ldap login: fedora 14 client to suse lap server

whych · January 19, 2011, 12:01pm

Sorry if this isn’t strictly an openSUSE question, but I have had no answers on the fedoa forums.

I use a suse ldap server for centralised logins and authentication (believe in centralised login and security for shares, etc.)

Of course all (open)SUSE versions have ladap client authentication built in to yast and have no problem logging in (even on the live versions).
Other distros need a bit of setting up, but also authenticate fine.

I have a fedora fc14 client machine which refuses to authenticate, despite my trying some of the suggestions in their documentation.
Apparently they use sssd to provide local caching to allow users to authenticate locally if the ldap server is down or unobtainable.

Any ideas please?

glistwan · January 19, 2011, 12:15pm

Did You try checking the logs on the authentication server and fc14 ?

Best regards,
Greg

whych · January 20, 2011, 1:20am

Can’t file any logs on the suse authentication server - checked everything in /var/logs and found no records.
Any idea where to find the server logs?

The fc14 ssd logs all report a failure in finding the domain:

(Thu Jan 20 00:19:32 2011) [sssd] [confdb_get_domain_internal] (0): Unknown domain [LOCAL]
(Thu Jan 20 00:19:32 2011) [sssd] [confdb_get_domains] (0): Error (2 [No such file or directory]) retrieving domain [LOCAL], skipping!
(Thu Jan 20 00:19:32 2011) [sssd] [confdb_get_domain_internal] (0): Unknown domain [LDAP]
(Thu Jan 20 00:19:32 2011) [sssd] [confdb_get_domains] (0): Error (2 [No such file or directory]) retrieving domain [LDAP], skipping!

hendersj · January 20, 2011, 2:35am

On Thu, 20 Jan 2011 00:36:02 +0000, whych wrote:

> Can’t file any logs on the suse authentication server - checked
> everything in /var/logs and found no records. Any idea where to find the
> server logs?

They should be in /var/log IIRC.

You might want to do a basic connectivity check and maybe even a trace
with wireshark to see that there is LDAP traffic getting from one system
to the other.

Jim

–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

glistwan · January 20, 2011, 6:45am

I think the OP meant he can’t post the logs here for security concerns.

Best regards,
Greg

whych · January 20, 2011, 8:01pm

@hendersj

They should be in /var/log IIRC.

Looked on the suse server for the logs here, but there is nothing. I have marked heldap server option to log accesses, but don’t know where to look because there is no mention of it in any of the files in /var/log.

The only thing I can find is from the fc14 logs for sssd.

I can connect to the ldap database from the fc14 client using the esdAdmin connection mudule, so connectivity isn’t a problem.

hendersj · January 22, 2011, 12:35am

On Thu, 20 Jan 2011 19:06:02 +0000, whych wrote:

> I can connect to the ldap database from the fc14 client using the
> esdAdmin connection mudule, so connectivity isn’t a problem.

What happens if you use ldapsearch against the ldap server to search for
the user?

I always start once I know connectivity is working properly by using the
openLDAP tools to do queries against the server to see what works and
what doesn’t. For example, if you find that you can’t do a search
against the server as anonymous, it might be that anon binds are disabled
on the server.

OTOH, if you can’t search on 389 but can if you add -ZZ to the ldapsearch
command, you may need to do something with SSL certificates to get things
working.

Jim

–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C