[Scottish] More LDAP woes

Gavin Henry ghenry at suretecsystems.com
Fri Jun 22 14:27:03 BST 2007


<quote who="Phillip Bennett">
> Hi everyone,
>
> I've finally got my LDAP directory set up and almost working! I can see it
> using two different LDAP browsers that I have installed, and I can use
> ldapsearch from the command line with the '-x' option (Simple
> Authentication).  I can even use ldapsearch -x -D "<my username>" etc..
>
> What gets me though, is that I can't run other commands on it like
> 'ldapwhoami', and I can't logon using LDAP either..  When I do, I get the
> following message:
>
>  ~]$ ldapwhoami
> SASL/DIGEST-MD5 authentication started
> Please enter your password:
> ldap_sasl_interactive_bind_s: Internal (implementation specific) error
> (80)
>         additional info: SASL(-13): user not found: no secret in database


You still need -x on ldapwhoami

>
>
> I've been reading up on SASL for the past two days and have been directed
> to
> kerberos from a few pages.  I now have a working kerberos KDC as well.
> However, I was hoping not to have to do this, as it means setting up the
> clients for kerberos as well.
>
> So far, what I have is an LDAP database that works with autofs.  However,
> it
> doesn't allow me to logon to workstations.  When I do, I get the following
> error:
>
> [root at shona ~]# su - phillip
> id: cannot find name for group ID 2066
> id: cannot find name for user ID 2066
> [phillip at shona ~]$ ssh localhost
> You don't exist, go away!
>
> Now, I know what the 'go away' error is all about.  What I don't know is
> why
> it happens.
>
> My setup is as follows:
>
> Redhat ES4 - all software at latest redhat versions
> ldap 2.2.13
> autofs 4.1.3-199.3
> kernel 2.6.9-55
> cyrus-sasl 2.1.19 (inc. md5, ntlm, sql, gssapi)
> kerberos 1.3.4-47
>
> Does anyone have any helpful information for getting these final bits
> setup?
> I have read in a few places that Redhat puts the SASL stuff in by default
> and it can't be turned off.  The same people usually say that it's best to
> recompile from source and leave the SASL support out.  Would anyone agree
> with that?  I feel that I've come so far and I'm understanding so much
> more,
> but I am still just so far away from getting anything to actually WORK!
> It's just so frustrating...  On the plus side, I have now discovered
> strace.
> It has helped me fix a few errors these past few days.  :)
>
> Any help you can give is greatly appreciated!

Check your permissions on /etc/nsswitch.conf /etc/ldap.conf, that's
usually the prob with "getent passwd" and su

>
> Thanks in advance,
> Phil.
>
>
> _______________________________________________
> Scottish mailing list
> Scottish at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/scottish
>




More information about the Scottish mailing list