Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1
Installation and Upgrades / Re: HOWTO: Ubuntu client with LDAP authentication and pam_mount for mounting $HOME
« on: December 16, 2015, 12:37:39 pm »
Nope. I'm officially still an idiot!
Everything is fine, sorry about all the noise.
Just- follow the Debian how-to lower down page 1 after Udo's original post.
I am still mystified by the port 390 thing as it doesn’t appear to be open, seems to use 389 instead however specifying 390 still works.
I will now go and sit in the corner of the shame for one hundred years.
Everything is fine, sorry about all the noise.
Just- follow the Debian how-to lower down page 1 after Udo's original post.
I am still mystified by the port 390 thing as it doesn’t appear to be open, seems to use 389 instead however specifying 390 still works.
I will now go and sit in the corner of the shame for one hundred years.
2
Installation and Upgrades / Re: HOWTO: Ubuntu client with LDAP authentication and pam_mount for mounting $HOME
« on: December 16, 2015, 11:38:58 am »
I'm becoming more confused. I know that Udo's method works because I have done this successfully using these exact steps for Ubuntu as well as for raspian.
But how can I be accessing LDAP on port 390 when I scan the ports on my zentyal server I get:?
Port 390 is not there.
In the meantime, I am still able to login with my zentyal credentials at
uri ldap://192.168.0.4:390.
I'm puzzled because I'm trying to work out why I cannot accomplish this in Debian 8 and have just noticed that port 390 does not seem to be open even though I have it specified and working on another system as above.
But how can I be accessing LDAP on port 390 when I scan the ports on my zentyal server I get:?
Code: [Select]
Starting Nmap 6.47 ( http://nmap.org ) at 2015-12-14 01:03 GMT
Nmap scan report for 192.168.0.4
Host is up (0.00018s latency).
Not shown: 979 filtered ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
88/tcp open kerberos-sec
110/tcp open pop3
135/tcp open msrpc
139/tcp open netbios-ssn
143/tcp open imap
389/tcp open ldap
443/tcp open https
445/tcp open microsoft-ds
464/tcp open kpasswd5
465/tcp open smtps
587/tcp open submission
631/tcp open ipp
636/tcp open ldapssl
993/tcp open imaps
995/tcp open pop3s
1024/tcp open kdm
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
MAC Address: 00:21:5A:51:FC:18 (Hewlett-Packard Company)
Nmap done: 1 IP address (1 host up) scanned in 26.00 seconds
root@debian:/etc#
Port 390 is not there.
In the meantime, I am still able to login with my zentyal credentials at
uri ldap://192.168.0.4:390.
I'm puzzled because I'm trying to work out why I cannot accomplish this in Debian 8 and have just noticed that port 390 does not seem to be open even though I have it specified and working on another system as above.
3
Installation and Upgrades / Re: HOWTO: Ubuntu client with LDAP authentication and pam_mount for mounting $HOME
« on: December 15, 2015, 04:59:54 pm »
Further:
I assume that this bit:
Code: [Select]
root@debian:/etc# ldapsearch -d 1 -v -H ldaps://192.168.0.4:390
ldap_url_parse_ext(ldaps://192.168.0.4:390)
ldap_initialize( ldaps://192.168.0.4:390/??base )
ldap_create
ldap_url_parse_ext(ldaps://192.168.0.4:390/??base)
ldap_pvt_sasl_getmech
ldap_search
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 192.168.0.4:390
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying 192.168.0.4:390
ldap_pvt_connect: fd: 4 tm: -1 async: 0
attempting to connect:
connect success
TLS: can't connect: The TLS connection was non-properly terminated..
ldap_msgfree
ldap_err2string
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
additional info: The TLS connection was non-properly terminated.I assume that this bit:
Quote
dap_pvt_connect: fd: 4 tm: -1 async: 0means I am at least part of the way there?
attempting to connect:
connect success
4
Installation and Upgrades / Re: HOWTO: Ubuntu client with LDAP authentication and pam_mount for mounting $HOME
« on: December 15, 2015, 04:32:29 pm »
Further to my last post ...
...but I've configured this as I would have done, tried both the setup for an Ubuntu client as well as for a Raspbian client.
Code: [Select]
root@debian:/etc# ldapsearch -D "uid=sr,ou=Users,dc=neo,dc=lan" -LLL -W uid=sr homeDirectory
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)...but I've configured this as I would have done, tried both the setup for an Ubuntu client as well as for a Raspbian client.
5
Installation and Upgrades / Re: HOWTO: Ubuntu client with LDAP authentication and pam_mount for mounting $HOME
« on: December 15, 2015, 04:02:35 pm »
Hello it's me again.
Can anyone confirm if this (standard or Debian/Raspbian) method also works with Debian 8?
(I'm using the same old Zentyal server but I now have 100-odd old desktop PCs instead of Raspberry Pis. I'm struggling to even get
Can anyone confirm if this (standard or Debian/Raspbian) method also works with Debian 8?
(I'm using the same old Zentyal server but I now have 100-odd old desktop PCs instead of Raspberry Pis. I'm struggling to even get
Code: [Select]
id myusername to work, ut given my track record I was just wondering if anyone else has it working with Jessie?
6
Installation and Upgrades / Re: Bulk LDAP users - how to avoid password expiration?
« on: March 05, 2015, 12:47:28 pm »
Many thanks
7
Installation and Upgrades / Bulk LDAP users - how to avoid password expiration?
« on: February 26, 2015, 11:51:53 am »
I am using Zentyal in a school to manage pupils logins on a small LAN for the subject I teach.
I'm using the LDAP / kerberos module for this, approximately a year ago I bulk created students accounts but en-masse their logins are now expiring. This leaves them unable to access their home directories or startx etc.
Once a login has expired, currently the only way I can renew it is to access individual user details via the web interface and reset the password. This solves the problem but what was a trickle has turned into a torrent of children requiring resets.
Is there any way I can change the settings of all users (including those whose logins have already expired) so that this no longer an issue?
I'm using the LDAP / kerberos module for this, approximately a year ago I bulk created students accounts but en-masse their logins are now expiring. This leaves them unable to access their home directories or startx etc.
Once a login has expired, currently the only way I can renew it is to access individual user details via the web interface and reset the password. This solves the problem but what was a trickle has turned into a torrent of children requiring resets.
Is there any way I can change the settings of all users (including those whose logins have already expired) so that this no longer an issue?
8
Installation and Upgrades / Re: HOWTO: Debian / Wheezy / Raspbian + LDAP for $HOME
« on: November 18, 2013, 11:46:57 am »Hi again,I take that back, it was just my incompetence again.
seem to be having some bother with the nss part of this...
ps.
I did have some fun when I tried to ssh to my server from the Pi I had broken nss on. It told me "you don't exist, go away!"
Somewhere in that statement I wondered if there might be the answer to life the universe and everything.
9
Installation and Upgrades / Re: HOWTO: Debian / Wheezy / Raspbian + LDAP for $HOME
« on: November 14, 2013, 02:25:57 pm »
Hi again,
seem to be having some bother with the nss part of this...
pi@raspberrypi ~ $ id ldap_test_user
id:ldap_test_user: No such user
pi@raspberrypi ~ $ id pi
id: pi: No such user
Furthermore ... trying to put my nsswitch.conf file back
pi@raspberrypi ~ $ sudo cp /etc/nsswitch.conf~ /etc/nsswitch.conf
sudo: unknown uid 1000: who are you?
I did try a slightly different version of nssconfig too, like this:
Which didnt stop local users like pi from being recognised but didnt seem to help me login with ldap users either?
I have got a separate DNS server to zentyal and my raspberry pi is on a different subnet with port forwarding turned on but I am able to see and resolve the Zentyal server. Also LDAP is enabled in the zentyal firewall (have also tried this with zentyal firewall disabled)
Will reinstall but any ideas what I'm doing wrong (I'm fairly sure the LDAP config bit is right as I have had ldapsearch working)
seem to be having some bother with the nss part of this...
If I change my nsswitch.conf file as above and restart nss I then get ...
Name Service Switch edit /etc/nsswitch.conf :Code: [Select]passwd: files ldap
group: files ldap
shadow: files ldap
nscd needs to get restarted:Code: [Select]# /etc/init.d/nscd restart
Restarting Name Service Cache Daemon: nscd.
Test:Code: [Select]id kb
uid=2006(kb) gid=1901(__USERS__)
pi@raspberrypi ~ $ id ldap_test_user
id:ldap_test_user: No such user
pi@raspberrypi ~ $ id pi
id: pi: No such user
Furthermore ... trying to put my nsswitch.conf file back
pi@raspberrypi ~ $ sudo cp /etc/nsswitch.conf~ /etc/nsswitch.conf
sudo: unknown uid 1000: who are you?
I did try a slightly different version of nssconfig too, like this:
Code: [Select]
passwd: files ldap
group: files ldap
shadow: files ldap
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
Which didnt stop local users like pi from being recognised but didnt seem to help me login with ldap users either?
I have got a separate DNS server to zentyal and my raspberry pi is on a different subnet with port forwarding turned on but I am able to see and resolve the Zentyal server. Also LDAP is enabled in the zentyal firewall (have also tried this with zentyal firewall disabled)
Will reinstall but any ideas what I'm doing wrong (I'm fairly sure the LDAP config bit is right as I have had ldapsearch working)
10
Installation and Upgrades / Re: HOWTO: Ubuntu client with LDAP authentication and pam_mount for mounting $HOME
« on: September 24, 2013, 10:52:21 am »
Looks like that was it, can now login using an all lowercase new userid. (Sadly I've also broken the LTSP part of my network as well and with a lesson this afternoon where I was planning to use it pressure is on to fix that quickly too - that's my bad). Thanks for your help Udo! 
11
Installation and Upgrades / Re: HOWTO: Ubuntu client with LDAP authentication and pam_mount for mounting $HOME
« on: September 23, 2013, 06:37:58 pm »
Thanks again I'll give that a try tomorrow morning 
12
Installation and Upgrades / Re: HOWTO: Ubuntu client with LDAP authentication and pam_mount for mounting $HOME
« on: September 23, 2013, 05:57:29 pm »
Hi, after coming back and rebooting my system after the summer break i have encountered another problem. Trying to resolve it I did the following...
Doing this with my test1 account results in a successful mount in /mnt
However, I have a new user I have just added (PAM is enabled in Zentyal)
If I look in /home on my local machine I see:
Additionally, ssh'ing into the local machine:
I get the old "Could not chdir to home directory /home/AdamM2013: No such file or directory" error message.
However this time I do have Samba enabled and my PAM mount xml file is correct.
I can do:
Bit confused, any more pointers for debugging would be helpful.
One more thing, although I don’t think it's related, I get a "waiting for network configuration ... waiting 60 more seconds for network configuration" message when I boot the local machine. Cant see what is causing this.
Okay. Two debugging paths needs to get checked: a) pam and b) basic mount capabilitiesCode: [Select]mount -t cifs //192.168.0.4/exampleusername /mnt -o username=exampleusernameYou'll get a password prompt. On success /mnt should contain that users $HOME. On error: what is the error message?
Doing this with my test1 account results in a successful mount in /mnt
However, I have a new user I have just added (PAM is enabled in Zentyal)
Code: [Select]
root@lovelace:~# mount -t cifs //192.168.0.4/AdamM2013 /mnt -o username=AdamM2013
Password:
Retrying with upper case share name
mount error(6): No such device or address
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
If I look in /home on my local machine I see:
Code: [Select]
root@lovelace:~# ls /home
localtest lovelace_admin test1
root@lovelace:~#
There is no folder being made for AdamM2013Additionally, ssh'ing into the local machine:
I get the old "Could not chdir to home directory /home/AdamM2013: No such file or directory" error message.
However this time I do have Samba enabled and my PAM mount xml file is correct.
I can do:
Code: [Select]
root@lovelace:~# id AdamM2013
uid=51134(AdamM2013) gid=1901(__USERS__) groups=51108(SRCompSci2013),1901(__USERS__)
...too.Bit confused, any more pointers for debugging would be helpful.
One more thing, although I don’t think it's related, I get a "waiting for network configuration ... waiting 60 more seconds for network configuration" message when I boot the local machine. Cant see what is causing this.
13
Installation and Upgrades / Re: HOWTO: Ubuntu client with LDAP authentication and pam_mount for mounting $HOME
« on: July 25, 2013, 09:49:20 am »
Hello it's me again 
I was just wondering if anyone has tried getting this to work with a raspberry pi running Debian?
I did have a short try using the Debian instructions further back in this thread but some of the packages (cant remember which ones precisely) don't work with apt-get under Rasbian.
As a nice alternative you can login normally to a r-pi using the out of the box login and then use sshfs to mount a home directory on the pi, but nevertheless it would be nice. Just a query really.
Thanks again for making this excellent operating system and for maintaining this great community.
Best regards
I was just wondering if anyone has tried getting this to work with a raspberry pi running Debian?
I did have a short try using the Debian instructions further back in this thread but some of the packages (cant remember which ones precisely) don't work with apt-get under Rasbian.
As a nice alternative you can login normally to a r-pi using the out of the box login and then use sshfs to mount a home directory on the pi, but nevertheless it would be nice. Just a query really.
Thanks again for making this excellent operating system and for maintaining this great community.
Best regards
14
Installation and Upgrades / Re: HOWTO: Ubuntu client with LDAP authentication and pam_mount for mounting $HOME
« on: July 10, 2013, 03:36:05 pm »
Stop Press!!!
It's all good now!
I hadnt changed the ip address in the pam_mount config file.
Everything appears to work now.
You are all excellent people, fortune bless you all
edit - yep. ssh test1 login to edubuntu server and make a test file, then ssh into zentyal and I can see it. Finally log in test1 on a thin client and the file is still there.
Fantastic
It's all good now!
I hadnt changed the ip address in the pam_mount config file.
Everything appears to work now.
You are all excellent people, fortune bless you all
edit - yep. ssh test1 login to edubuntu server and make a test file, then ssh into zentyal and I can see it. Finally log in test1 on a thin client and the file is still there.
Fantastic
15
Installation and Upgrades / Re: HOWTO: Ubuntu client with LDAP authentication and pam_mount for mounting $HOME
« on: July 10, 2013, 03:32:09 pm »
Interesting.
I installed cifs-utils on the zentyal server which prompted me that a newer version is available and would I like to keep my current smb.conf (which I did)
I was then able to do mount -t cifs //192.168.0.4/test1 /mnt -o username=test1 locally in a shell on the actual zentyal server itself.
cifs-utils is already the newest version on the edubuntu server itself and
ssh test1@lovelace still results in "Could not chdir to home directory /home/test1: No such file or directory"
Trying mount -t cifs //192.168.0.4/test1 /mnt -o username=test1 on the edubuntu server results in
I installed cifs-utils on the zentyal server which prompted me that a newer version is available and would I like to keep my current smb.conf (which I did)
I was then able to do mount -t cifs //192.168.0.4/test1 /mnt -o username=test1 locally in a shell on the actual zentyal server itself.
cifs-utils is already the newest version on the edubuntu server itself and
ssh test1@lovelace still results in "Could not chdir to home directory /home/test1: No such file or directory"
Trying mount -t cifs //192.168.0.4/test1 /mnt -o username=test1 on the edubuntu server results in
Code: [Select]
root@lovelace:~# mount -t cifs //192.168.0.4/test1 /mnt -o username=test1
Password:
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
Not sure what to make of that (because I'm about as green with this as you can actually get)