Author Topic: HOWTO: Ubuntu client with LDAP authentication and pam_mount for mounting $HOME  (Read 100863 times)

adhidash

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Yep it appears. :P

Sand_man

  • Zen Samurai
  • ****
  • Posts: 280
  • Karma: +24/-0
    • View Profile
Hmm ... I do not understand how it is connected, but I also could not go to the new computer - an incorrect password. Changed file sssd.conf - "debug_level = 10" in section [domain/zentyal-domain.lan] to view the error and after that it worked O_o
Then debug_level possible to reduce back.
Miracles
« Last Edit: September 15, 2015, 11:15:57 am by Sand_man »

morphy_richards

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +0/-0
    • View Profile
Hello it's me again.
Can anyone confirm if this (standard or Debian/Raspbian) method also works with Debian 8?

(I'm using the same old Zentyal server but I now have 100-odd old desktop PCs instead of Raspberry Pis. I'm struggling to even get
Code: [Select]
id myusername to work, ut given my track record I was just wondering if anyone else has it working with Jessie?

morphy_richards

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +0/-0
    • View Profile
Further to my last post ...
Code: [Select]
root@debian:/etc# ldapsearch -D "uid=sr,ou=Users,dc=neo,dc=lan"  -LLL  -W  uid=sr  homeDirectory
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

...but I've configured this as I would have done, tried both the setup for an Ubuntu client as well as for a Raspbian client.

morphy_richards

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +0/-0
    • View Profile
Further:
Code: [Select]
root@debian:/etc# ldapsearch -d 1 -v -H ldaps://192.168.0.4:390
ldap_url_parse_ext(ldaps://192.168.0.4:390)
ldap_initialize( ldaps://192.168.0.4:390/??base )
ldap_create
ldap_url_parse_ext(ldaps://192.168.0.4:390/??base)
ldap_pvt_sasl_getmech
ldap_search
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 192.168.0.4:390
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying 192.168.0.4:390
ldap_pvt_connect: fd: 4 tm: -1 async: 0
attempting to connect:
connect success
TLS: can't connect: The TLS connection was non-properly terminated..
ldap_msgfree
ldap_err2string
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
additional info: The TLS connection was non-properly terminated.

I assume that this bit:
Quote
dap_pvt_connect: fd: 4 tm: -1 async: 0
attempting to connect:
connect success
means I am at least part of the way there?

morphy_richards

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +0/-0
    • View Profile
I'm becoming more confused. I know that Udo's method works because I have done this successfully using these exact steps for Ubuntu as well as for raspian.
But how can I be accessing LDAP on port 390 when I scan the ports on my zentyal server I get:?
Code: [Select]
Starting Nmap 6.47 ( http://nmap.org ) at 2015-12-14 01:03 GMT
Nmap scan report for 192.168.0.4
Host is up (0.00018s latency).
Not shown: 979 filtered ports
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
53/tcp   open  domain
88/tcp   open  kerberos-sec
110/tcp  open  pop3
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
143/tcp  open  imap
389/tcp  open  ldap
443/tcp  open  https
445/tcp  open  microsoft-ds
464/tcp  open  kpasswd5
465/tcp  open  smtps
587/tcp  open  submission
631/tcp  open  ipp
636/tcp  open  ldapssl
993/tcp  open  imaps
995/tcp  open  pop3s
1024/tcp open  kdm
3268/tcp open  globalcatLDAP
3269/tcp open  globalcatLDAPssl
MAC Address: 00:21:5A:51:FC:18 (Hewlett-Packard Company)

Nmap done: 1 IP address (1 host up) scanned in 26.00 seconds
root@debian:/etc#


Port 390 is not there.

In the meantime, I am still able to login with my zentyal credentials at
uri ldap://192.168.0.4:390.

I'm puzzled because I'm trying to work out why I cannot accomplish this in Debian 8 and have just noticed that port 390 does not seem to be open even though I have it specified and working on another system as above.

morphy_richards

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +0/-0
    • View Profile
Nope. I'm officially still an idiot!
Everything is fine, sorry about all the noise.
Just- follow the Debian how-to lower down page 1 after Udo's original post.

I am still mystified by the port 390 thing as it doesn’t appear to be open, seems to use 389 instead however specifying 390 still works.
I will now go and sit in the corner of the shame for one hundred years.