Dear fellows, I've just upgraded a working SuSE 7.3 to a 8.2 (I've reformated the HD, installed 8.2 from scratch and started configuring). My OpenLDAP is working fine (including TLS, replica, etc) and I can perform a successful "ldapsearch -x 'uid=edgar'" anytime but if I try a 'getent passwd edgar' it returns nothing. I've double-checked /etc/openldap/ldap.conf, /etc/openldap/slapd.conf, /etc/nsswitch and /etc/pam.d/*, I've also tried to use lines like "auth required pam_unix2.so" (seems new to SuSE8.2) or "auth required pam_ldap.so" (the lines I was using in SuSE 7.3) for some services without success: #%PAM-1.0 auth required pam_unix2.so account required pam_unix2.so #password required pam_pwcheck.so nullok #password required pam_unix2.so nullok use_first_pass use_authtok session required pam_unix2.so OR #%PAM-1.0 auth required pam_ldap.so account required pam_ldap.so #password required pam_pwcheck.so nullok #password required pam_unix2.so nullok use_first_pass use_authtok session required pam_ldap.so It's clear to me that there are more conf files involved in SuSE 8.2 than: /etc/openldap/*, /etc/nsswitch and /etc/pam.d/* but I don't have a clue which files. I've followed SuSE 8.2 docs and edited /etc/security/pam_unix2.conf like sugested in "To use the pam_ldap module, you need to do the following: If you use the default SuSE Linux PAM configuration, you only need to edit /etc/security/pam_unix2.conf and add the "use_ldap" option for account, auth and password management. If you configure LDAP with YaST2, YaST2 will do this for you. Else edit all the /etc/pam.d configurations file to use the pam_ldap module. Look in /usr/share/doc/packages/pam_ldap for examples." I've tried both methods above without sucess (the first seems to be system wide and the second, service specific). I've also tried to use YAST-LDAP-client-configurator and it worked just fine till the next reestart!!! - I've tried YAST again after the first reestart but it didn't work anymore. Could anyone point me some SuSE 8.2 especific documentations (other than /usr/share/doc) and/or all the file names (and their locations) involved. Thanks in advance, José Carlos Stevenson.
Hi Jose, That your 'ldapsearch -x' works suggests that /etc/openldap/ldap.conf is ok, so take a look in /etc/nsswitch.conf and make sure that you have a 'passwd: files ldap' and a 'group: files ldap' entry. If so , take a look and make sure that you have nss_ldap installed. I'm using suse 8.1: home/dative> rpm -qa | grep ldap nss_ldap-199-50 openldap2-client-2.1.4-70 yast2-ldap-client-2.6.5-112 pam_ldap-150-76 home/dative> On Friday 05 September 2003 04:26 pm, José Carlos Stevenson wrote:
Dear fellows,
I've just upgraded a working SuSE 7.3 to a 8.2 (I've reformated the HD, installed 8.2 from scratch and started configuring). My OpenLDAP is working fine (including TLS, replica, etc) and I can perform a successful "ldapsearch -x 'uid=edgar'" anytime but if I try a 'getent passwd edgar' it returns nothing. I've double-checked /etc/openldap/ldap.conf, /etc/openldap/slapd.conf, /etc/nsswitch and /etc/pam.d/*, I've also tried to use lines like "auth required pam_unix2.so" (seems new to SuSE8.2) or "auth required pam_ldap.so" (the lines I was using in SuSE 7.3) for some services without success: #%PAM-1.0 auth required pam_unix2.so account required pam_unix2.so #password required pam_pwcheck.so nullok #password required pam_unix2.so nullok use_first_pass use_authtok session required pam_unix2.so
OR #%PAM-1.0 auth required pam_ldap.so account required pam_ldap.so #password required pam_pwcheck.so nullok #password required pam_unix2.so nullok use_first_pass use_authtok session required pam_ldap.so
It's clear to me that there are more conf files involved in SuSE 8.2 than: /etc/openldap/*, /etc/nsswitch and /etc/pam.d/* but I don't have a clue which files. I've followed SuSE 8.2 docs and edited /etc/security/pam_unix2.conf like sugested in "To use the pam_ldap module, you need to do the following:
If you use the default SuSE Linux PAM configuration, you only need to edit /etc/security/pam_unix2.conf and add the "use_ldap" option for account, auth and password management. If you configure LDAP with YaST2, YaST2 will do this for you.
Else edit all the /etc/pam.d configurations file to use the pam_ldap module. Look in /usr/share/doc/packages/pam_ldap for examples."
I've tried both methods above without sucess (the first seems to be system wide and the second, service specific). I've also tried to use YAST-LDAP-client-configurator and it worked just fine till the next reestart!!! - I've tried YAST again after the first reestart but it didn't work anymore.
Could anyone point me some SuSE 8.2 especific documentations (other than /usr/share/doc) and/or all the file names (and their locations) involved.
Thanks in advance, José Carlos Stevenson.
Hi Benjamin, I have nss_ldap installed and my /etc/nsswitch.conf seems to be OK: passwd: compat ldap group: compat ldap OR (I've tried both) passwd: files ldap group: files ldap And here is my /etc/security/pam_unix2.conf: auth: use_ldap nullok account: use_ldap password: use_ldap nullok session: none I've also found a "strange" file: "/etc/cpu.cfg" that seems to have something to do with ldap but you can change it with no aparent efects: # LDAP Configuration ldap_host::127.0.0.1 ldap_port::389 bind_dn::cn=Manager,dc=example,dc=com bind_pass::secret base_dn::dc=example,dc=com user_base::ou=People,dc=example,dc=com group_base::ou=Group,dc=example,dc=com user_filter::objectclass=account user_object_class::account,posixAccount,top,shadowAccount,inetOrgPerson group_object_class::posixGroup,top ldap_version::2 Anyone knows what can I try? More files involved? More documentation? /etc/sysconfig/saslauthd is involved (bellow)? SASLAUTHD_AUTHMECH=pam Thanks anyway Benjamin, Best regards for all, José Carlos Stevenson. Benjamin P Myers wrote:
Hi Jose,
That your 'ldapsearch -x' works suggests that /etc/openldap/ldap.conf is ok, so take a look in /etc/nsswitch.conf and make sure that you have a 'passwd: files ldap' and a 'group: files ldap' entry. If so , take a look and make sure that you have nss_ldap installed. I'm using suse 8.1:
home/dative> rpm -qa | grep ldap nss_ldap-199-50 openldap2-client-2.1.4-70 yast2-ldap-client-2.6.5-112 pam_ldap-150-76 home/dative>
On Friday 05 September 2003 04:26 pm, José Carlos Stevenson wrote:
Dear fellows,
I've just upgraded a working SuSE 7.3 to a 8.2 (I've reformated the HD, installed 8.2 from scratch and started configuring). My OpenLDAP is working fine (including TLS, replica, etc) and I can perform a successful "ldapsearch -x 'uid=edgar'" anytime but if I try a 'getent passwd edgar' it returns nothing. I've double-checked /etc/openldap/ldap.conf, /etc/openldap/slapd.conf, /etc/nsswitch and /etc/pam.d/*, I've also tried to use lines like "auth required pam_unix2.so" (seems new to SuSE8.2) or "auth required pam_ldap.so" (the lines I was using in SuSE 7.3) for some services without success: #%PAM-1.0 auth required pam_unix2.so account required pam_unix2.so #password required pam_pwcheck.so nullok #password required pam_unix2.so nullok use_first_pass use_authtok session required pam_unix2.so
OR #%PAM-1.0 auth required pam_ldap.so account required pam_ldap.so #password required pam_pwcheck.so nullok #password required pam_unix2.so nullok use_first_pass use_authtok session required pam_ldap.so
It's clear to me that there are more conf files involved in SuSE 8.2 than: /etc/openldap/*, /etc/nsswitch and /etc/pam.d/* but I don't have a clue which files. I've followed SuSE 8.2 docs and edited /etc/security/pam_unix2.conf like sugested in "To use the pam_ldap module, you need to do the following:
If you use the default SuSE Linux PAM configuration, you only need to edit /etc/security/pam_unix2.conf and add the "use_ldap" option for account, auth and password management. If you configure LDAP with YaST2, YaST2 will do this for you.
Else edit all the /etc/pam.d configurations file to use the pam_ldap module. Look in /usr/share/doc/packages/pam_ldap for examples."
I've tried both methods above without sucess (the first seems to be system wide and the second, service specific). I've also tried to use YAST-LDAP-client-configurator and it worked just fine till the next reestart!!! - I've tried YAST again after the first reestart but it didn't work anymore.
Could anyone point me some SuSE 8.2 especific documentations (other than /usr/share/doc) and/or all the file names (and their locations) involved.
Thanks in advance, José Carlos Stevenson.
On Monday 08 September 2003 11:20 am, José Carlos Stevenson wrote:
I have nss_ldap installed and my /etc/nsswitch.conf seems to be OK: passwd: compat ldap group: compat ldap OR (I've tried both) passwd: files ldap group: files ldap
sounds good. did you make sure you have nss_ldap installed?
And here is my /etc/security/pam_unix2.conf: auth: use_ldap nullok account: use_ldap password: use_ldap nullok session: none
i'm not using this file in my configuration. i think you should get 'getent passwd <user>' working before you worry about pam.
I've also found a "strange" file: "/etc/cpu.cfg" that seems to have something to do with ldap but you can change it with no aparent efects: # LDAP Configuration ldap_host::127.0.0.1 ldap_port::389 bind_dn::cn=Manager,dc=example,dc=com bind_pass::secret base_dn::dc=example,dc=com user_base::ou=People,dc=example,dc=com group_base::ou=Group,dc=example,dc=com user_filter::objectclass=account user_object_class::account,posixAccount,top,shadowAccount,inetOrgPerson group_object_class::posixGroup,top ldap_version::2
again. no idea. i do not have this file.
Anyone knows what can I try? More files involved? More documentation? /etc/sysconfig/saslauthd is involved (bellow)? SASLAUTHD_AUTHMECH=pam
there's some documentation at: http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/LDAP-H...
participants (2)
-
Benjamin P Myers -
José Carlos Stevenson