Hi everyone,
I just thought I'd update the list with the results I have so far.
First of all, I rebuilt one of the machines with RedHat Enterprise Linux 5.
This gave me login, but no autofs. Fortunately, I could change the defaults
in the autofs config file and make it work. So then I had fully working
LDAP login AND autofs. However, we don't use RHEL5 here, only 3 and 4. So
I rebuilt a different machine with straight, plain old vanilla RHEL4 update
5. During installation, I told it to use LDAP for authentication etc. Once
installed and rebooted, I could login AND use the autofs. I didn't even
have to change the usual settings (underscoretodot=0).
This afternoon, I have set up a similar machine with RHEL3 and once updating
the autofs rpm, it logs on and works fully.
So thanks to everyone who tried to help with this problem. I have no idea
what made it decide to work, but the thing seems to be that if I leave it
alone and only use the GUI to change the login/auth settings, it seems to
work.
Note that I haven't changed AMYthing on the LDAP server. The schemla is the
same and all permissoins are the same as when it didn't work.
This is the short version of events. I had spent a lot of time with it over
the last few days. I even had two logs of a query from the 'working' client
and the 'not working' client to see what was wrong.
If there is anyone on the list that has done this sort of thing before, let
me know. I'd love to hear your experiences of LDAP.
Thanks,
Phil.
----- Original Message -----
From: "Gavin Henry" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Friday, June 22, 2007 2:26 PM
Subject: Re: [Scottish] More LDAP woes
<quote who="Phillip Bennett">
Hi everyone,
I've finally got my LDAP directory set up and almost working! I can see
it
using two different LDAP browsers that I have installed, and I can use
ldapsearch from the command line with the '-x' option (Simple
Authentication). I can even use ldapsearch -x -D "<my username>" etc..
What gets me though, is that I can't run other commands on it like
'ldapwhoami', and I can't logon using LDAP either.. When I do, I get the
following message:
~]$ ldapwhoami
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
(80)
additional info: SASL(-13): user not found: no secret in database
You still need -x on ldapwhoami
I've been reading up on SASL for the past two days and have been directed
to
kerberos from a few pages. I now have a working kerberos KDC as well.
However, I was hoping not to have to do this, as it means setting up the
clients for kerberos as well.
So far, what I have is an LDAP database that works with autofs. However,
it
doesn't allow me to logon to workstations. When I do, I get the
following
error:
[EMAIL PROTECTED] ~]# su - phillip
id: cannot find name for group ID 2066
id: cannot find name for user ID 2066
[EMAIL PROTECTED] ~]$ ssh localhost
You don't exist, go away!
Now, I know what the 'go away' error is all about. What I don't know is
why
it happens.
My setup is as follows:
Redhat ES4 - all software at latest redhat versions
ldap 2.2.13
autofs 4.1.3-199.3
kernel 2.6.9-55
cyrus-sasl 2.1.19 (inc. md5, ntlm, sql, gssapi)
kerberos 1.3.4-47
Does anyone have any helpful information for getting these final bits
setup?
I have read in a few places that Redhat puts the SASL stuff in by default
and it can't be turned off. The same people usually say that it's best
to
recompile from source and leave the SASL support out. Would anyone agree
with that? I feel that I've come so far and I'm understanding so much
more,
but I am still just so far away from getting anything to actually WORK!
It's just so frustrating... On the plus side, I have now discovered
strace.
It has helped me fix a few errors these past few days. :)
Any help you can give is greatly appreciated!
Check your permissions on /etc/nsswitch.conf /etc/ldap.conf, that's
usually the prob with "getent passwd" and su
Thanks in advance,
Phil.
_______________________________________________
Scottish mailing list
[email protected]
https://mailman.lug.org.uk/mailman/listinfo/scottish
_______________________________________________
Scottish mailing list
[email protected]
https://mailman.lug.org.uk/mailman/listinfo/scottish
_______________________________________________
Scottish mailing list
[email protected]
https://mailman.lug.org.uk/mailman/listinfo/scottish
