LDAP Authentication. Please Help .......

Hi,

I am Dipu from Indian Institute of Technology, Bombay, India.

Here we are trying to configure aLDAP server for authentication.We are using OpenLDAP for the purpose.

For testing we are using RedHat9 for both client and server and we are trying to login to the client with an account which is present only in the server avoiding all the system users.

We followed the steps given in the following link,

URL

Now the problem is,

1- We are not at all able to login to the client even as
'root' if the server is down.I
2 - If server is up I can login to the client with existing
users but not with the account which is there in
server.

If you have any piece of information regarding this that will be very much helpful for me.

Also if any realtime( with example ) tutorial or link regarding this please let me know about that.

Thanking you in anticipation,

Dipu Kumar M
Affordable Solutions Lab
KReSIT, IIT Bombay
Powai, Mumbai
India - 400076
Ph : 91-22-25764988

The first problem you mention is an annoying one. You need to add this line in your system-auth in the /etc/pam.d dir.

account sufficient /lib/security/pam_localuser.so

This should come after the line :-

account required /lib/security/pam_unix.so

This will then reenable system accounts while auhenticating with ldap.

As for your other problem... is there more information ??

Thank You very much MSiddall,

The 1st problem which I said is over now but still worried with the second one.

Let me explain about it.

I am in the first phace and so only a single machine is acting as client.

The domain name which I am using is

dc=it,dc=iitb,dc=ac,dc=in

And in the client side I configued the authentication part for LDAP based authentication.
( ie LDAP server as 10.129.50.37 -which is the ip of my server

Base dn as dc=it,dc=iitb,dc=ac,dc=in
)

Using the migration tool, I migrated the accouts from the client to server and it is comimg under ou=People subtree in the LDAP tree.

Then I deleted all other accounts( root, postgres etc. ) from the LDAP tree and only one guest account of the client I kept there.

Then I removed the guest user from the client and tried to login to that with the assumption that I can login through the LDAP.

But it is not allowing me for that and the usual invalid username or password mesaage is what I am getting.

So friends,

Is there anything wrong in what I am doing ?

or Is there something more I have to do ?

Thanking you in anticipation,

Dipu Kumar M
IIT, Bombay

Hmm...

Looking at the documentation you have used it glosses over the use on PAM_LDAP. This module allows authentication to a LDAP server. I can't remember if this module is incuded in RH9 but, im sure that I installed it. avalible at URL once you have compiled this module It should work. The only other suggestion is to NOT use TLS until you have the authentication working, this just adds extra problems when trying to set this up.

Martin