similar to: LDAP authentication on a remote server (via ldaps://)

Hi, I'm facing a problem with setting up LDAP+TLS client authentication in a kickstart script on CentOS7 for several days. Setting up manualy the config with system-config-authentication works but I need to automate this in kickstart for deploying cluster nodes. This show that the server side is running fine. At this time the message is #systemctl status sssd |....

On Thu, 14 Jun 2018, Patrick Begou wrote: > Hi, > > I'm facing a problem with setting up LDAP+TLS client authentication in a > kickstart script on CentOS7 for several days. > > Setting up manualy the config with system-config-authentication works but I > need to automate this in kickstart for deploying cluster nodes. > This show that the server side is running fine.

Hi all, On a C6 box, when I want to enable LDAP authentication, I issue: # yum -y install nss-pam-ldapd pam_ldap nscd # authconfig --enableldap --enableldapauth --enablemkhomedir \ --ldapserver=ldap://ldap-blabla/ \ --ldapbasedn="blabla" \ --enablecache --disablefingerprint \ --kickstart --update All is working fine, the directory structure is fine and compliant.

Ok, I've got most everything setup, but I'm not able to confirm pam_ldap and nss_ldap are working properly. (Actually given the examples in SBE, they still appear to be returning information from local files rather than the ldap info.) I wanted to go back and check my authconfig and reset the parameters. However now when I do a authconfig I get this: ---- authconfig --enablecache

Hello all: Happy New Year to everyone and thank you for all the knowledge this past year. I have a hopefully simple question about kickstart. In the authconfig section I can enable ldap, credential caching, etc.. Using the GUI tool there's an option to create the user home directories on first login. The docs don't show a similar option for authconfig in kickstart. For now I'm

I'm having trouble setting up ldap based authenication. I have a virtual (KVM) CentOS 5.4 box set up to authenticate to a 389 (fedora) directory server, and that works fine. However, I set up a virtual box running CentOS 6, and I can't get it to authenicate. I've run authconfig with the appropriate flags, ldapsearch properly finds the data, but I can't log in. /var/log/secure

So I have this centos 5.10 box which authenticates network users against ldap(authorizing)+kerberos(authentication). And I now would like to have sudo be able to allow admins (netgroup chinbeards) to sudo about. I am not using sssd though (yet). Here is the output of me trying sudo (debug on): [raub at centos5-x64 ~]$ sudo pwd LDAP Config Summary =================== uri

I've configured a new RHEL DC with sernet samba 4.1.4 and a domain just upgraded from classic with an LDAP backend. I need to configure the DC with user accounts and since: * I can't use winbind on a DC * I can't use SSSD with the sernet packages it looks like the best thing to use is LDAP. I've configured it with: authconfig --enableldap --enableldapauth

Hi All I have just published a module that synchronises users and groups from Active Directory into a Puppet manifest, which can then be rolled out to subscribed agents/workstations. The module maintains generated uids and gids in an SQLite database. It has only been tested on Puppet Enterprise 2.6.1 and RHEL 6.3 so far, at my end. The module is called lpep and you can view it at

Hi Team, I have the kick start file where my root password is store like # Root password rootpw --iscrypted $1$1SItJOAg$UM9n7lRFK1/OCs./rgQtQ/ # System authorization information auth --useshadow --passalgo=sha512 Is there any way to decry pt the password and get it as plain text. I know single user mode works but my case it in remote site. Thanks, Jegadeesh

Thank you, Louis, for your reply. By simply asking me to provide outputs of the aforementioned files, I found the cause of my first problem (auth failing). It was my /etc/hosts file on dc1. All of them should look like this, and indeed DC2 and DC3's *did* look like this: # cat /etc/hosts > 127.0.0.1 ? ? ? localhost.samdom.mycompany.net ?localhost > 192.168.3.201

Hai, And Omg... Your right, its my fault. :-/ I didnt say to you, you needed make the changes, to change what Rowland showed. Im really sorry.. ;-) when im in austria i'll buy you a beer. Or if you want teach you snowboarding.. I have an other guy in austria that cant ski/board. Im going to teach him also. .. So funny a dutch guy teaching to austria guys.. :-) And how is it running

I've been working on this problem for a few hours. Here are some updates: Many of the domains I listed are duplicates of domains managed by other DNS servers on my network. There was no point in having them in Samba AD, so I deleted the zones in Windows DNS Manager and created slaves in my named.conf.local folder, so that they'd pull the records from my authoritative BIND DNS server,

Nice shell script,?Louis. Here are the results: Collected config ?--- 2019-06-20-12:46 ----------- Hostname: umbriel DNS Domain: samdom.mycompany.net FQDN: umbriel.samdom.mycompany.net ipaddress: 192.168.3.203? ----------- Samba is running as an AD DC ----------- ? ? ? ?Checking file: /etc/os-release NAME="Ubuntu" VERSION="16.04.6 LTS (Xenial Xerus)" ID=ubuntu

Hello Samba Friends, I have a single DC (we'll call it, "DC1") that simply will not take my password when I run this command:? #samba-tool ldapcmp ldap://dc2 ldap://dc3 -Uadministrator? Or this command:? #samba-tool ldapcmp ldap://dc1 ldap://dc2 -Uadministrator? I basically get this:? > Password for [SAMDOM\administrator]:? > Password for [SAMDOM\administrator]:?

Hi all, I am trying to automate the provisioning of a few VM, dom0 CentOS5 - domU CentOS4.5, the installation goes well but it completely ignores the %post bit in the kickstart: # Kickstart file for a generic VM install url --url http://server/mrepo/centos4-x86_64/disc1 cmdline skipx reboot # Partition information ..... # General system config bootloader --location=mbr keyboard uk lang

Hi, I'm trying to set up NFSv4 on two boxes (centos 5.5) and have it authenticate against our Windows 2008R2 AD server acting as the KDC. (samba/winbind is running ok with "idmap config MYCOMPANY: backend = rid" so we have identical ids across the servers.) I can mount my test directory fine via NFSv4 *without* the sec=krb5 option. However, once I put the sec=krb5 option in,

I am having problems getting dns to function correctly with Ubuntu 14.04LTS. My /etc/hosts file is: 127.0.0.1 localhost # Need to keep 127.0.1.1 entry or DNS fails 127.0.1.1 mysrvr03.mycomapny.biz wdnsrvr03 192.168.16.208 mysrvr03.mycompany.biz wdnsrvr03 # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2

Right now, I have all of my Samba stuff under ou=corp,dc=mycompany,dc=com. I have it this way because there used to also be ou=furn,dc=mycompany,dc=com with a different domain. Now that I only have one domain, I would like to move everything to dc=mycompany,dc=com. So I copy all of the subentries of ou=corp (ou=computers, ou=people, ou=grooups, and the sambaDomainName entries) to

Hello, hello Rowland, So the physical configuration is something like below : +-------------------------------+ server_a   Samba AD DC   Domain: mycompany.net   Subnet: 192.168.1.0/24   IP    : 192.168.1.2 +-------------------------------+ +-------------------------------+ pc_a_1   FQDN: pc_a_1.mycompany.net.   IP:   192.168.1.33 +-------------------------------+