FC2 authentication with Active Directory

• Previous message: Jonathan Berry: "Re: AMD cpu slows down (I think)"
• Next in thread: Klaasjan Brand: "Re: FC2 authentication with Active Directory"
• Reply: Klaasjan Brand: "Re: FC2 authentication with Active Directory"
• Maybe reply: Jim Parker: "RE: FC2 authentication with Active Directory"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sat, 30 Oct 2004 23:44:14 -0500
To: <fedora-list@redhat.com>

Setup:

FC2 on a workstation will all updates.

2 servers running Winblows server 2003 will all updates.

Problem:

I can't for the life of me figure out why I can't authenticate. I see
Kerberos authenticates successfully, but nss_ldap cannot connect to the
LDAP server. I guess it can't query LDAP to see what my UID is and
fails on the uid < 100 for pam_unix.

I modified the PAM files, ldap.conf, and krb5.conf files.

Here are some excerpts from some log files.

Secure:

Oct 28 15:26:42 jparker-dfc2 login[3783]: pam_succeed_if: requirement
"uid < 100" not met by user "jparker"

Oct 28 15:27:06 jparker-dfc2 login[30256]: pam_succeed_if: requirement
"uid < 100" not met by user "jparker"

Messages:

Oct 28 15:26:41 jparker-dfc2 login(pam_unix)[3783]: authentication
failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost= user=jparker
Oct 28 15:26:42 jparker-dfc2 login[3783]: pam_krb5[3783]: authentication
succeeds for 'jparker' (jparker@KBM1.LOC) Oct 28 15:26:42 jparker-dfc2
login[3783]: nss_ldap: could not search LDAP server - Operations error
Oct 28 15:26:42 jparker-dfc2 login[3783]: nss_ldap: could not search
LDAP server - Operations error Oct 28 15:26:42 jparker-dfc2 login[3783]:
pam_ldap: ldap_search_s Operations error Oct 28 15:26:42 jparker-dfc2
pam_winbind[3783]: user 'jparker' granted acces Oct 28 15:26:42
jparker-dfc2 login[3783]: nss_ldap: could not search LDAP server -
Operations error Oct 28 15:26:42 jparker-dfc2 login(pam_unix)[3783]:
session opened for user jparker by LOGIN(uid=0) Oct 28 15:26:42
jparker-dfc2 login[3783]: Permission denied

I'm looking for any and all suggestions. Short of passwords and such,
I'll post whatever you need.

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

• Previous message: Jonathan Berry: "Re: AMD cpu slows down (I think)"
• Next in thread: Klaasjan Brand: "Re: FC2 authentication with Active Directory"
• Reply: Klaasjan Brand: "Re: FC2 authentication with Active Directory"
• Maybe reply: Jim Parker: "RE: FC2 authentication with Active Directory"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Strange Server Behaviour ... Thanks for updates. ... I am Charles the backup of Brandy, as the Brandy is currently sick at home. ... Microsoft CSS Online Newsgroup Support ... | Subject: Re: Strange Server Behaviour ... (microsoft.public.windows.server.sbs) Re: WSUS Client not yet reported ... The client still fails to report. ... Check your server status ... Suggestion 2: Check the IIS settings: ... any updates in your thread. ... (microsoft.public.windows.server.sbs) Re: SUS ... > I have setup a SUS Server on win2k. ... 0-2.reg will not configure your machine to automatically download updates from ... critical updates or service packs that your machine needs. ... It will also ask you if you want to install them, ... (microsoft.public.windows.server.general) RE: New Update for #70-299 ... > Segment A contains a single server named TestKing1. ... > Segment B contains all other computers, ... > TestKing?s written security policy states that Segment B ... > Updates on all computers in Segment B to use ... (microsoft.public.cert.exam.mcse) Re: Homegrown synchronization ... How do you trigger the application of the updates to the server ... The only problem I can see is that you might download the next ... production backend after an update is applied (and I'll probably ... (microsoft.public.access.replication)