LDAP client question

Fri Jan 22 16:23:14 GMT 2010

Well ... I tried following what I thought were the correct instructions for
getting ubuntu to authenticate against my existing ldap server (which is
based on RHEL 5).  After installing auth-config and ldap-auth-config,
answering all of the questions, specifying the existing ldap server using an
IP address ... etc. I couldn't use su - someuser to become that user. The
error was simply "user not found" .. So, I located
http://mcwhirter.com.au/node/25 which also mentioned nsswitch.conf
modifications.  On my CentOS LTSP servers, the changes mentioned exist, so I
added the changes on this ubuntu server. And ... I could then su - someuser
and I was logged in as that user in the correct (nfs-mounted) home
directory.

I then logged out and tried to log in at the console as that user. It
doesn't work.  So ... I ssh'ed into the server as that user which did work.

But, the biggest issue is that prior to all this, I had enabled root login
(by giving the root account a passwd) just in case.  This also was working.
I could either su - root or login as root.  Now, after the changes, I can't
log in as root.  I also cannot even su - root from any account.

So, what did I miss?  Why can't a valid user log in at the console? And why
can't I get a root session?

Sincerely,
Dave Hopkins

On Wed, Jan 20, 2010 at 1:43 PM, Jordan Erickson <
jerickson at logicalnetworking.net> wrote:

> ...aaand, we're getting somewhere potentially. Sounds like we just need
> to say hi to the right people and we can start working toward something
> tangible.
>
>
> https://launchpad.net/~ubuntu-389-directory-server<https://launchpad.net/%7Eubuntu-389-directory-server>(see below IRC snippet)
>
>
> -----
> * Now talking on #ubuntu-server
>
> * Topic for #ubuntu-server is: Ubuntu Server discussion and support |
> For general (not server specific) support visit #ubuntu | Get involved:
> https://wiki.ubuntu.com/ServerTeam/GettingInvolved | Guide to asking
> questions on IRC: http://www.sabi.co.uk/Notes/linuxHelpAsk.html |
> http://www.catb.org/~esr/faqs/smart-questions.html<http://www.catb.org/%7Eesr/faqs/smart-questions.html>| Be patient.  Don't
> ask to ask, just ask. | Doc and resources:
> http://tinyurl.com/ubuntuserverdoc | https://wiki.ubuntu.com/ServerTeam
> * Topic for #ubuntu-server set by soren at Thu Nov 26 13:55:32 2009
> -ChanServ- [#ubuntu-server] Ubuntu Server Discussions (development and
> support)
>
> Lns Hi everyone
>
> Lns I'm coming from the Edubuntu / LTSP community here, decided to add
> #ubuntu-server to my idle chan list ;)
>
> au :)
>
> unit3 heya
>
> Lns Sounds like it'd be a good idea since most LTSP and a lot of
> Edubuntu installs are multi-user and require some heavy lifting (not to
> mention some good tools for admin)
>
> unit3 makes sense.
>
> * robbiew is now known as robbiew-afk
>
> Lns Has anyone got any opinion on a good LDAP setup/admin GUI?
>
> Lns We've been struggling to come up with something for the longest time.
>
> unit3 389 (was fedora) directory server looks nice, but the Ubuntu
> packaging seems to have stalled, so you'd probably have to run it on
> CentOS or Fedora.
>
> unit3 alternatively (and better in the long run) would be to poke at the
> 389 packaging team (https://launchpad.net/~ubuntu-389-directory-server<https://launchpad.net/%7Eubuntu-389-directory-server>
> )
>
> unit3 and get them to update their packages.
>
> unit3 ;)
>
> unit3 hell, help them out. I'm sure it's just a matter of manpower, really.
> -----
>
> So it's #ubuntu-server on freenode... and
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server to subscribe to
> their listserv.
>
> Cheers,
> Jordan
>
>
>
> Jordan Erickson wrote:
> > Scott Balneaves wrote:
> >> On Wed, Jan 20, 2010 at 09:03:43AM -0800, Jordan Erickson wrote:
> >>> David Hopkins wrote:
> >>> *snip*
> >>>> As for questions to the server team ... which
> >>>> list would that be?
> >>> /me thinks the server team would probably get a lot of good ideas from
> >>> the LTSP+Edubuntu communities...
> >> Been there, done that, diiiiiiiiidn't get a whole lot of response.
> >
> > Marketing law states that you must expose XYZ to a potential at *least*
> > 3 times before they will even read it.. I propose we attempt to build an
> > inter-community relationship with the server community.. It couldn't
> > hurt to try, and we have nothing but good people/ideas to gain..
> >
> > https://wiki.ubuntu.com/ServerTeam/GettingInvolved
> >
> >
> >> If I might proffer an opinion....
> >>
> >> LDAP's a "hard" subject.  It's:
> >>
> >> 1) Non-trivial to set up
> >> 2) Infinitely customizable
> >> 3) Lacking any discernable standard as to how you should lay out your
> database
> >>    for authentication.
> >>
> >> So the problem is, every time you poke your head up and say: "Hey guys,
> lets do
> >> X!" you're greeted by a chorus of "Yeah, but what about....", an which
> point
> >> everybody stares at their shoes, goes "Hmmmm, interesting problem <deep
> >> thought>" and the problem disappears off into the sunset for another few
> >> months.
> >>
> >> I'm not blaming them.  LDAP *is* the single largest PITA to
> configure/setup/get
> >> working, and it's deucedly difficult to try to make the "perfect" tool.
> >>
> >> Both RedHat and SkoleLinux solved the problem by saying "You'll do it
> our way
> >> and *like it*!!!!", with the end result that they have something that
> works,
> >> but God help you if you want/need to do something different.  Debian,
> and by
> >> extention Ubuntu, is still waiting for the perfect, infinitely
> customizable yet
> >> easy-to-use LDAP tool to come along.
> >
> > IMVHO, There is no such thing. Having a rock-solid, infinitively
> > customizable, yet easy to set up+configure XYZ is a paradoxical dream.
> > What we might be able to discuss is a generic "school type auth" LDAP
> > setup, which as you said, even Redhat seems to have to do... If you
> > want/need customization, you can learn the shell tools. It's not
> > confining this way, because you have an absolute choice of either one.
> > We'd just be making it a bit easier for people who don't need elaborate
> > setups.
> >
> >
> >
> > Cheers,
> > Jordan
> >
>
>
>
> --
> edubuntu-users mailing list
> edubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/edubuntu-users/attachments/20100122/51cd7608/attachment.htm 