Re: Skolelinux und Ubuntu

[laget sebastiaan <skolelinux@gmail.com>]

I ran into the same problem a couple of weeks ago.
I didn't find a solution but installed 9.04 instead of 9.10.
Haven't tried dist-upgrading the 9.04 to 9.10 yet....

It might have something to do with version differences between the 
ldap/nscd/pam/nss version in 9.10 and debian etch.

Sebastiaan

Martin Schulte schreef:
> Thanks,
> no, in the pam_ldap.conf is everything ok, especially it contains  
> "ssl start_tls", also I get ldap_server_pubkey.pem and the 
> slapd-cert.cnf from tjener. But the result is the same. Are you know 
> some other reasons?
> Bye, martin
>
>
>
>
>
> > [Martin Schulte]
> >  
> > > Hello,
> > > I'm trying to add an Ubuntu-PC to an skolelinux (etch) network using 
> > > this HowTo: http://wiki.skolelinux.de/Skolelinux/Ubuntu .
> > > I did all things, written there, and I also set an link from 
> > > /etc/ldap.conf to /etc/ldap/ldap.conf (sudo unlink /etc/ldap.conf && 
> > > sudo ln -s ldap/ldap.conf /etc/ldap.conf ), because Ubuntu 9.10 
> > > stores the ldap.conf directly in the /etc/ and not in /etc/ldap/.
> > > After restarting, I run "getent passwd" and I saw all debian-edu users.
> > > After trying su - <username> , password: was prompted. After typing 
> > > the password, I got the alert: "Authentication failure" I get the 
> > > same error, when trying login after reboot.
> > > The important lines in the auth.log are (username = mschulte):
> > > -----
> > > Jan  4 21:25:19 rootgym-laptop login[2838]: pam_unix(login:auth): 
> > > authentication failure; logname=rootgym uid=0 euid=0 tty=/dev/pts/2 
> > > ruser= rhost=  user=mschulte
> > > Jan  4 21:25:19 rootgym-laptop login[2838]: pam_ldap: error trying 
> > > to bind as user 
> > > "uid=mschulte,ou=People,dc=skole,dc=skolelinux,dc=no" 
> > > (Confidentiality required)
> > > Jan  4 21:25:21 rootgym-laptop login[2838]: FAILED LOGIN (2) on 
> > > '/dev/pts/2' FOR 'mschulte', Authentication failure
> > > Jan  4 21:25:29 rootgym-laptop login[2838]: pam_ldap: error trying 
> > > to bind as user 
> > > "uid=mschulte,ou=People,dc=skole,dc=skolelinux,dc=no" 
> > > (Confidentiality required)
> > > Jan  4 21:25:31 rootgym-laptop login[2838]: FAILED LOGIN (3) on 
> > > '/dev/pts/2' FOR 'mschulte', Authentication failure
> > > -----
> > > Can somebody help me?
> > >     
> >
> > I would suspect your /etc/pam_ldap.conf do not contain 'ssl start_tls'
> > or the LDAP server SSL certificate is missing in /etc/ldap/ssl/.
> > Password checks via LDAP require an encrypted LDAP connection, which
> > is ensured using TLS, and TLS should be configured to check the server
> > sertificate.  The /etc/init.d/fetch-ldap-cert script is used in
> > Skolelinux to download the LDAP SSL certificate on the clients.  Note
> > that the LDAP configuration is intended to be different for NSS and
> > PAM, where NSS isn't encrypted while PAM is.
> >
> > This is the current pam_ldap.conf settings in Debian Edu/Lenny:
> >
> >   tjener:~# grep -v '#' /etc/pam_ldap.conf |sort -u
> >
> >   base ou=People,dc=skole,dc=skolelinux,dc=no
> >   host ldap
> >   ldap_version 3
> >   pam_filter objectclass=posixAccount
> >   pam_password exop
> >   ssl start_tls
> >   tjener:~#   
> >  
> > > Another Question: Is there a possibility to assign the hostnames 
> > > automatically?
> > >     
> >
> > You mean like /etc/init.d/update-hostname is doing in Skolelinux?
> >
> > Happy hacking,
> >