Fedora directory users - Jun 2005 - Re: Support for Windows login?

Has anyone tested pgina against FDS?

I''ve tried creating an entry: cn=ibishop,ou=People,dc=localdomain in my
directory and then test authenticating against the directory from a PC 
running pgina on WinXP.

The pgina ldap config is:
LDAP method: map mode
LDAP server: 192.168.2.200
prepend: cnappend: ou=People,dc=localdomain


When I try and bind to this with pgina I get the following in the slapd log:

fd=75 slot=75 connection from 192.168.2.183 to 192.168.2.200
[08/Jun/2005:12:30:47 +1000] conn=42 op=0 BIND 
dn="cn=ibishop,ou=people,dc=localdomain" method=128 version=3
[08/Jun/2005:12:30:47 +1000] conn=42 op=0 RESULT err=32 tag=97 
nentries=0 etime=0
[08/Jun/2005:12:30:47 +1000] conn=42 op=1 UNBIND
[08/Jun/2005:12:30:47 +1000] conn=42 op=1 fd=75 closed - U1


My directory has all the default bind permissions (which should allow 
this right?)...can anyone see what I''m doing wrong?

Thanks,
Ian


Max Kipness wrote:


Can this directory service take the place of MS Active Directory and be
used to login Windows XP workstations without an AD Domain Controllers
present?





Sure, but it does not provide all of the active directory policies, or 
allow you to apply permissions to files on your machine based on domain 
groups, etc.

To get windows authenticating from standard LDAP, you need to use pGina:


    http://pgina.xpasystems.com/


BR,
--
Mike


LDAP Directory Consulting: http://www.netauth.com

Ian Bishop wrote:
> Has anyone tested pgina against FDS?
>
> I''ve tried creating an entry: cn=ibishop,ou=People,dc=localdomain
in
> my directory and then test authenticating against the directory from a 
> PC running pgina on WinXP.
>
> The pgina ldap config is:
> LDAP method: map mode
> LDAP server: 192.168.2.200
> prepend: cn> append: ou=People,dc=localdomain
>
>
> When I try and bind to this with pgina I get the following in the 
> slapd log:
>
> fd=75 slot=75 connection from 192.168.2.183 to 192.168.2.200
> [08/Jun/2005:12:30:47 +1000] conn=42 op=0 BIND 
> dn="cn=ibishop,ou=people,dc=localdomain" method=128 version=3
> [08/Jun/2005:12:30:47 +1000] conn=42 op=0 RESULT err=32 tag=97 
> nentries=0 etime=0
> [08/Jun/2005:12:30:47 +1000] conn=42 op=1 UNBIND
> [08/Jun/2005:12:30:47 +1000] conn=42 op=1 fd=75 closed - U1
>
>
> My directory has all the default bind permissions (which should allow 
> this right?)...can anyone see what I''m doing wrong?
Can you use ldapsearch -D "cn=ibishop,ou=people,dc=localdomain" -w 
yourpassword -s base -b "cn=ibishop,ou=people,dc=localdomain" 
"objectclass=*"
?  If not, do you get the same error in your access log?
>
> Thanks,
> Ian
>
>
> Max Kipness wrote:
>
>
> Can this directory service take the place of MS Active Directory and be
> used to login Windows XP workstations without an AD Domain Controllers
> present?
>
>
>
>
>
> Sure, but it does not provide all of the active directory policies, or 
> allow you to apply permissions to files on your machine based on 
> domain groups, etc.
>
> To get windows authenticating from standard LDAP, you need to use pGina:
>
>
>    http://pgina.xpasystems.com/
>
>
> BR,
> -- 
> Mike
>
>
> LDAP Directory Consulting: http://www.netauth.com
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users

Rich Megginson wrote:
> Ian Bishop wrote:
> 
>> Has anyone tested pgina against FDS?
>>
>> I''ve tried creating an entry:
cn=ibishop,ou=People,dc=localdomain in
>> my directory and then test authenticating against the directory from a 
>> PC running pgina on WinXP.
>>
>> The pgina ldap config is:
>> LDAP method: map mode
>> LDAP server: 192.168.2.200
>> prepend: cn>> append: ou=People,dc=localdomain
>>
>>
>> When I try and bind to this with pgina I get the following in the 
>> slapd log:
>>
>> fd=75 slot=75 connection from 192.168.2.183 to 192.168.2.200
>> [08/Jun/2005:12:30:47 +1000] conn=42 op=0 BIND 
>> dn="cn=ibishop,ou=people,dc=localdomain" method=128 version=3
>> [08/Jun/2005:12:30:47 +1000] conn=42 op=0 RESULT err=32 tag=97 
>> nentries=0 etime=0
>> [08/Jun/2005:12:30:47 +1000] conn=42 op=1 UNBIND
>> [08/Jun/2005:12:30:47 +1000] conn=42 op=1 fd=75 closed - U1
>>
>>
>> My directory has all the default bind permissions (which should allow 
>> this right?)...can anyone see what I''m doing wrong?
> 
> 
> Can you use ldapsearch -D "cn=ibishop,ou=people,dc=localdomain"
-w
> yourpassword -s base -b "cn=ibishop,ou=people,dc=localdomain" 
> "objectclass=*"
> ?  If not, do you get the same error in your access log?
> 
No, that fails with:

ldap_simple_bind: No such object
ldap_simple_bind: matched: ou=people,dc=localdomain

Log shows:

[08/Jun/2005:13:18:10 +1000] conn=52 fd=74 slot=74 connection from 
127.0.0.1 to 127.0.0.1
[08/Jun/2005:13:18:10 +1000] conn=52 op=0 BIND 
dn="cn=ibishop,ou=people,dc=localdomain" method=128 version=3
[08/Jun/2005:13:18:10 +1000] conn=52 op=0 RESULT err=32 tag=97 
nentries=0 etime=0
[08/Jun/2005:13:18:10 +1000] conn=52 op=1 UNBIND
[08/Jun/2005:13:18:10 +1000] conn=52 op=1 fd=74 closed - U1


If I do a ldapsearch -b "ou=people,dc=localdomain" cn=ibishop, I do
get
a result..?

Ian Bishop wrote:
>
> Rich Megginson wrote:
>
>> Ian Bishop wrote:
>>
>>> Has anyone tested pgina against FDS?
>>>
>>> I''ve tried creating an entry:
cn=ibishop,ou=People,dc=localdomain in
>>> my directory and then test authenticating against the directory
from
>>> a PC running pgina on WinXP.
>>>
>>> The pgina ldap config is:
>>> LDAP method: map mode
>>> LDAP server: 192.168.2.200
>>> prepend: cn>>> append: ou=People,dc=localdomain
>>>
>>>
>>> When I try and bind to this with pgina I get the following in the 
>>> slapd log:
>>>
>>> fd=75 slot=75 connection from 192.168.2.183 to 192.168.2.200
>>> [08/Jun/2005:12:30:47 +1000] conn=42 op=0 BIND 
>>> dn="cn=ibishop,ou=people,dc=localdomain" method=128
version=3
>>> [08/Jun/2005:12:30:47 +1000] conn=42 op=0 RESULT err=32 tag=97 
>>> nentries=0 etime=0
>>> [08/Jun/2005:12:30:47 +1000] conn=42 op=1 UNBIND
>>> [08/Jun/2005:12:30:47 +1000] conn=42 op=1 fd=75 closed - U1
>>>
>>>
>>> My directory has all the default bind permissions (which should 
>>> allow this right?)...can anyone see what I''m doing wrong?
>>
>>
>>
>> Can you use ldapsearch -D
"cn=ibishop,ou=people,dc=localdomain" -w
>> yourpassword -s base -b "cn=ibishop,ou=people,dc=localdomain"
>> "objectclass=*"
>> ?  If not, do you get the same error in your access log?
>>
>
> No, that fails with:
>
> ldap_simple_bind: No such object
> ldap_simple_bind: matched: ou=people,dc=localdomain
>
> Log shows:
>
> [08/Jun/2005:13:18:10 +1000] conn=52 fd=74 slot=74 connection from 
> 127.0.0.1 to 127.0.0.1
> [08/Jun/2005:13:18:10 +1000] conn=52 op=0 BIND 
> dn="cn=ibishop,ou=people,dc=localdomain" method=128 version=3
> [08/Jun/2005:13:18:10 +1000] conn=52 op=0 RESULT err=32 tag=97 
> nentries=0 etime=0
> [08/Jun/2005:13:18:10 +1000] conn=52 op=1 UNBIND
> [08/Jun/2005:13:18:10 +1000] conn=52 op=1 fd=74 closed - U1
>
>
> If I do a ldapsearch -b "ou=people,dc=localdomain" cn=ibishop, I
do
> get a result..?
What result do you get?  How did you create that user in the first 
place?  The error message is clearly stating there is no such object 
"cn=ibishop,ou=people,dc=localdomain".
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users

Ian Bishop wrote:
>
> Rich Megginson wrote:
>
>> Ian Bishop wrote:
>>
>>> Has anyone tested pgina against FDS?
>>>
>>> I''ve tried creating an entry:
cn=ibishop,ou=People,dc=localdomain in
>>> my directory and then test authenticating against the directory
from
>>> a PC running pgina on WinXP.
>>>
>>> The pgina ldap config is:
>>> LDAP method: map mode
>>> LDAP server: 192.168.2.200
>>> prepend: cn>>> append: ou=People,dc=localdomain
>>>
>>>
>>> When I try and bind to this with pgina I get the following in the 
>>> slapd log:
>>>
>>> fd=75 slot=75 connection from 192.168.2.183 to 192.168.2.200
>>> [08/Jun/2005:12:30:47 +1000] conn=42 op=0 BIND 
>>> dn="cn=ibishop,ou=people,dc=localdomain" method=128
version=3
>>> [08/Jun/2005:12:30:47 +1000] conn=42 op=0 RESULT err=32 tag=97 
>>> nentries=0 etime=0
>>> [08/Jun/2005:12:30:47 +1000] conn=42 op=1 UNBIND
>>> [08/Jun/2005:12:30:47 +1000] conn=42 op=1 fd=75 closed - U1
>>>
>>>
>>> My directory has all the default bind permissions (which should 
>>> allow this right?)...can anyone see what I''m doing wrong?
>>
>>
>>
>> Can you use ldapsearch -D
"cn=ibishop,ou=people,dc=localdomain" -w
>> yourpassword -s base -b "cn=ibishop,ou=people,dc=localdomain"
>> "objectclass=*"
>> ?  If not, do you get the same error in your access log?
>>
>
> No, that fails with:
>
> ldap_simple_bind: No such object
> ldap_simple_bind: matched: ou=people,dc=localdomain
>
> Log shows:
>
> [08/Jun/2005:13:18:10 +1000] conn=52 fd=74 slot=74 connection from 
> 127.0.0.1 to 127.0.0.1
> [08/Jun/2005:13:18:10 +1000] conn=52 op=0 BIND 
> dn="cn=ibishop,ou=people,dc=localdomain" method=128 version=3
> [08/Jun/2005:13:18:10 +1000] conn=52 op=0 RESULT err=32 tag=97 
> nentries=0 etime=0
> [08/Jun/2005:13:18:10 +1000] conn=52 op=1 UNBIND
> [08/Jun/2005:13:18:10 +1000] conn=52 op=1 fd=74 closed - U1
>
>
> If I do a ldapsearch -b "ou=people,dc=localdomain" cn=ibishop, I
do
> get a result..?
You should verify the DN for this entry in the Directory Server.  The 
"cn" attribute may be equal to "ibishop", but the
"dn" may be using the
"uid" as the RDN.

-NGK
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users

Nathan Kinder wrote:
> Ian Bishop wrote:
> 
>>
>> Rich Megginson wrote:
>>
>>> Ian Bishop wrote:
>>>
>>>> Has anyone tested pgina against FDS?
>>>>
>>>> I''ve tried creating an entry:
cn=ibishop,ou=People,dc=localdomain in
>>>> my directory and then test authenticating against the directory
from
>>>> a PC running pgina on WinXP.
>>>>
>>>> The pgina ldap config is:
>>>> LDAP method: map mode
>>>> LDAP server: 192.168.2.200
>>>> prepend: cn>>>> append: ou=People,dc=localdomain
>>>>
>>>>
>>>> When I try and bind to this with pgina I get the following in
the
>>>> slapd log:
>>>>
>>>> fd=75 slot=75 connection from 192.168.2.183 to 192.168.2.200
>>>> [08/Jun/2005:12:30:47 +1000] conn=42 op=0 BIND 
>>>> dn="cn=ibishop,ou=people,dc=localdomain" method=128
version=3
>>>> [08/Jun/2005:12:30:47 +1000] conn=42 op=0 RESULT err=32 tag=97 
>>>> nentries=0 etime=0
>>>> [08/Jun/2005:12:30:47 +1000] conn=42 op=1 UNBIND
>>>> [08/Jun/2005:12:30:47 +1000] conn=42 op=1 fd=75 closed - U1
>>>>
>>>>
>>>> My directory has all the default bind permissions (which should
>>>> allow this right?)...can anyone see what I''m doing
wrong?
>>>
>>>
>>>
>>>
>>> Can you use ldapsearch -D
"cn=ibishop,ou=people,dc=localdomain" -w
>>> yourpassword -s base -b
"cn=ibishop,ou=people,dc=localdomain"
>>> "objectclass=*"
>>> ?  If not, do you get the same error in your access log?
>>>
>>
>> No, that fails with:
>>
>> ldap_simple_bind: No such object
>> ldap_simple_bind: matched: ou=people,dc=localdomain
>>
>> Log shows:
>>
>> [08/Jun/2005:13:18:10 +1000] conn=52 fd=74 slot=74 connection from 
>> 127.0.0.1 to 127.0.0.1
>> [08/Jun/2005:13:18:10 +1000] conn=52 op=0 BIND 
>> dn="cn=ibishop,ou=people,dc=localdomain" method=128 version=3
>> [08/Jun/2005:13:18:10 +1000] conn=52 op=0 RESULT err=32 tag=97 
>> nentries=0 etime=0
>> [08/Jun/2005:13:18:10 +1000] conn=52 op=1 UNBIND
>> [08/Jun/2005:13:18:10 +1000] conn=52 op=1 fd=74 closed - U1
>>
>>
>> If I do a ldapsearch -b "ou=people,dc=localdomain"
cn=ibishop, I do
>> get a result..?
> 
> 
> You should verify the DN for this entry in the Directory Server.  The 
> "cn" attribute may be equal to "ibishop", but the
"dn" may be using the
> "uid" as the RDN.
Ahh, that''s it. It works now binding with 
uid=ibishop,ou=people,dc=localdomain

Sorry, I''m still getting my head around LDAP.  :/

Thanks,
Ian.