All Questions
59 questions
0
votes
0
answers
74
views
Is there any way to speed up nslcd LDAP server failover
TL;DR
Even with 2-second timeouts, nslcd "stalls" logins for 14 seconds before switching over to a secondary LDAP server.
Can I speed this up?
My nslcd config
uid nslcd
gid nslcd
uri ldaps://...
- 662
0
votes
0
answers
319
views
Is Certificates are required for STARTTLS connection on LDAP
My LDAP server's ldap.conf file
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=coretesting,dc=com
URI ldap://ldap....
- 7
0
votes
0
answers
175
views
Is it possible to add memberUid as bind DN
Can we use memberUid for bind dn string.
Here is my sample ldif file
dn: cn=posixgroup,dc=memtesting,dc=com
objectClass: top
objectClass: posixGroup
gidNumber: 1001
cn: posixgroup
memberUid: posixuser
...
- 7
0
votes
1
answer
234
views
What are all the certificates mandatory to be provide while setting TLSVerifyClient option to demand
In my case, I had set TLSVerifyClient to demand. I couldn't be able to establish a connection While providing TLSCACertificateFile alone.
While setting the TLSVerifyClient option demand is it ...
- 7
1
vote
1
answer
844
views
Setup SSO : openldap, kerberos, nfs(truenas) :
Currently I am able to setup a SSO NFS setup with openldap ldap server and Truenas NFS server (with LDAP access configured). The ubuntu clients are able to use pam-mount to mount the nfs home shares. ...
- 13
0
votes
0
answers
2k
views
nss_ldap failed to bind to LDAP server
i have configured ldap client (ubuntu 20.04) with nss_ldap to connect on ldap server and accept users in a specific group, it seems that everything is working fine, the client can access the ldap ...
1
vote
1
answer
585
views
Can't understand why libnss-pam-ldapd does not find LDAP library
I am trying to cross-compile libnss-pam-ldapd for an arm architecture. The configure command always gives the following error:
checking for library containing ldap_search_ext... no
checking for ...
- 11
1
vote
1
answer
941
views
ldapwhoami works but pam_authenticate fails with the same credentials
I'm testing the pam_ldap implementation with a C++ application. I configured ldap and pam_ldap to authenticate against a OpenLDAP server running in the same host. Created a user for testing, ...
- 111
1
vote
1
answer
1k
views
PAM authentication - automatically create user?
I've finally got LDAP auth working on Ubuntu 18.04, however it only works if I first create the local user account (eg john.smith).
If I don't create the account first, it fails to bind to the LDAP ...
- 11
2
votes
0
answers
220
views
afpd[]: PAM audit_log_acct_message() failed: Operation not permitted
Im trying to debug this error in the /var/log/auth but I dont know where to look at.
Jul 27 06:44:30 server afpd[6463]: PAM audit_log_acct_message() failed: Operation not permitted
The syslog seems ...
- 33
0
votes
1
answer
591
views
Errors log in the auth.log but all working fine
Hi I have a Linux server (18.04) that acts as a TimeMachine backup server using the netatalk service.
The users are authenticating using the LDAP (/etc/ldap.conf)
The client can connect to the AFP ...
- 33
0
votes
1
answer
830
views
libpam-ldap unable to connect to LDAP server over SSL/TLS
I am trying to configure PAM to work with my LDAP server for authentication. To do this I am trying to use libpam-ldap, I decided to use libpam-ldap instead of libpam-ldapd for two reasons. First, ...
- 101
0
votes
2
answers
3k
views
LDAP PAM client error "cannot find name for user ID"
I had ldap authentication working great last night, then today it doesn't seem to work. I can authenticate as a user, but the client can't seem to look up info about the user:
Example logging in as ...
- 320
0
votes
1
answer
933
views
Unable to login with ldapuser [closed]
I have configured openldap with back-sql on ubuntu 18.04 but unable to login with ldapusers on client machine (centos 7). I am able to fetch user details using ldapsearch command on client machine but ...
0
votes
1
answer
1k
views
changing password - issue with ldap update
I have set directory 389 and 1 server to be client for testing authentication of users, etc.
For installation of Directory I have used this tutorial:
Install And Configure LDAP Server In CentOS 7
...
- 162
1
vote
1
answer
3k
views
openldap with haproxy - (ldap_result() failed: Can't contact LDAP server)
I'm having an issue with openldap proxied via haproxy. The authentication works perfectly fine on CentOS (7.5.1804) and Debian (9.4). The only problem is that I'm getting errors in syslog and authlog:
...
- 23
0
votes
1
answer
2k
views
LDAP completely ignores pam_groupdn and pam_filter attribute in ldap.conf
OS: Ubuntu 17.10
I currently installed ldap on an Ubuntu to access a ldap server. I configured nls, pam and ldap like in many tutorials proposed. So it worked but now any ldap user can login to the ...
- 19
-2
votes
1
answer
2k
views
Ubuntu LDAP Client: Caching not working
I have an LDAP server, and I want to be able to login on my machines using that LDAP server. This works basically, but when the LDAP server is out of reach (e.g. a laptop is used outside the office) ...
6
votes
0
answers
172
views
Write arbitrary attribute into ENV from LDAP upon successful PAM authentication
Is it possible during the authentication phase of pam_ldap to map an arbitrary LDAP attribute of the user's record into the resulting user's environment?
The specifics of my situation, in case you ...
- 311
0
votes
2
answers
4k
views
nss-pam-ldapd ldap group filtering
I'm attempting to setup authentication via ldap for OpenSSH connections on our FreeBSD servers in AWS. The actual ldap server is external to AWS and is accessed over the Internet.
I've run into a ...
- 113
0
votes
2
answers
13k
views
CentOS 7 LDAP SSH Error "cannot find name for group ID"
I'm running a CentOS 7 VirtualBox instance. I have LDAP authentication set up through our company Active Directory server.
Note: The AD server DOES NOT have Unix extensions installed.
What I'm ...
1
vote
1
answer
6k
views
CentOS 7 LDAP Authentication: "Permission denied"
I'm running a CentOS 7 VirtualBox instance. I am trying to set up LDAP authentication through our company Active Directory server.
Note: The AD server DOES NOT have Unix extensions installed.
Setup:
...
10
votes
2
answers
24k
views
Does Linux keeps a cache of groups members if on LDAP ? (Difference between groups vs getent group))
Our users and groups LDAP configuration is working.
Our server is using LDAP to store users and groups.
# /etc/nsswitch.conf :
passwd: compat ldap
group: compat ldap
shadow: ...
- 658
1
vote
1
answer
819
views
Active Directory (LDAP) and pam using kerberos instead of bindpw or anonymous access
I have a system that currently uses an LDAP/AD server for authentication via pam and the pam_ldap module. In order to use this server for authentication pam_ldap requires an account which exposes the ...
- 11
3
votes
1
answer
2k
views
Can't make sshd+pam+ldap to work (AuthorizedKeysCommand?)
What I did:
Installed libpam-ldapd
Set up /etc/ldap/ldap.conf
Set up /etc/ssh/ldap-keys.sh as root:root 0755, confirmed it works (/etc/ssh/ldap_keys.sh amadan returns my public keys from LDAP).
Set ...
- 159
1
vote
1
answer
5k
views
Automatically create home directory on NFS after LDAP login
My current situation is that I can successfully authenticate using ldap and pam, I also succeeded to use pam_mkdir to autocreate home directories in the /home filesystem.
What now I'm trying to ...
- 184
0
votes
1
answer
3k
views
Getting error when Integrating LDAP with Wordpress
I have installed Ldap on Ubuntu 14.04 and wordpress on amazon linux ami.
I'm able to login in ldap console. I have created a user in it.
On wordpress i have installed simpleLDAP plugin.
I don't know ...
0
votes
1
answer
426
views
Numeric User IDs and PAM_LDAP
We are working on to configure our Linux servers to use LDAP for Authentication using PAM_LDAP + SSSD. Our LDAP Usernames are based on staff numbers (all numeric starting at 1). This will cause a ...
- 458
0
votes
1
answer
90
views
SunLDAP Schema Extensions to support Linux/Unix Authentication + Sudo
We are running SunLDAP (Sun/Oracle Directory server 11), and would like our Linux/Unix machines to authenticate against LDAP and also use LDAP for storing SUDO policies. What Schema Extensions are ...
- 458
0
votes
1
answer
413
views
Weird behavior with ldap and getent or repquota
I've observed a weird behavior in my network.
I have my network users stored in OpenLDAP 2.4 which also serves a samba 3.6 Domain.
I have user quotas on my NFS servers and that is where I stumbled ...
- 107
1
vote
2
answers
4k
views
how to join centos 7 to samba domain?
In my office, we use samba domain + ldap. I already join some Windows 7 machines, but now I need to join CentOS 7 to that domain. How can I do that?
Below are steps that I already did:
install nss-...
- 11
0
votes
0
answers
64
views
do not allow multiple sessions if user have different IPs
I am running Red Hat Enterprise Linux 6.6 and for authentication we use LDAP authentication. We have running application on a server (doesn't really matter which one it is) and the way application ...
- 123
0
votes
1
answer
1k
views
Why I cannot find ldap.conf file when I want to integrate 389-ds and samba on centos 7?
I am working on two servers, a samba server and a 389-ds server. Now I want to integrate them so that samba shares are authenticated via ldap server.
I have followed instructions on http://directory....
- 103
0
votes
2
answers
194
views
PAM - LDAP authentication interaction
So far from what I understand it gets given a username/password pair, it then searches the LDAP for the username and tries to log into the LDAP using the distinguished name and the password pair, if ...
- 101
1
vote
0
answers
685
views
PAM - Ignore local user, if LDAP-connection works
I have configured some SLED10SP1 (not allowed to update) machines to use LDAP for user authentication. Because SLED10 doesn't have official packages for pam_ccreds or sssd, I have to find a way to ...
- 11
1
vote
1
answer
298
views
migrate debian 8 user (SHA512 encrypted with $6 tag) to LDAP
I have a problem with migrating local user from debian 8 to LDAP.
As you know debian 6 and above use SHA512 as standard user password encryption. in the shadow file it shows the password with "$6" ...
- 608
0
votes
1
answer
2k
views
pam google authenticator can't compute location of secret file
I've installed Google Authentication on all the machines in our system, and while the authentication during login works fine, our machines are producing logs that have this line over and over:
sshd(...
- 3
0
votes
2
answers
2k
views
pam_ldap user password changes using rootbinddn on Debian Jessie
When configuring pam_ldap on Debian Jessie, end user password changes are utilizing the rootbinddn, circumventing OpenLDAP's ppolicy overlay. This is allowing end users to change their passwords ...
- 91
2
votes
0
answers
774
views
LDAP Not working for SSH connections on ubuntu 12.04
Connecting from the client to the server:
$ ssh -vvv [email protected]
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: ...
- 3,714
1
vote
0
answers
361
views
The differences between libpam-ldap and libpam-ldapd, included packages and modules? [duplicate]
May I ask what's the differences between libpam-ldap and libpam-ldapd when it comes to included packages and modules?
As i understand is nss-pam-ldapd the project of libpam-ldapd, which is an ...
- 11
5
votes
2
answers
3k
views
RHEL 6.5 web application PAM AUTH pam_oddjob_mkhomedir
I've got a RHEL 6.5 that authenicates against an AD server, that side is working fine.
The machine is also running a web application that uses a PAM module to authenticate.
I copied login to make a ...
1
vote
0
answers
863
views
LDAP: forced to change root password on every login
I have finally configured my new server as LDAP-client of my existing one. Now, every time I login as root, I am prompted to change my 'LDAP password':
login as: root
[email protected]'s password:
...
- 601
1
vote
1
answer
10k
views
Solaris pam_ldap Authentication Using sshd-kbdint and Failing
Problem Overview
Solaris 11 has been configured to use pam_ldap to authenticate users against an LDAP v3-compliant directory server. The Solaris host is only configured to use LDAP for authentication;...
- 11
2
votes
0
answers
981
views
Set Linux GID based on LDAP OU in ldap.conf
In our company we have a given LDAP Server, which represents the Users of our Windows Active Directory. Unfortunately the gidNumber sent to the LDAP client is always containing the Value "1001" for ...
- 111
11
votes
1
answer
27k
views
What is nsswitch compat mode?
Red Hat recommended me compat mode in /etc/nsswitch.conf as one of the options to enumerate LDAP users, but later said that it's not a much-used method.
nsswitch.conf
passwd: files compat
...
- 4,113
0
votes
1
answer
2k
views
What are disadvantages of using nsswitch compat?
In my current LDAP set-up "getent passwd" shows all 600+ users that exist in the LDAP, not enumerating only the 20 LDAP-users that have permission to access this netgroup/server.
This can be solved ...
- 4,113
0
votes
1
answer
174
views
Users seeing all other LDAP users on RHEL default behavior?
We are using an LDAP server with both Solaris and RHEL servers and planning to migrate more servers over to RHEL. However we have an issue with LDAP on all Red Hat servers. When we type "getent passwd"...
- 4,113
6
votes
3
answers
23k
views
How come all LDAP users are shown with getent passwd?
We are using an LDAP server with both Solaris and RHEL servers and planning to migrate more servers over to RHEL. However we have an issue with LDAP on all Red Hat servers.
When I type "getent ...
- 4,113
1
vote
2
answers
2k
views
ppolicy with pam_ldap - pwdReset has no effect when logging in from Ubuntu
We installed ppolicy overlay on our ldap server. Password policies work correctly for locking out user after X incorrect password attempts, but we can't enforce user to change his password.
When we ...
- 121
1
vote
1
answer
4k
views
restarting authconfig changes order of my /etc/nsswitch.conf
Here is my nsswitch.conf:
passwd: files ldap sss
shadow: files ldap sss
group: files sss
When I restart authconfig, it removes ldap from passwd, shadow, and group.
Here's my authconfig.
...
- 371