Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Opensuse 13.1 - Cannot login with LDAP user as a client

  1. #1
    Join Date
    Jul 2008
    Location
    Hungary
    Posts
    12

    Default Opensuse 13.1 - Cannot login with LDAP user as a client

    Hi All!

    I am a very very old SuSE user and I have a very very small problem I have never had before:

    I've installed a the new Opensuse 13.1 for a machine and I wanted to connect to our ldap-server to authenticate users and much more. So I started Yast, installed sssd and gave the required informations for ldap authentication ( server, basedn,etc ). We do not have ssl on the ldap server!

    All went well: Yast installed the required software packages and said to use the new authentication feature it is better to restart the machine. I did it. After the restart the problems start:

    - I cannot log in on ttys and kdm login window with the ldap users. None of them.
    - If I log in as root and ask for a user with "id" it gaves back the correct datas for the specified user from ldap.
    - If I log in as root and make a "su" to a user existing in the ldap. It works great. It creates the necessary home directory too with the right permissions I've set up at install
    - I can search the database with various ldapsearch commands, so it seems that the server is available for this machine too.
    - I need pam_mount but I did not tried it at all.......

    I tried to drop sssd and installed nss_ldap and pam_ldap but they absolutelly do not work. I do not know why..... If created /etc/ldap.conf file corresponding to old files on former suse installs. On the older machines the nss_ldap and pam_ldap work well ( relesases: 12.1, 11.3, 11.1 ). But 13.1 seems like ignoring pam_ldap.so lines in the pam file ( /etc/pam.d/...... ) and a more weird behaviour is that the "id" command also does not work.

    - Can anyone know what happened with nss_ldap and pam_ldap in this new version?
    - Can anyone know why sssd does not work fully but half a way ( only "id" and "su" works )?
    - How can I get to a documentation in details ?
    - Is it a normal operation or is it a bug? If it will not work I have to change the distrib. Ubuntu works well with LDAP.

    Thanks in advance,
    János

  2. #2

    Default Re: Opensuse 13.1 - Cannot login with LDAP user as a client

    Same problem here, did you find any solution?

  3. #3

    Default Re: Opensuse 13.1 - Cannot login with LDAP user as a client

    Ohh, I just forgot install the nss_ldap package...

    Everything works well for me. I followed this steps:

    1. cat old ldap.conf > /etc/ldap.conf
    2. pam-config --add --ldap
    3. "compat ldap" to passwd & group in /etc/nsswitch.conf
    4. insert "session optional pam_mkhomedir.so umask=0077 skel=/etc/skel/" to the first line (of course after the comments) in /etc/pam.d/common-session

    nscd
    getent passwd

    Voálá!

    I have some issues on KDE gui, but I think I will fix that in a few minutes.

  4. #4
    Join Date
    Jul 2008
    Location
    Hungary
    Posts
    12

    Default Re: Opensuse 13.1 - Cannot login with LDAP user as a client

    Quote Originally Posted by vola View Post
    Ohh, I just forgot install the nss_ldap package...

    Everything works well for me. I followed this steps:

    1. cat old ldap.conf > /etc/ldap.conf
    2. pam-config --add --ldap
    3. "compat ldap" to passwd & group in /etc/nsswitch.conf
    4. insert "session optional pam_mkhomedir.so umask=0077 skel=/etc/skel/" to the first line (of course after the comments) in /etc/pam.d/common-session

    nscd
    getent passwd

    Voálá!

    I have some issues on KDE gui, but I think I will fix that in a few minutes.
    OOOOOPS! I'll try this! Thanks. But I1ve installed nss_ldap beside the pam_ldap package..... The steps you write missing at my side.
    Thanks


    If it helps or not I'll reflect!

    János

  5. #5
    Join Date
    Jul 2008
    Location
    Hungary
    Posts
    12

    Default Re: Opensuse 13.1 - Cannot login with LDAP user as a client

    Quote Originally Posted by vola View Post
    Ohh, I just forgot install the nss_ldap package...

    Everything works well for me. I followed this steps:

    1. cat old ldap.conf > /etc/ldap.conf
    2. pam-config --add --ldap
    3. "compat ldap" to passwd & group in /etc/nsswitch.conf
    4. insert "session optional pam_mkhomedir.so umask=0077 skel=/etc/skel/" to the first line (of course after the comments) in /etc/pam.d/common-session

    nscd
    getent passwd

    Voálá!

    I have some issues on KDE gui, but I think I will fix that in a few minutes.
    Dear ALL!

    I have tried what vola wrote and it works! Here is the full list of steps ( it's doesn't matter if you installled sssd or not )

    1. zypper install pam_ldap nss_ldap
    2. edit /etc/ldap.conf for your needs. LDAP-server and its settings, etc.
    3. same as vola's 3rd row: "compat ldap" to passwd & group in /etc/nsswitch.conf
    4. same as vola's 2nd row: pam-config --add --ldap
    5. same as vola's 4th row: insert "session optional pam_mkhomedir.so umask=0077 skel=/etc/skel/" to the first line (of course after the comments) in /etc/pam.d/common-session

    So it works well but there's a problem: has someone meet the problem if one uses LDAP mozilla thunderbird crases at startup? The problem: Thunderbird uses the deprecated getpwent() function which will not give back any information anymore if one's users are in the LDAP-database! If you run this command:

    getent passwd | grep USERNAME >> /etc/passwd

    Thunderbird starts to work again! HOW CAN I GET IT FIXED????? Why does Thunderbird require the user existence in /etc/passwd file????

    Thanks,
    János

  6. #6

    Default Re: Opensuse 13.1 - Cannot login with LDAP user as a client

    I found a solution to this Thunderbird problem in a Bugzilla ticket:

    ln -s /usr/lib64/libldap-2.4.so.2.8.5 /usr/lib64/thunderbirdlibldap60.so (the first version number can be different)

    Here is the full topic: https://bugzilla.mozilla.org/show_bug.cgi?id=708222
    Comment 7 and 8 gave me the idea.

    But after an thunderbird update this change can be lost... or you can write a cronjob to be sure this soft link remains after every reboot!

  7. #7
    Join Date
    Jul 2008
    Location
    Hungary
    Posts
    12

    Default Re: Opensuse 13.1 - Cannot login with LDAP user as a client

    Thank you!
    I'll try this as soos as possible!


    Quote Originally Posted by vola View Post
    I found a solution to this Thunderbird problem in a Bugzilla ticket:

    ln -s /usr/lib64/libldap-2.4.so.2.8.5 /usr/lib64/thunderbirdlibldap60.so (the first version number can be different)

    Here is the full topic: https://bugzilla.mozilla.org/show_bug.cgi?id=708222
    Comment 7 and 8 gave me the idea.

    But after an thunderbird update this change can be lost... or you can write a cronjob to be sure this soft link remains after every reboot!

  8. #8
    Join Date
    Jul 2008
    Location
    Hungary
    Posts
    12

    Default [RESOLVED] Re: Opensuse 13.1 - Cannot login with LDAP user as a client

    Dear Vola!

    It is fantastic! It works! Here is the full list anyone has to do if has got this idiotic situation:

    1) Rename the "real" /usr/lib/thunderbird/libldap60.so file to /usr/lib64/thunderbird/libldap60.so.ori or any name you want
    2) Make the link Vola mentioned..... ln -s /usr/lib64/libldap-2.4.so.2.8.5 /usr/lib64/thunderbird
    3) Start Thunderbird. You made it!!!!

    It is absolutely unbelievable that this problem has been living for long long years. I cannot belive it couldn't be fixed for years....

    Thanks a lot, Vola!
    János



    Quote Originally Posted by gallaij View Post
    Thank you!
    I'll try this as soos as possible!

  9. #9

    Default Re: Opensuse 13.1 - Cannot login with LDAP user as a client

    Hi,

    I had a different problem with sssd and found your thread via search.

    My problem was, that ldap users or groups did not show up with getent passwd or getent group.
    Since this is my standard "it works" check I discarded sssd and went back to normal ldap.

    Finally I found by chance that su works anyways and I had to switch on enumeration (via yast ldap client config or directly in /etc/sssd/sssd.conf) for getent to work.

    I can report, that gdm or su login for ldap users works with sssd. If you want to try again and need a config example, let me know (but expect delays).

  10. #10

    Default Re: Opensuse 13.1 - Cannot login with LDAP user as a client

    Would you be so nice to share your config for ldap+sssd ? Still struggling to make it work.

    Quote Originally Posted by joba1 View Post
    Hi,

    I had a different problem with sssd and found your thread via search.

    My problem was, that ldap users or groups did not show up with getent passwd or getent group.
    Since this is my standard "it works" check I discarded sssd and went back to normal ldap.

    Finally I found by chance that su works anyways and I had to switch on enumeration (via yast ldap client config or directly in /etc/sssd/sssd.conf) for getent to work.

    I can report, that gdm or su login for ldap users works with sssd. If you want to try again and need a config example, let me know (but expect delays).

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •