| View previous topic :: View next topic |
| Author |
Message |
luchoh
n00b
Joined: 17 Dec 2006
Posts: 3
|
 Posted: Mon Dec 18, 2006 12:13 am Post subject: LDAP + Samba -> Works fine , LDAP + SSH -> No go |
 |
|
Hi,
I successfully followed the http://gentoo-wiki.com/HOWTO_LDAP_SAMBA_PDC. I can happily connect from my Windows boxes to the Samba server (which in my case is a PPC Kuro Box - kernel 2.6.17).
However, I cannot authenticate shell logins via LDAP - the log reads:
| Code: | | [sshd] pam_ldap: ldap_simple_bind Can't contact LDAP server. |
ldapsearch gives me:
| Code: | | ldap_sasl_interactive_bind_s: No such object (32) |
while ldapsearch -x works just fine.
I spent almost a week trying to solve it myself, tried all possible configurations I could get my hands on (Kerberos as well, because initially the errors pertained to GSSAPI)... The error seem to be that the SSH cannot contact the LDAP server. I guess it is something really simple, or I just had the luck to bump to an unsupported platform (Kuro + PPC). I am planning on testing the same configuration on a normal x86... though my setup is such that I'd like to be able to move the PDC around, and the Kuro fits the bill so nicely...
Any suggestions will be greatly appreciated.
Thanks in advance.
Appendix:
/etc/ldap.conf
| Code: |
base dc=example,dc=com
uri ldap://ldap.example.com/
uri ldaps://ldap.example.com/
uri ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock/
ldap_version 3
rootbinddn cn=root,dc=example,dc=com
bind_timelimit 10
bind_policy soft
pam_filter objectclass=posixAccount
pam_password exop
nss_base_passwd ou=Users,dc=example,dc=com?one
nss_base_shadow ou=Users,dc=example,dc=com?one
nss_base_group ou=Groups,dc=example,dc=com?one
nss_base_hosts ou=Hosts,dc=example,dc=com?one
nss_base_services ou=Services,dc=example,dc=com?one
nss_base_networks ou=Networks,dc=example,dc=com?one
nss_base_protocols ou=Protocols,dc=example,dc=com?one
nss_base_rpc ou=Rpc,dc=example,dc=com?one
nss_base_ethers ou=Ethers,dc=example,dc=com?one
nss_base_netmasks ou=Networks,dc=example,dc=com?one
nss_base_bootparams ou=Ethers,dc=example,dc=com?one
nss_base_aliases ou=Aliases,dc=example,dc=com?one
nss_base_netgroup ou=Netgroup,dc=example,dc=com?one
nss_reconnect_tries 4
nss_reconnect_sleeptime 1
nss_reconnect_maxsleeptime 16
nss_reconnect_maxconntries 2
ssl off
ssl no
debug 256
logdir /var/log/nss_ldap
|
/etc/openldap/slapd.conf
| Code: |
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
access to dn.base=""
by self write
by * auth
access to attr=userPassword
by self write
by * auth
access to attr=shadowLastChange
by self write
by * read
access to *
by * read
by anonymous auth
#######################################################################
# BDB database definitions
#######################################################################
database ldbm
#database bdb
suffix "dc=example,dc=com"
rootdn "cn=root,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {MD5}<my secret password>
checkpoint 32 30
directory /var/lib/openldap-data
#directory /var/lib/openldap-bdb
# Indices to maintain
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
loglevel 256
#sasl-regexp uid=(.*),cn=eu,cn=DIGEST-MD5,cn=auth uid=$1,ou=Users,o=iWizards
#sasl-host ldap.example.com
#sasl-realm EXAMPLE.COM
#sasl-secprops noanonymous,noplain,noactive
#saslRegexp uid=([./]*),cn=GSSAPI,cn=auth uid=$1,ou=Users,dc=example,dc=com
|
/etc/nsswitch.conf
| Code: |
# /etc/nsswitch.conf:
# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/nsswitch.conf,v 1.1 2005/05/17 00:52:41 vapier Exp $
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns
networks: files dns
services: db files
protocols: db files
rpc: ldap [NOTFOUND=return] db files
ethers: ldap [NOTFOUND=return] db files
netmasks: files
netgroup: ldap [NOTFOUND=return] files
bootparams: files
automount: files
aliases: files
|
/etc/pam.d/system-auth
| Code: |
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account sufficient pam_ldap.so
account required pam_unix.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password sufficient pam_unix.so nullok md5 shadow use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session required pam_limits.so
session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=077
session optional pam_ldap.so
|
|
|
| Back to top |
|
 |
cazze
Apprentice
Joined: 26 Mar 2003
Posts: 155
Location: Brussels - Belgium
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
