[Techtalk] Re: [Newchix] OpenLDAP Client configuration???? no clue

Karina khould at technicaldirection.com.au
Mon Oct 25 09:16:26 EST 2004 

thank you again Devdas

yes the LADP server has been configured and all is working well on the 
server side
the client side for the Macintosh systems are working like a charm.

on the Linux side, the e-mail LDAP connection is working perfectly, just 
the login to the Linux box is not authenticating.

in my ldap.conf file the settings are there,
the system-auth file is not in the pam.d directory, I will look for this 
today.

I agree once I get the LDAP working I will focus on the Kiosk aspect of 
the setup... all one step at a time.

with regards to explanations going over my head... I appreciate what you 
are saying with regards to limited knowledge with Linux, however, I 
would love to hear your explanation so that I may be able to understand 
more, and ask questions accordingly.

one of the problems I am conceptually trying to sort out, is not How 
LDAP works, it is where all the files are located that need modification.

I my conceptual issue is where doe login get it's information on where 
to look for the Authentication for LDAP.

anyways... I am not discouraged, and I will get this going one way or 
another <smile>
and your help is priceless.. <more more more> <smile>


thank you

Karina


Devdas Bhagat wrote:

>On 21/10/04 08:59 +1000, Karina wrote:
>
>Sending to Techtalk. Reply-To set, please reply to list only. Hitting
>Reply on this message should be sufficient.
>
>Reply contents inline.
>
>  
>
>><smile> thank you Devdas,
>>
>>the purpose of the Linux "dumb terminal" is for students to log into the 
>>web mail and surf the web in a central location.
>>we would like them to log into the machines with there e-mail user name 
>>and password, located in ldap.
>>and we would like to keep it as simple as possible.
>>    
>>
>
>This is mostly a kiosk mode requirement, with the additional requirement
>of authentication from a directory server for the initial access.
>
>  
>
>>I have managed to setup the details for the LDAP Client, using the LDAP 
>>Client setup within YaST, the GUI configuration tool, and I am now at a 
>>section that requires me to do Module Configuration, where I edit the 
>>attributes and values.
>>
>>which I think is a good place to be <smile>
>>    
>>
>
>So have you managed to get the authentication with LDAP working?
>I /could/ tell you here about the generic way of implementing LDAP
>authentication, but I suspect that with the skill level you claim, my
>explanation is going to fly right over your head.
>This isn't meant to disparage/discourage you, but LDAP on Linux isn't 
>the easiest thing to do without a friendly client, and I have no YaST
>experience.
>
>My favorite tool is the Java based LDAP browser at
>http://www.iit.edu/~gawojar/ldap/download.html .
>
>  
>
>>Within the eMac LDAP configuration we had to do the attributes mapping 
>>we could import them with an ldif file, and once we got that sorted, we 
>>were able to copy it over to the other macs...
>>    
>>
>
>The same configuration /should/ work on Linux. Actually, for your
>purposes you should not need to have any LDIF files floating around.
>
>  
>
>>as I am kind of new to Linux, in the sense that I have almost no clue 
>>were the configuration files are, and i have limited skills in creating 
>>scripts, I decided to search and find resources to help me along...
>>    
>>
>
>Authenticating from LDAP (or any networked service) involves setting up
>the authentication server and loading the relevant data into it. The
>next step is to configure the client to do that.
>
>I will assume that your centralized directory has already been setup and
>works, with relevant accounts already entered in.
>
>The config file you need to edit is /etc/ldap.conf. There may be
>friendly frontends to this, but you should be able to figure those out.
>
>Parameters in /etc/ldap.conf are whitespace separated.
># starts a comment, which continues till the end of the line.
>
>The important parameters you need to set:
>
>host 	<hostname or IP of the LDAP server.
>base	<the basedn of your directory>
>
>For most purposes, the remaining parameters should be valid. That,
>however, will depend on the configuration of your directory server and
>the specific objectclasses and attributes you are using.
>
>Then add to the /etc/pam.d/system-auth (or equivalent config file on
>SuSE) (lines will wrap)
>
>auth        sufficient    /lib/security/pam_ldap.so use_first_pass
>account     [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/pam_ldap.so
>password    sufficient    /lib/security/pam_ldap.so use_authtok
>session     optional      /lib/security/pam_ldap.so
>
>You may have to change the use_first_pass directive on the first line to
>try_first_pass for authentication to work.
>
>Once you have LDAP authentication working from a normal PC, then you can
>work on the Kiosk part of the setup.
>
>I hope this helps
>
>Devdas Bhagat
>
>  
>
>>newchix mailing list was my first step... and i am still learning <smile>
>>I have posted this in techtalk as well
>>
>>thank you again for your reply
>>
>>
>>
>>Devdas Bhagat wrote:
>>
>>    
>>
>>>On 20/10/04 12:02 +1000, Karina wrote:
>>> 
>>>
>>>      
>>>
>>>>Hello all,
>>>>
>>>>just wondering if anyone can help me here,
>>>>I am looking to setup some Linux desktop machines for basic "dumb 
>>>>terminal" usage with authentication to the LDAP server...
>>>>   
>>>>
>>>>        
>>>>
>>>Since you are asking on newchix rather than techtalk, I will assume that
>>>you aren't really familiar with Linux, or Unix.
>>>
>>> 
>>>
>>>      
>>>
>>>>and I have No clue where to start looking.
>>>>   
>>>>
>>>>        
>>>>
>>>Depending on the purpose of the setup, you may find the Linux Terminal
>>>Server Project ( http://www.ltsp.org/ ), or the Kiosk mode setups 
>>>(http://kiosk.mozdev.org/ or http://www.kde.org/997748764/ )
>>>
>>> 
>>>
>>>      
>>>
>>>>I am using SuSE 9.1,  and I have set YaST Ldap client with the 
>>>>appropriate details and well that is as far as I have managed to get...
>>>>   
>>>>
>>>>        
>>>>
>>>You appear to have two requirements:
>>>
>>>Single sign on with LDAP
>>>Terminal servers/dumb terminals/diskless nodes
>>>
>>>Given the disclaimer I trimmed, I have no real idea of the purpose
>>>behind these systems, but if you can provide some details of the
>>>intended purpose of the systems, I think we could help you better.
>>>
>>>Devdas Bhagat
>>>_______________________________________________
>>>Newchix mailing list
>>>Newchix at linuxchix.org
>>>http://mailman.linuxchix.org/mailman/listinfo/newchix
>>>'Reply' goes to the original sender. Use 'reply-to-list' if it's available.
>>>
>>> 
>>>
>>>      
>>>
>>-- 
>>UTS CRICOS Provider Code:  00099F
>>DISCLAIMER: This email message and any accompanying attachments may contain
>>confidential information.  If you are not the intended recipient, do not
>>read, use, disseminate, distribute or copy this message or attachments.  If
>>you have received this message in error, please notify the sender immediately
>>and delete this message. Any views expressed in this message are those of the
>>individual sender, except where the sender expressly, and with authority,
>>states them to be the views the University of Technology Sydney. Before
>>opening any attachments, please check them for viruses and defects.
>>    
>>
>_______________________________________________
>Newchix mailing list
>Newchix at linuxchix.org
>http://mailman.linuxchix.org/mailman/listinfo/newchix
>'Reply' goes to the original sender. Use 'reply-to-list' if it's available.
>
>  
>


-- 
UTS CRICOS Provider Code:  00099F
DISCLAIMER: This email message and any accompanying attachments may contain
confidential information.  If you are not the intended recipient, do not
read, use, disseminate, distribute or copy this message or attachments.  If
you have received this message in error, please notify the sender immediately
and delete this message. Any views expressed in this message are those of the
individual sender, except where the sender expressly, and with authority,
states them to be the views the University of Technology Sydney. Before
opening any attachments, please check them for viruses and defects.

More information about the Techtalk mailing list