Search Results

Search found 85 results on 4 pages for 'nis'.

Page 1/4 | 1 2 3 4  | Next Page >

  • NIS user not being added to NIS group

    - by Brian
    I have set up a NIS server and several NIS clients. I have a user and a group on the NIS server like so: /etc/passwd: myself:x:5000:5000:,,,:/home/myself:/bin/bash /etc/group: fishy:x:3001:otheruser,etc,myself,moreppl I imported the users and groups on the NIS client by adding +:::::: to /etc/passwd and +::: to /etc/group. I can log in to the NIS client, but when I run groups, fishy is not listed. But getent group fishy shows that it was imported correctly and lists me as a member. And if I do sudo su - myself, then suddenly groups says I am in the group! I also had nscd installed, and the groups worked correctly for a while. It seemed like after being logged in for a while, I would silently be dropped out of the group. If I restarted nscd and logged in again, then the groups worked correctly...for a while. There are no UID or GID conflicts with local users or groups. Update: Contents of /etc/nsswitch.conf: passwd: compat group: compat shadow: compat hosts: files nis dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis aliases: nis files

    Read the article

  • NIS client cannot find NIS server (Opensuse)

    - by Tony
    I installed NIS server on head node of a virtual cluster(VirtualBox). One of the node (let's say node-1) can find NIS server and work with it, but another node (node-2) just can't find the NIS server in Yast while it can ping and ssh to both head node and node-1. BTW, all the nodes are VMs, head node and node-1 are on the same physical machine, node-2 is on another physical machine. I set the domain name in /etc/hosts and /etc/yp.conf, and ypwhich sometimes gives the correct domainname several minutes later complains about "ypwhich: Can't communicate with ypbind", and will back to work after some time. Also tried rpcinfo -p hostname and it worked as expected. I almost tried every thing I can find on internet, but seems that not many people had this problem. Any help would be very appreciated.

    Read the article

  • NIS client authentication

    - by Tarun Gupta
    How to configure the nis client on ubuntu? and how to configure system authentication? there is no option for system authentication like system setting system info in my system etc. when ever i go to software center and search them nis authentication then i got one package for nis authentication and i try to install them then one error occur that is remove hostname utility. when i try to remove hostname utility then it does not remove.

    Read the article

  • Delaying NIS & NFS startup till after network interface is fully ready on Fedora 17

    - by obmarg
    I've recently set up a fedora 17 server for our network, and I've been having trouble getting the NIS service to work on startup. Here's some logs from the system: Aug 21 12:57:12 cairnwell ypbind-pre-setdomain[718]: Setting NIS domain: 'indigo-nis' (environment variable) Aug 21 12:57:13 cairnwell ypbind: Binding NIS service Aug 21 12:57:13 cairnwell rpc.statd[730]: Unable to prune capability 0 from bounding set: Operation not permitted Aug 21 12:57:13 cairnwell systemd[1]: nfs-lock.service: control process exited, code=exited status=1 Aug 21 12:57:13 cairnwell systemd[1]: Unit nfs-lock.service entered failed state. Aug 21 12:57:14 cairnwell setroubleshoot: SELinux is preventing /usr/sbin/rpc.statd from using the setpcap capability. For complete SELinux messages. run sealert -l 024bba8a-b0ef-43dc-b195-5c9a2d4c4d41 Aug 21 12:57:15 cairnwell kernel: [ 18.822282] bnx2 0000:02:00.0: em1: NIC Copper Link is Up, 1000 Mbps full duplex Aug 21 12:57:15 cairnwell kernel: [ 18.822925] ADDRCONF(NETDEV_CHANGE): em1: link becomes ready Aug 21 12:57:15 cairnwell NetworkManager[621]: <info> (em1): carrier now ON (device state 20) Aug 21 12:57:15 cairnwell NetworkManager[621]: <info> (em1): device state change: unavailable -> disconnected (reason 'carrier-changed') [20 30 40] Aug 21 12:57:15 cairnwell NetworkManager[621]: <info> Auto-activating connection 'System em1'. Aug 21 12:57:15 cairnwell NetworkManager[621]: <info> Activation (em1) starting connection 'System em1' Aug 21 12:57:15 cairnwell NetworkManager[621]: <info> (em1): device state change: disconnected -> prepare (reason 'none') [30 40 0] ....... Aug 21 12:57:19 cairnwell sendmail[790]: YPBINDPROC_DOMAIN: Domain not bound Aug 21 12:57:26 cairnwell sendmail[790]: YPBINDPROC_DOMAIN: Domain not bound Aug 21 12:57:31 cairnwell sendmail[790]: YPBINDPROC_DOMAIN: Domain not bound Aug 21 12:57:35 cairnwell sendmail[790]: YPBINDPROC_DOMAIN: Domain not bound Aug 21 12:58:00 cairnwell ypbind: Binding took 47 seconds Aug 21 12:58:00 cairnwell ypbind: NIS server for domain indigo-nis is not responding. Aug 21 12:58:01 cairnwell ypbind: Killing ypbind with PID 733. Aug 21 12:58:01 cairnwell ypbind-post-waitbind[734]: /usr/lib/ypbind/ypbind-post-waitbind: line 51: kill: SIGTERM: invalid signal specification Aug 21 12:58:01 cairnwell systemd[1]: ypbind.service: control process exited, code=exited status=1 Aug 21 12:58:01 cairnwell systemd[1]: Unit ypbind.service entered failed state. By the looks of these logs the ypbind service is starting up at 12:57:12 but the network interface isn't coming up till 12:57:15. My guess is that this is causing ypbind to time out when trying to connect. As a knock-on effect the NIS failure is causing problems with NFS which is no longer able to map UIDs properly. This problem doesn't seem to be fixed by actually starting ypbind etc. so I've had to set all my NFS shares to noauto. I have tried manually adding NETWORKDELAY and NETWORKWAIT in /etc/sysconfig/network and also running systemctl enable NetworkManager-wait-online.service as I've seen suggested in some places, but neither of these have had any effect. It is relatively easy to fix manually by restarting ypbind & mounting NFS shares after the network has started up, but it's less than ideal to have to do this every time the server has been rebooted. Does anyone know of an easy (and preferably hack-free) way of delaying the ypbind startup till after the network interface is fully ready?

    Read the article

  • NIS AD password synch for new accounts

    - by user135004
    I have a Win2k3R2 DC with NIS. All is working well but its no longer synching the passwords for new accounts. When creating a new AD user, NIS does its thing and sends its Unix account to the synched linux server. It's doing everything its supposed to do but not the users password to the server (getent passwd returns the ABCD!efgh12345$67890 password for the new account). Thinking that password synchronization is not working, I changed the password of an existing working account and it synchs the new password. If I delete a new or old AD user, it deletes it on the linked linux server as well. All this tells me that NIS is doing its thing (at least with existing accounts) No updates have been installed on the DC. I am not even sure where to start here.

    Read the article

  • NIS password mapping question

    - by papoyan
    I have NIS server with user "techsupport", which has uid/gid = 517 I've configured NIS and NFS on that server, as well as NFS/NIS client on the remote web server. Now I need to techsupport user to be able to login to web server using techsupport username, but HAVE root privileges. I need this, so I can easily track, which support agent doing what on the web server. Everything works fine, when from NIS server, I ssh to the web server with tech support user nisserver# ssh [email protected] I can authenticate against the NIS server just fine, and my home directory that is on NIS server, get's mounted on web server just fine. The Only two problems I have are : my GID on web server is webserver# id uid=517(techsupport) gid=517(client_jonny) groups=517(client_jonny) (as you can see, that it picked up gid of a client that exists on the web server, since it's same number) I need to make sure, that my "techsupport" user has ROOT privileges. How can I achieve this? I remember that I've seen identical results elsewhere, but LDAP was used, is there a way to achieve this with NIS/NFS setup? Thank you in advance,

    Read the article

  • How to synchronize users, passwords, hosts, etc without NIS

    - by joshxdr
    I am administering a very small solaris 2.6 network with 4 boxes total. Is it possible to use scp or similar to replace NIS for synchronizing users, groups, hosts, etc? This network is only a small part of my job and I don't want to spend too much time on it, and I am worried the setup and maintenence of NIS will not pay off. I need it to behave like a proper multi-user system, when a user logs into any machine, the users, passwords, hosts, etc. are always the same. Is there an easy way to do this with scp? Right now I copy /etc/passwd from one box to another with scp, but sometimes I make mistakes or forget a step, and scp inside of shell scripts don't seem to works so well since they require password authentication. Any recommendations would be welcome.

    Read the article

  • Replacement for NIS/YP

    - by mdpc
    The company that I am working for is embarking on replacing the current locally developed NIS/YP structure with LDAP. We already have AD in house for the Windows stuff and would like to consider using an AD system. The AD people are quite restrictive and would not support extensive modifications. We have needs to have the replacement include the support the full capabilities of the NIS/YP suite include netgroups, login restrictions to specific servers for specific users or groups of users, consistent passwords between the *nix and Windows environment,etc. Our environment is a mixture of Linux (suse, RH, Debian), Sun, IBM, HP and MPRAS as well as a NETAPP. So whatever we use must be totally inclusive to all environment. We have looked at Likewise, but our management wants other alternatives to compare with. What other things should I be looking at and what is you assessment of the alternative? Thanks

    Read the article

  • OSX 10.6 integration into NIS/netgroup/automount infrastructure

    - by mdpc
    I have an existing infrastructure where accounts are maintained under NIS (yp) with no local unix accounts. Also, all the standard maps including hosts, mail aliases, netgroups, etc...are maintained in this form. Extensive use of the UNIX/Linux automounter with items scattered over the network on NFS servers. There are NO ACLs on any local or shared files. All mail needs to use basically the nullclient sendmail configuration feeding into a different system. I now have a requirement to integrate an Apple OSX 10.6 system into this environment and make it run seamlessly. My initial reading and second-hand information seems to indicate that this may not be possible on the native OSX 10.6 system. I'm concerned. Any ideas as to how to accomplish this task and make everybody happy? Thanks PS: I have never used an Apple OSX system.

    Read the article

  • OSX 10.6 integration into NIS/netgroup/automount infrastructure

    - by mdpc
    I have an existing infrastructure where accounts are maintained under NIS (yp) with no local unix accounts. Also, all the standard maps including hosts, mail aliases, netgroups, etc...are maintained in this form. Extensive use of the UNIX/Linux automounter with items scattered over the network on NFS servers. There are NO ACLs on any local or shared files. All mail needs to use basically the nullclient sendmail configuration feeding into a different system. I now have a requirement to integrate an Apple OSX 10.6 system into this environment and make it run seamlessly. My initial reading and second-hand information seems to indicate that this may not be possible on the native OSX 10.6 system. I'm concerned. Any ideas as to how to accomplish this task and make everybody happy? Thanks PS: I have never used an Apple OSX system.

    Read the article

  • Can I use netgroup at an NIS Client (Redhat) to restrict access to it?

    - by sdmythos_gr
    Our company has a central NIS configuration that we are using to access our teams servers (Redhat)... The current configuration allows all valid NIS authenticated users to connect to our servers. We cannot update or change something on the NIS Master Server... so... Is there a way to use netgroups or some other configuration to allow our team members to authenticate using the NIS server but still restrict access to all other users? Thanks!

    Read the article

  • NIS: which mechanism hides shadow.byname for unpriviledged users?

    - by Mark Salzer
    On some Linux box (SLES 11.1) which is a NIS client I can do as root: ypcat shadow.byname and get output, i.e. some lines with the encrypted passwords, amongst other information. On the same Linux box, if I run the same command as unpriviledged user, I get No such map shadow.byname. Reason: No such map in server's domain Now I am surprised. My good old knowlege says that shadow passwords in NIS are absurd because there is no access control or authentication in the protocol and thus every (unpriviledged) user can access the shadow map and thereby obtain the encrypted passwords. Obviously we have a different picture here. Unfortunately I don't have access to the NIS server to figure out what is happening. My only guess is that the NIS master gives the map only to clients conection from a priviledged port (1024), but this is only an uneducated guess. What mechanisms are there in current NIS implementations to lead to a behavior like the above? How "secure" are they? Can the be circumvented easily? Or are shadow passwords in NIS as secure as the good old shadow files?

    Read the article

  • What NIS maps are needed for OSX 10.6 to authenticate?

    - by Kyle__
    What NIS maps are necessary for OSX 10.6 to authenticate? I have an ubuntu-sever sharing NIS, and from the OSX client, ypcat passwd, ypcat group and (as root) ypcat shadow.byname all work, and return the correct info. If I type groups kyle (a user in NIS, but not on the local machine), I get all the correct group information. The only thing that doesn't work, is logging in. (And yes, if I point an ubuntu box to that NIS server, everything authenticates off of it just fine).

    Read the article

  • Mac OS X 10.5/6, authenticate against by NIS or LDAP when both servers have your username

    - by Wang
    We have an organization-wide LDAP server and a department-only NIS server. Many users have accounts with the same name on both servers. Is there any way to get Leopard/Snow Leopard machines to query one server, and then the other, and let the user log in if his username/password combination matches at least one record? I can get either NIS authentication or LDAP authentication. I can even enable both, with LDAP set as higher priority, and authenticate using the name and password listed on the LDAP server. However, in the last case, if I set the LDAP domain as higher-priority in Directory Utility's search path and then provide the username/password pair listed in the NIS record, then my login is rejected even though the NIS server would accept it. Is there any way to make the OS check the rest of the search path after it finds the username?

    Read the article

  • NFS mount share from Linux AD authentication to Linux with NIS authentication

    - by user137862
    I have two machines: Linux with AD authentication and running NFS server Linux with NIS authentication Problem: When I try to mount any share from first machine (AD authentication) to second (NIS authentication) I always get somehing like this drwxrws---+ 13 16777260 16777222 4096 Sep 21 09:42 software In fact I can't access to this folder because on NIS machine I don't have the user with such UID/GID Question: May somebody know how resolve this problem?

    Read the article

  • Simple, centralized user management on a small LAN - NIS or LDAP?

    - by einpoklum
    I'm setting up a small LAN for my team. It will, for all intents and purposes, not be connected to any external networks. I would it to have centralized control of user accounts (at least, I think I'd like that; I'm also considering using puppet, so theoretically I could just push /etc/passwd changes, or something). The number of machines is fixed, but not very small. Mostly they're 'attached' to a single user, but sometimes people work remotely on someone else's box; and there are a couple of servers. I've read this question, but my scenario is much simpler (even simpler than in this question) and I'd like to do something (relatively) quick, with not much hassle, but not a dirty totally-insecure hack. Is NIS relevant for my scenario? If not, what's the most hassle-free way to set up LDAP (or LDAP+Kerberos) to achieve the same? Notes: I have no experience with setting up either NIS or LDAP. We use Debian-flavored Linux distributions, mainly Kubuntu 12.04 (not my choice, but that's the way it is).

    Read the article

  • Windows Server 2008 R2 Accessing NFS share without AD or NIS

    - by Jon Rhoades
    I'm trying to mount an NFS share on our NetApp SAN on Windows 2008 R2. Using XP I have no problem mounting this share without a username/NIS/pswd file etc, but the new functionality in 2008 seems to insist on either using AD or an NIS server (to "streamline" Services for NFS MS removed user account mapping) see Technet. When I go to map the share using "map network drive" no combination of "root", no username, no password, my username works. Using the command line mount -o anon \\172... :n or mount -o -u:root \\172... :n either gives me a network error 53 or 67 error Is it possible with 2008 to mount an NFS share without AD or NIS? If so what am I doing wrong? (Security is taken care off by IP address permissions and VLANs)

    Read the article

  • NIS server setting problem in ubuntu

    - by Asma
    Hi, I set NFS for server-client that works properly. Now I am trying to set NIS server-client on same PC's. I am following the instruction from "SettingUpNISHowTo" from https://help.ubuntu.com/community/SettingUpNISHowTo link. But in step-10, "sudo /etc/init.d/nis restart".......it show error fail. If I try to use "ypcat passwd" to check......it shows error YPBINDPROC_DOMAIN: Domain not bound No such map passwd.byname. Reason: Can't bind to server which serves this domain Can anyone able to help me to get rid out from this problem? Is all the step in the document is proper to configure the NIS server? Thanks in advance.

    Read the article

  • Password rules for yppasswd

    - by gstoynev
    Hello all, I have a NIS master-slave setup and I would like to improve the password rules/complexity for it. Seems like if I introduce new rules to the NIS Master they are applicable only from there. What I mean: I want minimal password length of 9 characters. On the NIS master if I run 'passwd' it obeys this requirement. If I run 'yppasswd' it just go to the default 6 characters. If I use 'chage -d 0 user1' to force a user to change a password, the user is prompted only when login on the NIS Master. The user's old password is still good to login at NIS clients. All machines are running Ubuntu 9.10 or 10.04. How I can strengthen yppasswd rules and make it warn users to change their passwords? Thank you all!

    Read the article

  • Sun Power Button Won't Shut Down System

    - by user36680
    Background: We are running NIS and have NFS mounts from a Solaris 10 workstation to a Solaris 8 server. If the workstation loses its network connection for some reason, when I look at the workstation's console I see repeated messages of the form: <date> <time> <hostname> ypbind[<pid>]: NIS server not responding for domain "<domain>"; still trying. If I try to login at the console as a user, it won't work because it can't authenticate my account through NIS. Also, it won't return to a login prompt again, so I can't log in as root. If I press the power button (don't hold it in) on the workstation, I see: <date> <time> <hostname> power: WARNING: Power off requested from power button or SC, powering down the system! Shutdown started. <date> <time> Changing to init state 5 - please wait. <date> <time+2 minutes> <hostname> power: WARNING: Failed to shut down the system! And continue to see messages of the form: <date> <time> <hostname> ypbind[<pid>]: NIS server not responding for domain "<domain>"; still trying. So, the questions are How do I make NIS stop trying (because I know it will fail)? Why won't it shut down?

    Read the article

  • Setting up NIS/NFS on Mac OS 10.6

    - by evan
    We have an Ubuntu NIS/NFS server at work and we recently got a few new iMacs. Is there a way to set them up so they can use the linux user accounts and mount the shared nfs files? Are there any guides on how to do this? I've been googling with no success. I tried getting NFS to work by connecting to the server via the Disk Utility but after I run 'sudo automount' from the command line and ls the directory I tried to mount it to (Volumes/nfs) it gives a permissions error. If there isn't a way to do this, anyone know of any not to complicated ways to share user accounts and files between mac and linux computers (and even hypothetically a windows computer one day?) I know its kind a of huge question, but I'll greatly appreciate any advice on the topic. Thanks!

    Read the article

  • NFS automounts hang

    - by Yang
    Hi, I have been mounting NFS shares on my x86 Ubuntu with NIS/am-utils fine for a long time, but today my system got into a state where it could no longer access automounted directories and instead frequently got hung up trying to access them, returning either "Input/output error" or "Permission denied" (almost randomly), as well as "stale file handle." I can, however, manually mount that share fine. Restarting am-utils doesn't help get my system out of its funk; is there any other way of getting my system un-stuck?

    Read the article

  • Welcome to ubiquitous file sharing (December 08, 2009)

    - by user12612012
    The core of any file server is its file system and ZFS provides the foundation on which we have built our ubiquitous file sharing and single access control model.  ZFS has a rich, Windows and NFSv4 compatible, ACL implementation (ZFS only uses ACLs), it understands both UNIX IDs and Windows SIDs and it is integrated with the identity mapping service; it knows when a UNIX/NIS user and a Windows user are equivalent, and similarly for groups.  We have a single access control architecture, regardless of whether you are accessing the system via NFS or SMB/CIFS.The NFS and SMB protocol services are also integrated with the identity mapping service and shares are not restricted to UNIX permissions or Windows permissions.  All access control is performed by ZFS, the system can always share file systems simultaneously over both protocols and our model is native access to any share from either protocol.Modal architectures have unnecessary restrictions, confusing rules, administrative overhead and weird deployments to try to make them work; they exist as a compromise not because they offer a benefit.  Having some shares that only support UNIX permissions, others that only support ACLs and some that support both in a quirky way really doesn't seem like the sort of thing you'd want in a multi-protocol file server.  Perhaps because the server has been built on a file system that was designed for UNIX permissions, possibly with ACL support bolted on as an add-on afterthought, or because the protocol services are not truly integrated with the operating system, it may not be capable of supporting a single integrated model.With a single, integrated sharing and access control model: If you connect from Windows or another SMB/CIFS client: The system creates a credential containing both your Windows identity and your UNIX/NIS identity.  The credential includes UNIX/NIS IDs and SIDs, and UNIX/NIS groups and Windows groups. If your Windows identity is mapped to an ephemeral ID, files created by you will be owned by your Windows identity (ZFS understands both UNIX IDs and Windows SIDs). If your Windows identity is mapped to a real UNIX/NIS UID, files created by you will be owned by your UNIX/NIS identity. If you access a file that you previously created from UNIX, the system will map your UNIX identity to your Windows identity and recognize that you are the owner.  Identity mapping also supports access checking if you are being assessed for access via the ACL. If you connect via NFS (typically from a UNIX client): The system creates a credential containing your UNIX/NIS identity (including groups). Files you create will be owned by your UNIX/NIS identity. If you access a file that you previously created from Windows and the file is owned by your UID, no mapping is required. Otherwise the system will map your Windows identity to your UNIX/NIS identity and recognize that you are the owner.  Again, mapping is fully supported during ACL processing. The NFS, SMB/CIFS and ZFS services all work cooperatively to ensure that your UNIX identity and your Windows identity are equivalent when you access the system.  This, along with the single ACL-based access control implementation, results in a system that provides that elusive ubiquitous file sharing experience.

    Read the article

  • Cyrus on CentOS with sasl / pam / ldap

    - by Oscar
    SASL/PAM/LDAP is driving me crazy... that's what I read a lot when googling for problems in this area, and what I experience myself :-S I'm trying to get Cyrus imap working for virtual hosting on CentOS with this authorisation backend and really don't know what's happening. In saslauthd I configured the LDAP search filter to use, but it looks like pam completely ignores it. Here's what I do for testing (done more tests but all with similar results): [root@testserv ~]# imtest -u [email protected] -a [email protected] WARNING: no hostname supplied, assuming localhost S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS] testserv. Cyrus IMAP4 v2.3.7-Invoca-RPM-2.3.7-7.el5_6.4 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH S: C01 OK Completed Please enter your password: C: L01 LOGIN [email protected] {6} S: + go ahead C: <omitted> S: L01 NO Login failed: authentication failure Authentication failed. generic failure Security strength factor: 0 C: Q01 LOGOUT * BYE LOGOUT received Q01 OK Completed Connection closed. The LDAP entry does exist (and so does the mailbox in Cyrus): [root@testserv ~]# ldapsearch -WxD cn=Manager,o=mydomain,c=com [email protected] Enter LDAP Password: # extended LDIF # # LDAPv3 # base <> with scope subtree # filter: [email protected] # requesting: ALL # # myuser, accounts, testserv.mydomain.com, mydomain, com dn: uid=myuser,ou=accounts,dc=testserv.mydomain.com,o=mydomain,c=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uidNumber: 16 uid: myuser gidNumber: 5 givenName: My sn: Name mail: [email protected] cn: My Name userPassword:: dYN5ebB0fXhNRn1pZllhRnJX7Uk= shadowLastChange: 15176 homeDirectory: /dev/null # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 This is what I get in /var/log/messages Aug 2 04:00:11 testserv cyrus/imap[12514]: auxpropfunc error invalid parameter supplied Aug 2 04:00:19 testserv saslauthd[5926]: do_auth : auth failure: [[email protected]] [service=imap] [realm=testserv.mydomain.com] [mech=pam] [reason=PAM auth error] ... /var/adm/auth.log Aug 2 04:00:11 testserv cyrus/imap[12514]: auxpropfunc error invalid parameter supplied Aug 2 04:00:11 testserv cyrus/imap[12514]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb Aug 2 04:00:19 testserv saslauthd[5926]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module Aug 2 04:00:19 testserv saslauthd[5926]: do_auth : auth failure: [[email protected]] [service=imap] [realm=testserv.mydomain.com] [mech=pam] [reason=PAM auth error] (AFAIK I can ignore the auxprop msg) ... and /var/log/slapd.log: Aug 2 04:00:19 testserv slapd[5968]: conn=61 fd=27 ACCEPT from IP=127.0.0.1:51403 (IP=0.0.0.0:389) Aug 2 04:00:19 testserv slapd[5968]: conn=61 op=0 BIND dn="" method=128 Aug 2 04:00:19 testserv slapd[5968]: conn=61 op=0 RESULT tag=97 err=0 text= Aug 2 04:00:19 testserv slapd[5968]: conn=61 op=1 SRCH base="o=mydomain,c=com" scope=2 deref=0 filter="([email protected])" Aug 2 04:00:19 testserv slapd[5968]: conn=61 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= Aug 2 04:00:19 testserv slapd[5968]: conn=61 op=2 UNBIND Aug 2 04:00:19 testserv slapd[5968]: conn=61 fd=27 closed These are the settings in In /etc/imapd.conf: sasl_mech_list: PLAIN LOGIN sasl_pwcheck_method: saslauthd ## sasl_auxprop_plugin: sasldb sasl_auto_transition: no and my sasl config: [root@testserv ~]# cat /etc/sysconfig/saslauthd # Directory in which to place saslauthd's listening socket, pid file, and so # on. This directory must already exist. SOCKETDIR=/var/run/saslauthd # Mechanism to use when checking passwords. Run "saslauthd -v" to get a list # of which mechanism your installation was compiled with the ablity to use. MECH=pam # Additional flags to pass to saslauthd on the command line. See saslauthd(8) # for the list of accepted flags. FLAGS="-c -r -O /etc/saslauthd.conf" [root@testserv ~]# cat /etc/saslauthd.conf ldap_servers: ldap://127.0.0.1/ ldap_search_base: dc=%d,o=mydomain,c=com ldap_auth_method: bind #ldap_filter: (|(uid=%u)((&(mail=%u@%d)(accountStatus=active))) ldap_filter: (&(mail=%u@%d)(accountStatus=active)) ldap_debug: 1 ldap_version: 3 The accountStatus=active is not in ldap yet, but that doesn't make a difference since I don't see it in the filter... that's not the reason for the failure. The weird thing is, I do get an error when I rename or remove /etc/saslauthd.conf, but when the file exists it seems happily ignored... The filter in slapd.log seems to be taken from /etc/ldap.conf. Apart from some timers, that only contains: host 127.0.0.1 base o=mydomain,c=com pam_login_attribute mail Outcommenting the pam_login_attribute results in this filter in slapd.log: filter="([email protected])" Pam-imap looks like this: [root@testserv ~]# cat /etc/pam.d/imap auth required pam_ldap.so debug account required pam_ldap.so debug #auth sufficient pam_unix.so likeauth nullok #auth sufficient pam_ldap.so use_first_pass #auth required pam_deny.so #account sufficient pam_unix.so #account sufficient pam_ldap.so The outcommented stuff is because I don't have the cyrus admin user in Ldap; that's a Linux user. That works fine when uncommented, but I still need to play around with that a little and first I wanna get imap working. Finally nsswitch: [root@testserv ~]# cat /etc/nsswitch.conf # # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # nisplus or nis+ Use NIS+ (NIS version 3) # nis or yp Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far # # To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis passwd: compat ldap group: compat ldap shadow: compat ldap hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: nisplus publickey: nisplus automount: files nisplus aliases: files nisplus Any info where to start looking will be greatly appreciated! Thnx in advance

    Read the article

1 2 3 4  | Next Page >