Author Topic: CentOS 7 ldap authentication  (Read 4342 times)

MOSEK

  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +1/-0
    • View Profile
CentOS 7 ldap authentication
« on: November 13, 2014, 12:27:39 pm »
Hello all

How do I get a CentOS 7 client to authenticate against my zentyal DC via ldap?

Anyone can give me the configs needed and a how-to guide? I tried with samba-winbind already but that solution got me wrong id's for the users and group.
I got an ubuntu client authenticating with ldap, and that works just fine, but I can't do the same configurations on the centos as I did on ubuntu, so now I need help

cheers
« Last Edit: November 13, 2014, 12:33:27 pm by MOSEK »

MOSEK

  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +1/-0
    • View Profile
Re: CentOS 7 ldap authentication
« Reply #1 on: November 18, 2014, 01:06:43 pm »
I will just post the configurations, that i'm working on so far. I still haven't got it working, but I think i'm close.

/etc/openldap/ldap.conf and /etc/ldap.conf:
Code: [Select]
TLS_CACERTDIR /etc/openldap/cacerts

# Turning this off breaks GSSAPI used with krb5 when rdns = false
SASL_NOCANON on
URI ldap://172.16.0.5:390
BASE dc=mosek,dc=zentyal

/etc/nsswitch.conf:
Code: [Select]
passwd:     files sss ldap
shadow:     files sss ldap
group:      files sss ldap
#initgroups: files

#hosts:     db files nisplus nis dns
hosts:      files dns

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files     

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   files ldap

publickey:  nisplus

automount:  files ldap
aliases:    files nisplus

/etc/nslcd.conf:
Code: [Select]
uid nslcd
gid ldap

uri ldap://172.16.0.5:390

ldap_version 3

base dc=mosek,dc=zentyal

binddn cn=zentyalro,dc=mosek,dc=zentyal
bindpw ig7k77MY@lVxsXWBGcI8

scope sub

base   group  ou=Groups,dc=mosek,dc=zentyal
base   passwd ou=Users,dc=mosek,dc=zentyal
base   shadow ou=Computers,dc=mosek,dc=zentyal

i tried running nslcd in dbug mode:
Code: [Select]
[root@centosy ~]# nslcd -d
nslcd: DEBUG: add_uri(ldap://172.16.0.5:390)
nslcd: version 0.8.13 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such file or directory
nslcd: DEBUG: initgroups("nslcd",55) done
nslcd: DEBUG: setgid(55) done
nslcd: DEBUG: setuid(65) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=2640 uid=0 gid=0
nslcd: [8b4567] <sess_o="root"> DEBUG: nslcd_pam_sess_o("root","crond","cron","","")
nslcd: [7b23c6] DEBUG: connection from pid=2640 uid=0 gid=0
nslcd: [7b23c6] <sess_c="root"> DEBUG: nslcd_pam_sess_c("root","crond",12345)



If any of you guys can see something wrong with the config, please say so. I really need to get it working
« Last Edit: November 18, 2014, 02:17:25 pm by MOSEK »

adhidash

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: CentOS 7 ldap authentication
« Reply #2 on: August 12, 2015, 06:25:22 am »
Hi how do you manage to use Ubuntu with LDAP authentication ?

i'm using Ubuntu client 14.04 and Zentyal Server 4.1, and the process is hard,
because the binddn and bindpw keep on rejected.

I've tried zentyal, zentyalro, administrator but still got LDAP login failure

could you guide me on this ?


jbahillo

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1444
  • Karma: +77/-2
    • View Profile
Re: CentOS 7 ldap authentication
« Reply #3 on: September 18, 2015, 01:44:14 pm »
zentyal and zentyalro are users which only exist on versions lower than 3.4

For newer versions you need to use any user you may have created on samba module. You may use ldbsearch -H /var/lib/samba/private/samb.ldb dn -b "CN=Users, dc=your,dc=domain,dc=tld" in order to grab the DN's for those who currently exist