Mailinglist Archive: opensuse (4570 mails)
| < Previous | Next > |
Re: [SLE] Openldap and user authentication
- From: "Mark A. Taff" <marktaff@xxxxxxxxxxx>
- Date: Fri, 18 Nov 2005 02:16:47 +0000 (UTC)
- Message-id: <200511171716.45545.marktaff@xxxxxxxxxxx>
On Thursday 17 November 2005 16:58, Joachim Schrod wrote:
> Mark A. Taff wrote:
> > On Thursday 17 November 2005 06:47, Joachim Schrod wrote:
> >> Jonathan Vargas wrote:
> >> > is there a brief turorial, guide or something to correctly setup an
> >> > openldap directory service to authenticate users, and using pam ?
> >>
> >> I found
> >> http://enterprise.linux.com/enterprise/05/09/15/1930256.shtml?tid=129
> >> quite good.
> >
> > That is one of the tutorials I tried, but it didn't work. Building the
> > ldap directory is _relatively_ easy, it is getting the clients to
> > authenticate is nigh impossible, at least in my case.
>
> I have to admit that I didn't try it on a SUSE, but on a Debian system --
> but the distribution differences should be significant in that case, should
> they?
There are some differences, but I think I compensated appropriately.
>
> You have pam_ldap installed?
> You configured nsswitch.conf and pam.d/common-* to use it?
I have tried multiple variations on editing nsswitch.conf and the
pam.d/common-* files. I've tried using both Yast and Luma. They both seem
to add/edit/delete users groups in the LDAP database. When I add a new user,
it will even create a new /home/$user for them. Yet I can't even su to the
new user. `getent passwd` doesn't show any of the LDAP users. The most I
can get is a extra line at the end of the `getent passwd` like "+::0:):::"
>
> Or, completely different, did you try out LDAP Client Configuration in
> yast? It's supposed to enabling user authentication via OpenLDAP. -- At
> least, that what's the help file says; I have not used it (yet).
>
> Keep us posted on your progress, if you have any.
If I get this figured out, I will write a nice howto.
>
> Joachim
>
> --
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Joachim Schrod Email: jschrod@xxxxxxx
> Roedermark, Germany
> Mark A. Taff wrote:
> > On Thursday 17 November 2005 06:47, Joachim Schrod wrote:
> >> Jonathan Vargas wrote:
> >> > is there a brief turorial, guide or something to correctly setup an
> >> > openldap directory service to authenticate users, and using pam ?
> >>
> >> I found
> >> http://enterprise.linux.com/enterprise/05/09/15/1930256.shtml?tid=129
> >> quite good.
> >
> > That is one of the tutorials I tried, but it didn't work. Building the
> > ldap directory is _relatively_ easy, it is getting the clients to
> > authenticate is nigh impossible, at least in my case.
>
> I have to admit that I didn't try it on a SUSE, but on a Debian system --
> but the distribution differences should be significant in that case, should
> they?
There are some differences, but I think I compensated appropriately.
>
> You have pam_ldap installed?
> You configured nsswitch.conf and pam.d/common-* to use it?
I have tried multiple variations on editing nsswitch.conf and the
pam.d/common-* files. I've tried using both Yast and Luma. They both seem
to add/edit/delete users groups in the LDAP database. When I add a new user,
it will even create a new /home/$user for them. Yet I can't even su to the
new user. `getent passwd` doesn't show any of the LDAP users. The most I
can get is a extra line at the end of the `getent passwd` like "+::0:):::"
>
> Or, completely different, did you try out LDAP Client Configuration in
> yast? It's supposed to enabling user authentication via OpenLDAP. -- At
> least, that what's the help file says; I have not used it (yet).
>
> Keep us posted on your progress, if you have any.
If I get this figured out, I will write a nice howto.
>
> Joachim
>
> --
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Joachim Schrod Email: jschrod@xxxxxxx
> Roedermark, Germany
| < Previous | Next > |