[Scottish] More LDAP woes - updated

Phillip Bennett phillip at mve.com
Mon Jun 25 16:41:06 BST 2007

Hi everyone,

I just thought I'd update the list with the results I have so far.

First of all, I rebuilt one of the machines with RedHat Enterprise Linux 5. 
This gave me login, but no autofs.  Fortunately, I could change the defaults 
in the autofs config file and make it work.  So then I had fully working 
LDAP login AND autofs.  However, we don't use RHEL5 here, only 3 and 4.  So 
I rebuilt a different machine with straight, plain old vanilla RHEL4 update 
5.  During installation, I told it to use LDAP for authentication etc.  Once 
installed and rebooted, I could login AND use the autofs.  I didn't even 
have to change the usual settings (underscoretodot=0).

This afternoon, I have set up a similar machine with RHEL3 and once updating 
the autofs rpm, it logs on and works fully.

So thanks to everyone who tried to help with this problem.  I have no idea 
what made it decide to work, but the thing seems to be that if I leave it 
alone and only use the GUI to change the login/auth settings, it seems to 

Note that I haven't changed AMYthing on the LDAP server.  The schemla is the 
same and all permissoins are the same as when it didn't work.

This is the short version of events.  I had spent a lot of time with it over 
the last few days.  I even had two logs of a query from the 'working' client 
and the 'not working' client to see what was wrong.

If there is anyone on the list that has done this sort of thing before, let 
me know.  I'd love to hear your experiences of LDAP.


----- Original Message ----- 
From: "Gavin Henry" <ghenry at suretecsystems.com>
To: <scottish at mailman.lug.org.uk>
Sent: Friday, June 22, 2007 2:26 PM
Subject: Re: [Scottish] More LDAP woes

> <quote who="Phillip Bennett">
>> Hi everyone,
>> I've finally got my LDAP directory set up and almost working! I can see 
>> it
>> using two different LDAP browsers that I have installed, and I can use
>> ldapsearch from the command line with the '-x' option (Simple
>> Authentication).  I can even use ldapsearch -x -D "<my username>" etc..
>> What gets me though, is that I can't run other commands on it like
>> 'ldapwhoami', and I can't logon using LDAP either..  When I do, I get the
>> following message:
>>  ~]$ ldapwhoami
>> SASL/DIGEST-MD5 authentication started
>> Please enter your password:
>> ldap_sasl_interactive_bind_s: Internal (implementation specific) error
>> (80)
>>         additional info: SASL(-13): user not found: no secret in database
> You still need -x on ldapwhoami
>> I've been reading up on SASL for the past two days and have been directed
>> to
>> kerberos from a few pages.  I now have a working kerberos KDC as well.
>> However, I was hoping not to have to do this, as it means setting up the
>> clients for kerberos as well.
>> So far, what I have is an LDAP database that works with autofs.  However,
>> it
>> doesn't allow me to logon to workstations.  When I do, I get the 
>> following
>> error:
>> [root at shona ~]# su - phillip
>> id: cannot find name for group ID 2066
>> id: cannot find name for user ID 2066
>> [phillip at shona ~]$ ssh localhost
>> You don't exist, go away!
>> Now, I know what the 'go away' error is all about.  What I don't know is
>> why
>> it happens.
>> My setup is as follows:
>> Redhat ES4 - all software at latest redhat versions
>> ldap 2.2.13
>> autofs 4.1.3-199.3
>> kernel 2.6.9-55
>> cyrus-sasl 2.1.19 (inc. md5, ntlm, sql, gssapi)
>> kerberos 1.3.4-47
>> Does anyone have any helpful information for getting these final bits
>> setup?
>> I have read in a few places that Redhat puts the SASL stuff in by default
>> and it can't be turned off.  The same people usually say that it's best 
>> to
>> recompile from source and leave the SASL support out.  Would anyone agree
>> with that?  I feel that I've come so far and I'm understanding so much
>> more,
>> but I am still just so far away from getting anything to actually WORK!
>> It's just so frustrating...  On the plus side, I have now discovered
>> strace.
>> It has helped me fix a few errors these past few days.  :)
>> Any help you can give is greatly appreciated!
> Check your permissions on /etc/nsswitch.conf /etc/ldap.conf, that's
> usually the prob with "getent passwd" and su
>> Thanks in advance,
>> Phil.
>> _______________________________________________
>> Scottish mailing list
>> Scottish at mailman.lug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/scottish
> _______________________________________________
> Scottish mailing list
> Scottish at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/scottish

More information about the Scottish mailing list