Hi everyone,
(special mention: Orly Andico)
I'm attempting to set up a centralized authentication system with OpenLDAP
on the server's side and pam_ldap + libnss_ldap + nscd on the clients. I'm
having quite a tough time (as usual, with things that are new to me). Here
are what I've done:
o I have slapd up and running, albeit an error I can't seem to figure out
(shows up in the logs):
Sep 5 22:33:54 gusi slapd[23746]: daemon: socket() failed errno=97 (Address family
not supported by protocol)
o Using the MigrationTools-39 scripts (in particular a modified
migrate_passwd.pl which I changed so that {crypt} -> {MD5} since I use MD5
passwords), I create a passwd.ldif file that I successfully (at last!)
added to my ldap database.
o I'm already able to view the entries using ud-ldap (I'm a real newbie
so this helps). I'm able to bind as root, using the root password.
However, I am not able to bind as anyone else! I tried binding to uid=jijo
using my password but to no avail.
o I used slapcat to extract my LDAP data onto an LDIF file and noticed
that the userPassword entries are significantly different from the
original ones. Maybe they were converted from {MD5} to something else?
For example, an original entry that's not supposed to login has "{MD5}*",
but when dumped using slapcat becomes "e01ENX0q". Huh?
o Trying to find some clues in the slapd.conf manpage, I found out about
password-hash, so I put this in my slapd.conf: "password-hash {MD5}",
albeit _after_ adding the stuff from the original ldif.
On the client side I have one developmental box with pam_ldap +
libnss_ldap + nscd installed. I haven't configured libnss_ldap but
pam_ldap won't work. It spits out the following in the logs:
Sep 5 22:09:45 spolario login[256]: pam_ldap: error trying to bind as user
"uid=jijo,ou=People,dc=leathercollection,dc=ph" (Invalid credentials)
Sep 5 22:09:48 spolario login[256]: FAILED LOGIN (1) on `vc/4' FOR `jijo',
Authentication failure
I presume this has something to do with my problem binding to a user from
ud-ldap (that I run on the server).
I know I'm doing something wrong but I'm so lost I can't figure out much.
I'll put this to sleep and go home and sleep. Hopefully someone will have
mercy and help show me the light.
Aside from the following readings, anything else to be recommended for
such neophytes as I?
o OpenLDAP administrator's guide
o LDAP HOWTO
o LDAP Implementation HOWTO
Thanks in advance.
--> Jijo
--
Federico Sevilla III :: [EMAIL PROTECTED]
Network Administrator :: The Leather Collection, Inc.
GnuPG Key: <http://jijo.leathercollection.ph/jijo.gpg>
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
