[opensuse] nss_ldap: could not search LDAP server
Hi I used Yast LDAP Client to setup a LDAP connection The server is Samba 4 to which I have added rfc2307 attributes. (Have ldif, Will travel. If it would help.) The user can get Kerberos tickets and logon from a windows 7 client, but not from openSUSE: Dec 28 17:41:56 hh3 gnomesu-pam-backend: pam_systemd(gnomesu-pam:session): Failed to create session: Invalid argument Dec 28 17:42:57 hh3 gnomesu-pam-backend: pam_systemd(gnomesu-pam:session): Failed to create session: Invalid argument Dec 28 17:43:44 hh3 su: nss_ldap: could not search LDAP server - Server is unavailable Dec 28 17:49:04 hh3 polkitd(authority=local): nss_ldap: could not search LDAP server - Server is unavailable Dec 28 17:49:04 hh3 polkitd(authority=local): nss_ldap: could not search LDAP server - Server is unavailable Dec 28 17:49:04 hh3 polkitd(authority=local): nss_ldap: could not search LDAP server - Server is unavailable Dec 28 17:49:07 hh3 login[1114]: nss_ldap: could not search LDAP server - Server is unavailable Dec 28 17:49:07 hh3 login[1114]: nss_ldap: could not search LDAP server - Server is unavailable Dec 28 17:49:07 hh3 login[1114]: gkr-pam: error looking up user information Dec 28 17:49:07 hh3 login[1114]: nss_ldap: could not search LDAP server - Server is unavailable Dec 28 17:49:12 hh3 login[1114]: pam_ldap: ldap_search_s Operations error Dec 28 17:49:12 hh3 login[1114]: nss_ldap: could not search LDAP server - Server is unavailable Dec 28 17:49:12 hh3 login[1114]: FAILED LOGIN SESSION FROM /dev/tty1 FOR UNKNOWN, User not known to the underlying authentication module Dec 28 17:49:16 hh3 systemd[1]: getty@tty1.service holdoff time over, scheduling restart. /etc/ldap.conf base DC=hh3,DC=site bind_policy soft pam_lookup_policy yes pam_password crypt nss_initgroups_ignoreusers root,ldap nss_schema rfc2307bis nss_map_attribute uniqueMember member ssl no uri ldap://192.168.1.3 ldap_version 3 pam_filter objectClass=posixAccount tls_checkpeer no etc/nsswitch.conf passwd: compat group: files ldap hosts: files mdns4_minimal [NOTFOUND=return] dns networks: files dns services: files ldap protocols: files rpc: files ethers: files netmasks: files netgroup: files ldap publickey: files bootparams: files automount: files nis aliases: files ldap passwd_compat: ldap Anything obviously wrong? Thanks L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wednesday 28 Dec 2011 17:06:21 lynn wrote:
Hi I used Yast LDAP Client to setup a LDAP connection
The server is Samba 4 to which I have added rfc2307 attributes. (Have ldif, Will travel. If it would help.)
The user can get Kerberos tickets and logon from a windows 7 client, but not from openSUSE:
Dec 28 17:41:56 hh3 gnomesu-pam-backend: pam_systemd(gnomesu-pam:session): Failed to create session: Invalid argument Dec 28 17:42:57 hh3 gnomesu-pam-backend: pam_systemd(gnomesu-pam:session): Failed to create session: Invalid argument Dec 28 17:43:44 hh3 su: nss_ldap: could not search LDAP server - Server is unavailable
Have you tried setting up the ldap client in the yast module? Is your ldap using TLS and do you have the cert set up right for the client connection as I have had this problem before. You could try an ldapsearch on the command line with option -v to check you can connect -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/12/11 18:28, Andrew Colvin wrote:
On Wednesday 28 Dec 2011 17:06:21 lynn wrote:
Hi I used Yast LDAP Client to setup a LDAP connection
The server is Samba 4 to which I have added rfc2307 attributes. (Have ldif, Will travel. If it would help.)
The user can get Kerberos tickets and logon from a windows 7 client, but not from openSUSE:
Dec 28 17:41:56 hh3 gnomesu-pam-backend: pam_systemd(gnomesu-pam:session): Failed to create session: Invalid argument Dec 28 17:42:57 hh3 gnomesu-pam-backend: pam_systemd(gnomesu-pam:session): Failed to create session: Invalid argument Dec 28 17:43:44 hh3 su: nss_ldap: could not search LDAP server - Server is unavailable Have you tried setting up the ldap client in the yast module? Is your ldap using TLS and do you have the cert set up right for the client connection as I have had this problem before.
You could try an ldapsearch on the command line with option -v to check you can connect Hi Yes, I can connect using ldapsearch -v and using phpldapadmin
logging in from a terminal I get: Dec 28 20:32:38 hh3 worker_nscd: nss_ldap: could not search LDAP server - Server is unavailable I get the usual CN does not match FQDN for the tls stuff but it seems to connect without needing tls. Any ideas? Hanks L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wednesday 28 Dec 2011 19:35:18 lynn wrote:
worker_nscd: nss_ldap: could not search LDAP server
Hi Lynn It definately sounds like you are having SSL/TLS issues. Can I suggest you reconfigure without and get it working and then add the SSL/TLS functionality afterwards. In the yast ldap client configuration it is a simple check box. Have you tried configuring the ldap client with it. for samba you need to add the line ldap ssl=off (you may have it set to starttls) A -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/12/11 22:16, Andrew Colvin wrote:
On Wednesday 28 Dec 2011 19:35:18 lynn wrote:
worker_nscd: nss_ldap: could not search LDAP server
Hi Lynn
It definately sounds like you are having SSL/TLS issues. Can I suggest you reconfigure without and get it working and then add the SSL/TLS functionality afterwards.
In the yast ldap client configuration it is a simple check box. Have you tried configuring the ldap client with it.
for samba you need to add the line ldap ssl=off (you may have it set to starttls)
A It connects fine without tls. I can search the database using ldapsearch. I just can't login. Really stuck with this one! L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/28/2011 11:35 AM, lynn wrote:
On 28/12/11 18:28, Andrew Colvin wrote:
On Wednesday 28 Dec 2011 17:06:21 lynn wrote:
Hi I used Yast LDAP Client to setup a LDAP connection
The server is Samba 4 to which I have added rfc2307 attributes. (Have ldif, Will travel. If it would help.)
The user can get Kerberos tickets and logon from a windows 7 client, but not from openSUSE:
Dec 28 17:41:56 hh3 gnomesu-pam-backend: pam_systemd(gnomesu-pam:session): Failed to create session: Invalid argument Dec 28 17:42:57 hh3 gnomesu-pam-backend: pam_systemd(gnomesu-pam:session): Failed to create session: Invalid argument Dec 28 17:43:44 hh3 su: nss_ldap: could not search LDAP server - Server is unavailable Have you tried setting up the ldap client in the yast module? Is your ldap using TLS and do you have the cert set up right for the client connection as I have had this problem before.
You could try an ldapsearch on the command line with option -v to check you can connect Hi Yes, I can connect using ldapsearch -v and using phpldapadmin
logging in from a terminal I get: Dec 28 20:32:38 hh3 worker_nscd: nss_ldap: could not search LDAP server - Server is unavailable
I get the usual CN does not match FQDN for the tls stuff but it seems to connect without needing tls.
Any ideas?
Hanks L x
Seems more likely that the problem lies with this message: Dec 28 17:41:56 hh3 gnomesu-pam-backend: pam_systemd(gnomesu-pam:session): Failed to create session: Invalid argument -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/12/11 22:23, John Andersen wrote:
On 12/28/2011 11:35 AM, lynn wrote:
On 28/12/11 18:28, Andrew Colvin wrote:
On Wednesday 28 Dec 2011 17:06:21 lynn wrote:
Hi I used Yast LDAP Client to setup a LDAP connection
The server is Samba 4 to which I have added rfc2307 attributes. (Have ldif, Will travel. If it would help.)
The user can get Kerberos tickets and logon from a windows 7 client, but not from openSUSE:
Dec 28 17:41:56 hh3 gnomesu-pam-backend: pam_systemd(gnomesu-pam:session): Failed to create session: Invalid argument Dec 28 17:42:57 hh3 gnomesu-pam-backend: pam_systemd(gnomesu-pam:session): Failed to create session: Invalid argument Dec 28 17:43:44 hh3 su: nss_ldap: could not search LDAP server - Server is unavailable Have you tried setting up the ldap client in the yast module? Is your ldap using TLS and do you have the cert set up right for the client connection as I have had this problem before.
You could try an ldapsearch on the command line with option -v to check you can connect Hi Yes, I can connect using ldapsearch -v and using phpldapadmin
logging in from a terminal I get: Dec 28 20:32:38 hh3 worker_nscd: nss_ldap: could not search LDAP server - Server is unavailable
I get the usual CN does not match FQDN for the tls stuff but it seems to connect without needing tls.
Any ideas?
Hanks L x
Seems more likely that the problem lies with this message: Dec 28 17:41:56 hh3 gnomesu-pam-backend: pam_systemd(gnomesu-pam:session): Failed to create session: Invalid argument
That's the gnome keyring no? I've turned that off. Thanks L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 29/12/11 09:37, lynn wrote:
On 28/12/11 22:23, John Andersen wrote:
On 12/28/2011 11:35 AM, lynn wrote:
On 28/12/11 18:28, Andrew Colvin wrote:
On Wednesday 28 Dec 2011 17:06:21 lynn wrote:
Hi I used Yast LDAP Client to setup a LDAP connection
Hi To cut a long story short and hoping it will help others, I switched from the default nss_ldap to nss_pam_ldapd. This provides the process needed to break through the Kerberos stranglehold on the LDAP. L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
Andrew Colvin -
John Andersen -
lynn