« Return to Thread: Can't get SSL working properly with openSUSE LDAP client (works with ldapsearch + SSL though)
Re: Can't get SSL working properly with openSUSE LDAP client (works with ldapsearch + SSL though)
by ian2
::
Rate this Message:
On Tuesday 13 November 2007 10:57:46 Wade Fitzpatrick wrote:
> > Nov 9 21:22:34 noisy nscd: nss_ldap: failed to bind to LDAP server
> > ldaps://daemon.foo.lan: Can't contact LDAP server Nov 9 21:22:34 noisy
> > nscd: nss_ldap: could not search LDAP server - Server is unavailable Nov
> > 9 21:22:34 noisy login[4196]: Unable to obtain uid (user=imoore) for
> > audit system Nov 9 21:22:34 noisy login[4196]: User not known to the
> > underlying authentication module
>
> You need to simplify things and verify each step. The first problem is
> nss_ldap can't find you. Check your config files - maybe suse uses a
> separate file for nss_ldap.
>
> What does ``getent passwd imoore'' return?
> What happens when you add a passwd entry into /etc/passwd? Can you log
> in then?
>
> Verify all traffic with tcpdump and ethereal/wireshark. Make sure the
> server is listening on 636 not 389 using ``netstat -ntl''.
>
> Next, simplify your pam.conf so it's not checking account and sessions,
> only auth, then add them individually and verify each one.
>
> Cheers,
> Wade.Yippee! It's working :-)
While checking out your very first point, my googling brought back some info
about the nss_ldap package for opensuse. In it was a file listing
with /usr/share/doc/packages/ldap.conf
I had a quick look through that file on my suse box and noticed it seems to be
a padl file, rather than a suse specific file.
In the openldap section, it shows 2 settings:
"ssl start_tls" and "ssl on"
The second setting was in /etc/ldap.conf as a comment, but listed under
a "Netscape SDK LDAPS heading, so I'd not used it. Instead, I just commented
out the "ssl start_tls" line.
So, I added "ssl on", rebooted and now I can login!!
All I need to do now is read up on configuring automount to mount my home
directory from the FBSD box.
Thanks for pointing me in the right direction.
Cheers,
--
Ian
gpg key: http://home.swiftdsl.com.au/~imoore/no-spam.asc
> > Nov 9 21:22:34 noisy nscd: nss_ldap: failed to bind to LDAP server
> > ldaps://daemon.foo.lan: Can't contact LDAP server Nov 9 21:22:34 noisy
> > nscd: nss_ldap: could not search LDAP server - Server is unavailable Nov
> > 9 21:22:34 noisy login[4196]: Unable to obtain uid (user=imoore) for
> > audit system Nov 9 21:22:34 noisy login[4196]: User not known to the
> > underlying authentication module
>
> You need to simplify things and verify each step. The first problem is
> nss_ldap can't find you. Check your config files - maybe suse uses a
> separate file for nss_ldap.
>
> What does ``getent passwd imoore'' return?
> What happens when you add a passwd entry into /etc/passwd? Can you log
> in then?
>
> Verify all traffic with tcpdump and ethereal/wireshark. Make sure the
> server is listening on 636 not 389 using ``netstat -ntl''.
>
> Next, simplify your pam.conf so it's not checking account and sessions,
> only auth, then add them individually and verify each one.
>
> Cheers,
> Wade.
While checking out your very first point, my googling brought back some info
about the nss_ldap package for opensuse. In it was a file listing
with /usr/share/doc/packages/ldap.conf
I had a quick look through that file on my suse box and noticed it seems to be
a padl file, rather than a suse specific file.
In the openldap section, it shows 2 settings:
"ssl start_tls" and "ssl on"
The second setting was in /etc/ldap.conf as a comment, but listed under
a "Netscape SDK LDAPS heading, so I'd not used it. Instead, I just commented
out the "ssl start_tls" line.
So, I added "ssl on", rebooted and now I can login!!
All I need to do now is read up on configuring automount to mount my home
directory from the FBSD box.
Thanks for pointing me in the right direction.
Cheers,
--
Ian
gpg key: http://home.swiftdsl.com.au/~imoore/no-spam.asc
signature.asc (201 bytes) « Return to Thread: Can't get SSL working properly with openSUSE LDAP client (works with ldapsearch + SSL though)
| Free Forum Powered by Nabble | Forum Help |