I have a RHEL5 Server and some dual-boot XP/CentOS 5 systems (Linux systems all 64-bit). All Linux is out-of-box, with all packages, minus international languages, installed. No patching has been done.
On the server, I selected system-config-authentication and enabled LDAP for User Information, Kerberos, LDAP, and SMB for Authentication, and Shadow and MD5 Passwords, along with Authenticate system accounts by network services for Options.
All machines are on an isolated LAN, with no DNS server (I could always enable and configure DNS on the server if it helps the cause).
I also don't know if it matters, but the server is running the virtualization kernel (xen), but the clients are not.
I only have LDAP service enabled on the server. Kerberos services are enabled on both client and server.
I tweaked the LDAP and Kerberos settings using the CentOS/RH GUIs, and have the clients looking to the RH box for authentication.
I also have the firewall enabled, but am letting kerberos and ldap ports through as tcp.
During a login test, /var/log/messages on the client showed:
lin1 gdm[pid]: nss_ldap: failed to bind to LDAP server ldap://192.168.1.100: Can't contact LDAP server
lin1 gdm[pid]: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)...
lin1 dbus-daemon: nss_ldap: failed to bind to LDAP server ldap://192.168.1.100: Can't contact LDAP server
lin1 dbus-daemon: dss_ldap: failed to bind to LDAP server...
lin1 xfs: ...
During boot time, Starting system message bus: [long pause] then error messages about DB_CONFIG and /var/lib/ldap, the usual cannot find DB_CONFIG in /var/lib/ldap, showing the example.com instead of my customized ldap settings, etc.
I've checked openldap.org, but I figured if the configuration appears to be simplified via an included GUI, I shouldn't have much trouble gettigns things going.
Anyway, what am I missing? Anything special RH 5 is doing compared to the openldap docs?
Both servers have been rebooted since adding the respective ports in the firewall.
The goal is a to permit my test user, created on the server, to sit at a workstation, boot into either Linux or XP, and get their home directory.
Ideally, the server only needs to consist of one account for them, which they get upon login on the workstation.
I want to highly restrict _any_ third-party tools/apps/etc. I will be happy to take suggestions and leads, but I want to try and rely on what RH has provided.
Thanks for any insight/help.
Scott
On Thursday 23 August 2007 14:54:12 Scott Ehrlich wrote:
lin1 gdm[pid]: nss_ldap: failed to bind to LDAP server ldap://192.168.1.100: Can't contact LDAP server
lin1 gdm[pid]: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)...
lin1 dbus-daemon: nss_ldap: failed to bind to LDAP server ldap://192.168.1.100: Can't contact LDAP server
lin1 dbus-daemon: dss_ldap: failed to bind to LDAP server...
Did you check connectivity to LDAP from that machine manually?
Continuing my single sign-on efforts, I'm adjusting things a bit - incorporating NIS+Samba+LDAP on the server.
I found an Ubuntu-based document that gives step-by-step instructions for my things, and seemed to work as I was adapting some of the items to RH/CentOS. Its url is: https://help.ubuntu.com/community/LDAP-Samba_PDC_(for_Linux_and_Windows)
There are other similar documents for other Unix variants, including FreeBSD. Just search on http://localhost/phpldapadmin
One of the key items it mentions is http://phpldapadmin for complete web-based, graphical management of ldap. This, obviously sounds great, but I couldn't find a similar document for CentOS/RHEL 5. Fedora 1 is the closest.
It would be geat if someone could find one for a modern CentOS/RH distribution.
Thanks.
Scott
On Sat, 2007-08-25 at 05:49 -0400, Scott Ehrlich wrote:
Continuing my single sign-on efforts, I'm adjusting things a bit - incorporating NIS+Samba+LDAP on the server.
I found an Ubuntu-based document that gives step-by-step instructions for my things, and seemed to work as I was adapting some of the items to RH/CentOS. Its url is: https://help.ubuntu.com/community/LDAP-Samba_PDC_(for_Linux_and_Windows)
There are other similar documents for other Unix variants, including FreeBSD. Just search on http://localhost/phpldapadmin
One of the key items it mentions is http://phpldapadmin for complete web-based, graphical management of ldap. This, obviously sounds great, but I couldn't find a similar document for CentOS/RHEL 5. Fedora 1 is the closest.
It would be geat if someone could find one for a modern CentOS/RH distribution.
---- these kind of treatments encompass a single point of view which don't generally apply across the board since LDAP is sort of an designer toolkit.
phpldapadmin is a useful tool - I personally rely upon webmin http://www.webmin.com and their 'LDAP Users and Groups' module for creating/maintaining user and group accounts.
The issue is that you have to learn how to use LDAP because integration into things like smtp delivery, imap, etc. will vary depending upon which you use. There really is no walk through or pre-set configuration for LDAP and that is what seems to lose most people.
I heavily recommend learning to use LDAP because once you get it, integration into other things like samba or nis/nfs mounts becomes rather easy but until you learn it, integration will be a bitch. The book that I used that made it all understandable for me was Gerry Carter (of Samba fame) book titled "LDAP System Administration" which is probably a bit dated but will always be appropriate for an LDAP beginner.
While this isn't entirely responsive to your needs, you might find this useful...
Craig
-
Craig White -
Scott Ehrlich -
Tomasz Napierała