two hosts where LDAP authentication fails are the two Oracle
servers. All are running on the same RHEL 5.4.
Anyone seen
I want authentication against local openldap server. After several
unsuccessful attempts configure sssd I uninstall sssd-* stuff and
configure things with pam_ldap/nss_ldap (fortunately when not
installed sssd, then system-config-authentication seems configure
/etc/pam.d/* files correctly).
But my
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/17/2011 11:04 AM, Tim wrote:
> On Mon, 2011-01-17 at 09:51 -0500, Stephen Gallagher wrote:
>> One change from older versions of Fedora is that, with SSSD, you
>> cannot use authentication against LDAP without encryption. This is
>> because the si
On Mon, 2011-01-17 at 09:51 -0500, Stephen Gallagher wrote:
> One change from older versions of Fedora is that, with SSSD, you
> cannot use authentication against LDAP without encryption. This is
> because the simple bind password would otherwise be sent in the clear
> over the wire. Older versions
see below sssd.conf file, which works for the installation here.
[root@myws ~]# cat /etc/sssd/sssd.conf
[sssd]
config_file_version = 2
# Number of times services should attempt to reconnect in the
# event of a crash or restart before they give up
reconnection_retries = 3
# if a backend is partic
> Has someone a good and pretty HOWTO to explain how to do this ?
That's concerning. System-config-auth saw a major overhaul in F13 to
support SSSD for LDAP authentication. What did you try to do, and how
did it fail?
As for a HOWTO, the answer should be:
Run authconfig-gtk (aka system-c
Hi,
I want to use openLDAP to authenticate users to log-in.
In the previous versions of Fedora, I just use system-config-auth but it
doesn't seem to work in F14.
Has someone a good and pretty HOWTO to explain how to do this ?
BR
Luc
--
users mailing list
users@lists.fedoraproject.org
To unsu
ftp-server
Date: Tue, 16 Nov 2010 10:15:22 -0800
From: patrick.mor...@hp.com
To: 389-us...@lists.fedoraproject.org
Subject: Re: [389-users] SSH AllowGroups and LDAP authentication
On 11/15/2010 10:00 AM, Allan Hougham wrote:
Hi,
I need autenticate LDAPs Groups, but I can´t
Anybody can wo
On 11/15/2010 10:00 AM, Allan Hougham wrote:
Hi,
I need autenticate LDAPs Groups, but I can´t
Anybody can working with this feature? or mapping users with groups
and later configuring the LDAP Client?
What are the steps for setting LDAP Clients with LDAP Groups?
Did you see my last reply on
...@lists.fedoraproject.org
Date: Tue, 9 Nov 2010 13:36:21 +
Subject: Re: [389-users] SSH AllowGroups and LDAP authentication
Hi Patrick,
What does "groups ahougham" show on that box? Is that user in an allowed group?
ahougham is a user in "Search" group
I need ano
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/10/2010 03:08 PM, Rick Stevens wrote:
> On 11/10/2010 11:14 AM, Stephen Gallagher wrote:
> On 11/10/2010 10:18 AM, Bernd Nies wrote:
Hi Stephen,
Here's the log output of the various sssd logfiles.
> ...
(Wed Nov
On 11/10/2010 11:14 AM, Stephen Gallagher wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 11/10/2010 10:18 AM, Bernd Nies wrote:
>>
>>
>>
>> Hi Stephen,
>>
>> Here's the log output of the various sssd logfiles.
> ...
>> (Wed Nov 10 16:46:03 2010) [sssd[be[LDAP]]] [simple_bind_done]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/10/2010 10:18 AM, Bernd Nies wrote:
>
>
>
> Hi Stephen,
>
> Here's the log output of the various sssd logfiles.
...
> (Wed Nov 10 16:46:03 2010) [sssd[be[LDAP]]] [simple_bind_done] (3): Bind
> result: Invalid credentials(49), (null)
This me
Hi Stephen,
Here's the log output of the various sssd logfiles.
[r...@fedoraclient ~]# getent passwd bernd
bernd:*:3031:102:Bernd Nies:/home/bernd:/bin/bash
[r...@fedoraclient ~]# ldapsearch -LLL -x -h ldap.example.com -b
ou=people,dc=example,dc=com uid=bernd
dn: uid=bernd,ou=people,dc=example,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/10/2010 07:15 AM, Bernd Nies wrote:
> Hi Stephen,
>
> Thanks for your reply. I tried to configure it with
> system-config-authentication (the same as authconfig-gtk) before but
> that tool did not generate a useable output. I adjusted sssd.conf
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/10/2010 07:40 AM, fedora wrote:
> Hi
>
> The following sssd.conf and pam.d/gdm and pam.d/gdm-password work here
> on fedora 13.
> With quite a bit of debuggind i found out that for sssd you have to
> specify all bases in the sssd.conf.
> i hav
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/10/2010 02:44 AM, Bernd Nies wrote:
> Hi,
>
> I'm trying to get the GDM login manager to work with sssd and LDAP
> authentication. So far one can login with ssh, getent passwd shows all
> LDAP users and su - also
Hi Stephen,
Thanks for your reply. I tried to configure it with
system-config-authentication (the same as authconfig-gtk) before but that
tool did not generate a useable output. I adjusted sssd.conf manually
afterwards and got "getent passwd" and ssh login to work. The two pam files
you mentioned
Hi
The following sssd.conf and pam.d/gdm and pam.d/gdm-password work here
on fedora 13.
With quite a bit of debuggind i found out that for sssd you have to
specify all bases in the sssd.conf.
i have not been able to make sssd run with TLS.
[r...@myws ~]# cat /etc/sssd/sssd.conf
[sssd]
config_f
Hi,
I'm trying to get the GDM login manager to work with sssd and LDAP
authentication. So far one can login with ssh, getent passwd shows all LDAP
users and su - also works. But GDM says "Authentication failure". I searched
Google for this but did not found something useful or just
0 10:43:15 -0800
From: patrick.mor...@hp.com
To: 389-us...@lists.fedoraproject.org
Subject: Re: [389-users] SSH AllowGroups and LDAP authentication
On 11/8/2010 8:56 AM, Allan Hougham wrote:
I need help with this issue, I setting sshd_config with
"AllowGroups" but I can´t authenticate wi
On 11/8/2010 8:56 AM, Allan Hougham wrote:
I need help with this issue, I setting sshd_config with "AllowGroups"
but I can´t authenticate with LDAP, the groups are settings up, this
is my configuration:
Do you have any tutorial or guide for setting ssh authentication
groups with LDAP?
This is
Hi,
I use an OpenLDAP to authenticate linux users.
All seems to work fine.
But after several days, the users have to change their passwords
(password expired). And even they can change it, the message is still
the same (you have to change your password).
THe only way to permit them to login is
Hi Sean!
On Fri, 12 Feb 2010, Sean Carolan wrote:
> > I have UsePAM turned on, and getent group shows me in the "operations"
> > group. I wonder why sshd is not seeing that I'm in the operations
> > group?
>
> Ok, never mind. On this particular server there was one entry in
> /etc/group with m
> If you're going to start mixing local and LDAP stuff that way, you're
> going to run into some fun-to-debug strangeness if you're not careful
> about them all being identical.
Thanks again for your help, I have this working now. I had a comma in
my AllowGroups line instead of a space.
We're sl
> I have UsePAM turned on, and getent group shows me in the "operations"
> group. I wonder why sshd is not seeing that I'm in the operations
> group?
Ok, never mind. On this particular server there was one entry in
/etc/group with my username in it, that was somehow interfering. Once
I removed
Hi Sean!
On Fri, 12 Feb 2010, Sean Carolan wrote:
> > Is "invalid user" all you're seeing in the log? Generally, at least with
> > OpenSSH, if the user is being denied because it's not in a valid group,
> > the logs will say so. They'll also generally tell you if it's because it
> > couldn't find
> For example, we might have a group called "db-ssh" that defines a user
> group allowed to access database servers. Then we just make sure DB
> hosts get "AllowGroups db-ssh" added to their SSH configs. Plopping a
> user into the db-ssh group in LDAP then gives that person access to all
> the bo
On 2/2/2010 1:38 PM, patrick.mor...@hp.com wrote:
> On Tue, 02 Feb 2010, Sean Carolan wrote:
>
>>> Incidentally, that may also answer your other question about how to
>>> disable local shadow file passwords.
>>
>> Any suggestions for migrating accounts from /etc/shadow into the LDAP
>> database? I
Hi Sean!
On Tue, 02 Feb 2010, Sean Carolan wrote:
> >> Any suggestions for migrating accounts from /etc/shadow into the LDAP
> >> database? I tried this LdapImport perl script but it threw a bunch of
> >> errors and ultimately failed:
> >
> > At the time I did the initial import here, I put toge
>> Any suggestions for migrating accounts from /etc/shadow into the LDAP
>> database? I tried this LdapImport perl script but it threw a bunch of
>> errors and ultimately failed:
>
> At the time I did the initial import here, I put together a really ugly
> shell script that used a few cuts, greps
On Tue, 02 Feb 2010, Sean Carolan wrote:
> > Incidentally, that may also answer your other question about how to
> > disable local shadow file passwords.
>
> Any suggestions for migrating accounts from /etc/shadow into the LDAP
> database? I tried this LdapImport perl script but it threw a bunch
> Incidentally, that may also answer your other question about how to
> disable local shadow file passwords.
Any suggestions for migrating accounts from /etc/shadow into the LDAP
database? I tried this LdapImport perl script but it threw a bunch of
errors and ultimately failed:
http://wiki.babel
> /etc/security/access is definitely an option, as would be putting them
> all in a group and using "AllowGroups [your group]" in the sshd_config,
> among other possibilities.
>
> Doing something group-based is typically pretty easy to manage.
Thanks for the info, the sshd_config file may be the w
> #2
> a.there is also a setting in /etc/ldap.conf called pam_groupdn. This
> lets you define an LDAP object with multiple membe attributes to
> control who can login. I find it easy to use
> b. SSH can be told to only accept logins from a posix group (same deal
> just handled at a different part o
On Tue, Feb 2, 2010 at 9:19 AM, Sean Carolan wrote:
> Wow, fast reply Muzzol!
>
>>> 2. If there are some users who only need access to a small number of
>>> servers, how would you handle that situation?
>> modify /etc/security/limits.conf to your needs
>
> What about /etc/security/access? Do you
Wow, fast reply Muzzol!
>> 2. If there are some users who only need access to a small number of
>> servers, how would you handle that situation?
> modify /etc/security/limits.conf to your needs
What about /etc/security/access? Do you think this is the best way to
accomplish this? Assume that I
41 matches
Mail list logo
