Fedora directory users - Mar 2009 - Ubuntu 8.04 authentication

Dear all,

I want to configure ubuntu 8.04 authentication using FDS still can not
get user from server, another workstation using fedora 7 can
authenticate well.

Already using this doc:
https://help.ubuntu.com/community/FedoraDirectoryServerClientHowto,
but still no luck.

Any help is appreciated.

Cheers,
Teguh

-- 
Semua rasa ada disini
http://www.teoteblung.co.cc

On [Wed, 11.03.2009 17:10], Diwakoe wrote:
>Dear all,
>
>I want to configure ubuntu 8.04 authentication using FDS still can not
>get user from server, another workstation using fedora 7 can
>authenticate well.
If you use TLS to talk to the FDS, there is a bug in the GnuTLS
package shipped with Ubuntu. Check Ubuntu bug-tracker system for this.

Happy Day.
Thorsten
  

-- 
"Eternity is a very long time, especially towards the end."
  — Stephen Hawking

On Wednesday 11 March 2009 10:10:08 Diwakoe wrote:
> Dear all,
>
> I want to configure ubuntu 8.04 authentication using FDS still can not
> get user from server, another workstation using fedora 7 can
> authenticate well.
>
> Already using this doc:
> https://help.ubuntu.com/community/FedoraDirectoryServerClientHowto,
> but still no luck.
>
I find that starting small and working forward is the best way to go.

First off,  disable all encryption (for now). in pam_ldap.conf and libnss-
ldap.conf.  I''ve found that running wireshark while learning/setting up
the
clients helps a ton.  You can see the ldap calls over tcpip and can also see 
all the username and passwords.  Which should inspire you to turn encryption 
back on when done :)

Next configure nss lookups.  Make sure libnss-ldap is installed,  And again 
minimally,  setup libnss-ldap.conf.  Add ldap to your nsswitch.conf file and 
try a getent (passwd|group).  If nothing happens,  check your sniffer and fds 
logs to see if it was able to try and connect to your ldap server.

Then move onto your pam config.  Same as above,  start minimally then add 
configs/features later.  But remember,  FDS will not accept passwd changes from 
the command line unless over TLs/SSL.  But it will authenticate just fine.

But like I said initially,  for myself,  watching wireshark helped a ton.

Ryan

On Fri, Mar 13, 2009 at 6:25 PM, Thorsten Scherf <tscherf@redhat.com>
wrote:
> If you use TLS to talk to the FDS, there is a bug in the GnuTLS
> package shipped with Ubuntu. Check Ubuntu bug-tracker system for this.
>
> Happy Day.
> Thorsten
>
We not using TLS yet. I will check tracker.

Thanks,
Diwa

-- 
Semua rasa ada disini
http://www.teoteblung.co.cc

On Fri, Mar 13, 2009 at 11:10 PM, Ryan Braun [ADS] <ryan.braun@ec.gc.ca>
wrote:
> I find that starting small and working forward is the best way to go.
>
> First off,  disable all encryption (for now). in pam_ldap.conf and libnss-
> ldap.conf.  I''ve found that running wireshark while
learning/setting up the
> clients helps a ton.  You can see the ldap calls over tcpip and can also
see
> all the username and passwords.  Which should inspire you to turn
encryption
> back on when done :)
>
> Next configure nss lookups.  Make sure libnss-ldap is installed,  And again
> minimally,  setup libnss-ldap.conf.  Add ldap to your nsswitch.conf file
and
> try a getent (passwd|group).  If nothing happens,  check your sniffer and
fds
> logs to see if it was able to try and connect to your ldap server.
>
> Then move onto your pam config.  Same as above,  start minimally then add
> configs/features later.  But remember,  FDS will not accept passwd changes
from
> the command line unless over TLs/SSL.  But it will authenticate just fine.
>
> But like I said initially,  for myself,  watching wireshark helped a ton.
>
> Ryan
>
Hi Ryan,

Now I can list all user from server using "getent passwd" but still
can not get user /home detail using "getent passwd <user-name>".
I
already tried login using fds username and user not authenticated.

Any help is appreciated.


Thanks,
Diwa
-- 
Semua rasa ada disini
http://www.teoteblung.co.cc