- Community Home
- >
- Servers and Operating Systems
- >
- Legacy
- >
- Operating System - Tru64 Unix
- >
- Problem with LDAP Authentication on Tru64
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-22-2006 02:13 AM
тАО11-22-2006 02:13 AM
Problem with LDAP Authentication on Tru64
I have an OpenLDAP directory server (2.0.27) installed and configured on my windows machine and a TRU64 machine (TRU64 v.5.1B).
Please see the attachment.
Thanks in advance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-22-2006 04:50 AM
тАО11-22-2006 04:50 AM
Re: Problem with LDAP Authentication on Tru64
finger
Where
Use ldapsearch to check if your bind dn credentials are valid and you can retrieve all the posixAccount attributes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-22-2006 08:44 PM
тАО11-22-2006 08:44 PM
Re: Problem with LDAP Authentication on Tru64
I have the LDAPCD_CONF yes in /etc/rc.config.
The output of finger
bash-3.00# finger ldapuser
Login name: ldapuser
In real life: ldapuser
Directory: /tmp Shell: /bin/sh
Never logged in.
No Plan.
The shell is valid. This shell is used by a local user (in passwd) that authenticate successfully.
This is the output of ldapsearch:
bash-3.00# ldapsearch -h xxx.xxx.xxx.xxx -p 389 -D "cn=root,ou=ldapusers,dc=xxx,dc=xxx,dc=xxx" -w xxx -b "ou=xxx,dc=xxx,dc=xxx,dc=xxx" uid=ldapuser
# extended LDIF
#
# LDAPv3
# base
# filter: uid=ldapuser
# requesting: ALL
#
# ldapuser, People, xxx, xxx.xxx.xxx
dn: uid=ldapuser, ou=People, ou=xxx, dc=xxx,dc=xxx,dc=xxx
shadowMin: 2
userPassword:: e1NIQX1jKy9Tck1KdERuZkFiQ0taZlFHaER2Z2R0Rjg9
uidNumber: 154
gidNumber: 400
shadowFlag: -1
shadowExpire: 13757
shadowMax: 90
uid: ldapuser
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: account
gecos: ldapuser
shadowLastChange: 13469
cn: ldapuser
shadowInactive: 5
homeDirectory: /tmp
description: ldapuser
shadowWarning: 5
loginShell: /bin/sh
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
This is the output of ldap_check:
./ldap_check
Loaded Configuration file /etc/ldapcd.conf
Connected to LDAP server on xxx.xxx.xxx.xxx
Search base "dc=xxx,dc=xxx,dc=xxx" confirmed
User Branch "ou=xxx,dc=xxx,dc=xxx,dc=xxx" confirmed
Retrieved Object class information
Password object class attributes verified
Group object class attributes verified
Directory configuration verified
This is the output of command "id" :
bash-3.00# id ldapuser
uid=154(ldapuser) gid=400(test)
If log-in with root user and execute the command "su - ldapuser", I have this ouput :
su - ldapuser
su: Unknown id: ldapuser
Sorry
When i try to log-in via telnet, the output is:
Compaq Tru64 UNIX V5.1B (Rev. 2650) (xxx) (pts/3)
login: ldapuser
Password:
Login incorrect
Wait for login retry ...
Login incorrect
login:
What's the problem?...
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-22-2006 09:29 PM
тАО11-22-2006 09:29 PM
Re: Problem with LDAP Authentication on Tru64
in Tru64 Machine are installed this modules:
setld -i | grep -i LDAP
LDPUTILS120 - LDAP Client Utilities
OSFLDPAUTH540 - LDAP Authentication (Network-Server/Communications)
setld -i | grep -i Netscape
OSFNETSCAPE540 - Netscape Communicator V4.76 (Windows Applications)
OSFNETSCAPECLT540 - Netscape 6.2.3 Web Client (Windowing Environment)
OSFNETSCAPEGRT540 - Netscape 6.2.3 Gnome Runtime Support(Windowing Environment)
Are necessary other patch or modules?
Many Thanks!!!...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-23-2006 06:52 AM
тАО11-23-2006 06:52 AM
Re: Problem with LDAP Authentication on Tru64
userbranch: "ou=
crypt_passwd: 1
The userbranch I suppose that should be:
ou=ldapusers,dc=xxx,dc=xxx,dc=xxx
Or comment to use the default searchbase.
And for crypt_passwd, I cannot find any information about in the man pages or the security guide that describes this option. I would try commenting it also.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-23-2006 08:13 PM
тАО11-23-2006 08:13 PM
Re: Problem with LDAP Authentication on Tru64
I try to authenticate with LDAP user without userbranch but the authentication fails.
I have this tree structure in my LDAP Server:
dc=xxx,dc=xxx,dc=xxx
|
--> ou=
|
--> ou=People
|
--> ou=Group
Under the branch People there are my ldap users (e.g. : uid=ldapuser). Under the branch Group there are my ldap groups (e.g. : cn=test).
I try to use also this branch:
ou=People,ou=
but authentication doesn't work.
I try to cancel the userbranch but I have the same problems.
The document "Configuring a System to Use LDAP for User Authentication Using Internet Express" (released by Compaq for Tru64) report that:
" If you intend to use a directory server (such as OpenLDAP) that requires user passwords to be encrypted prior to sending them to the server, you
MUST manually add the following line to the /etc/ldapcd.conf file:
crypt_passwd: 1 "
I try to cancel this configuration but I have the same problems.
I see that the command "id" and the command "telnet" produce a different client log (on Tru64 machine):
-- Telnet log:
-------------------------------------------
connected: 126291: Thu Nov 23 17:26:39 2006
THREAD 0 starting: 126291: Thu Nov 23 17:26:39 2006
waiting for a connection: 126291: Thu Nov 23 17:26:39 2006
doCommand - start: 126291: Thu Nov 23 17:26:39 2006
reqtype = 1, reqdata = ldapuser: 126291: Thu Nov 23 17:26:39 2006
ldap_getpwnam: 126291: Thu Nov 23 17:26:39 2006
_ldap_pwlookup: 126291: Thu Nov 23 17:26:39 2006
_ldap_pwgetvals - start: 126291: Thu Nov 23 17:26:39 2006
_ldap_pwgetvals - end: 126291: Thu Nov 23 17:26:39 2006
doCommand - ldap_getpwnam() completed: 126291: Thu Nov 23 17:26:39 2006
doCommand - end: 126291: Thu Nov 23 17:26:39 2006
THREAD 0 exiting: 126291: Thu Nov 23 17:26:39 2006
connected: 126291: Thu Nov 23 17:26:42 2006
THREAD 0 starting: 126291: Thu Nov 23 17:26:42 2006
waiting for a connection: 126291: Thu Nov 23 17:26:42 2006
doCommand - start: 126291: Thu Nov 23 17:26:42 2006
reqtype = 1, reqdata = ldapuser: 126291: Thu Nov 23 17:26:42 2006
ldap_getpwnam: 126291: Thu Nov 23 17:26:42 2006
doCommand - ldap_getpwnam() completed: 126291: Thu Nov 23 17:26:42 2006
doCommand - end: 126291: Thu Nov 23 17:26:42 2006
THREAD 0 exiting: 126291: Thu Nov 23 17:26:42 2006
connected: 126291: Thu Nov 23 17:26:44 2006
THREAD 0 starting: 126291: Thu Nov 23 17:26:44 2006
waiting for a connection: 126291: Thu Nov 23 17:26:44 2006
doCommand - start: 126291: Thu Nov 23 17:26:44 2006
reqtype = 1, reqdata = ldapuser: 126291: Thu Nov 23 17:26:44 2006
ldap_getpwnam: 126291: Thu Nov 23 17:26:44 2006
doCommand - ldap_getpwnam() completed: 126291: Thu Nov 23 17:26:44 2006
doCommand - end: 126291: Thu Nov 23 17:26:44 2006
THREAD 0 exiting: 126291: Thu Nov 23 17:26:44 2006
-------------------------------------------
-- id log:
-------------------------------------------
connected: 126226: Thu Nov 23 17:24:39 2006
THREAD 0 starting: 126226: Thu Nov 23 17:24:39 2006
waiting for a connection: 126226: Thu Nov 23 17:24:39 2006
doCommand - start: 126226: Thu Nov 23 17:24:39 2006
reqtype = 1, reqdata = ldapuser: 126226: Thu Nov 23 17:24:39 2006
ldap_getpwnam: 126226: Thu Nov 23 17:24:39 2006
_ldap_pwlookup: 126226: Thu Nov 23 17:24:39 2006
_ldap_pwgetvals - start: 126226: Thu Nov 23 17:24:39 2006
_ldap_pwgetvals - end: 126226: Thu Nov 23 17:24:39 2006
doCommand - ldap_getpwnam() completed: 126226: Thu Nov 23 17:24:39 2006
doCommand - end: 126226: Thu Nov 23 17:24:39 2006
THREAD 0 exiting: 126226: Thu Nov 23 17:24:39 2006
connected: 126226: Thu Nov 23 17:24:39 2006
THREAD 0 starting: 126226: Thu Nov 23 17:24:39 2006
waiting for a connection: 126226: Thu Nov 23 17:24:39 2006
doCommand - start: 126226: Thu Nov 23 17:24:39 2006
reqtype = 32, reqdata = 400: 126226: Thu Nov 23 17:24:39 2006
ldap_getgrgid: 126226: Thu Nov 23 17:24:39 2006
_ldap_grlookup: 126226: Thu Nov 23 17:24:39 2006
_ldap_grgetvals - start: 126226: Thu Nov 23 17:24:39 2006
_ldap_grgetvals - end: 126226: Thu Nov 23 17:24:39 2006
doCommand - ldap_getgrgid() completed: 126226: Thu Nov 23 17:24:39 2006
doCommand - end: 126226: Thu Nov 23 17:24:39 2006
THREAD 0 exiting: 126226: Thu Nov 23 17:24:39 2006
connected: 126226: Thu Nov 23 17:24:39 2006
THREAD 0 starting: 126226: Thu Nov 23 17:24:39 2006
waiting for a connection: 126226: Thu Nov 23 17:24:39 2006
doCommand - start: 126226: Thu Nov 23 17:24:39 2006
reqtype = 41, reqdata = : 126226: Thu Nov 23 17:24:39 2006
ldap_setgrent: 126226: Thu Nov 23 17:24:39 2006
doCommand - ldap_setgrent() completed: 126226: Thu Nov 23 17:24:39 2006
reqtype = 42, reqdata = : 126226: Thu Nov 23 17:24:39 2006
ldap_getgrent: 126226: Thu Nov 23 17:24:39 2006
_ldap_grgetvals - start: 126226: Thu Nov 23 17:24:39 2006
_ldap_grgetvals - end: 126226: Thu Nov 23 17:24:39 2006
doCommand - ldap_getgrent() completed: 126226: Thu Nov 23 17:24:39 2006
reqtype = 42, reqdata = : 126226: Thu Nov 23 17:24:39 2006
ldap_getgrent: 126226: Thu Nov 23 17:24:39 2006
_ldap_grgetvals - start: 126226: Thu Nov 23 17:24:39 2006
_ldap_grgetvals - end: 126226: Thu Nov 23 17:24:39 2006
doCommand - ldap_getgrent() completed: 126226: Thu Nov 23 17:24:39 2006
reqtype = 42, reqdata = : 126226: Thu Nov 23 17:24:39 2006
ldap_getgrent: 126226: Thu Nov 23 17:24:39 2006
_ldap_grgetvals - start: 126226: Thu Nov 23 17:24:39 2006
_ldap_grgetvals - end: 126226: Thu Nov 23 17:24:39 2006
doCommand - ldap_getgrent() completed: 126226: Thu Nov 23 17:24:39 2006
reqtype = 42, reqdata = : 126226: Thu Nov 23 17:24:39 2006
ldap_getgrent: 126226: Thu Nov 23 17:24:39 2006
_ldap_grgetvals - start: 126226: Thu Nov 23 17:24:39 2006
_ldap_grgetvals - end: 126226: Thu Nov 23 17:24:39 2006
doCommand - ldap_getgrent() completed: 126226: Thu Nov 23 17:24:39 2006
reqtype = 42, reqdata = : 126226: Thu Nov 23 17:24:39 2006
ldap_getgrent: 126226: Thu Nov 23 17:24:39 2006
_ldap_grgetvals - start: 126226: Thu Nov 23 17:24:39 2006
_ldap_grgetvals - end: 126226: Thu Nov 23 17:24:39 2006
doCommand - ldap_getgrent() completed: 126226: Thu Nov 23 17:24:39 2006
reqtype = 42, reqdata = : 126226: Thu Nov 23 17:24:39 2006
ldap_getgrent: 126226: Thu Nov 23 17:24:39 2006
_ldap_grgetvals - start: 126226: Thu Nov 23 17:24:39 2006
_ldap_grgetvals - end: 126226: Thu Nov 23 17:24:39 2006
doCommand - ldap_getgrent() completed: 126226: Thu Nov 23 17:24:39 2006
reqtype = 42, reqdata = : 126226: Thu Nov 23 17:24:39 2006
ldap_getgrent: 126226: Thu Nov 23 17:24:39 2006
_ldap_grgetvals - start: 126226: Thu Nov 23 17:24:39 2006
_ldap_grgetvals - end: 126226: Thu Nov 23 17:24:39 2006
doCommand - ldap_getgrent() completed: 126226: Thu Nov 23 17:24:39 2006
reqtype = 42, reqdata = : 126226: Thu Nov 23 17:24:39 2006
ldap_getgrent: 126226: Thu Nov 23 17:24:39 2006
_ldap_grgetvals - start: 126226: Thu Nov 23 17:24:39 2006
_ldap_grgetvals - end: 126226: Thu Nov 23 17:24:39 2006
doCommand - ldap_getgrent() completed: 126226: Thu Nov 23 17:24:39 2006
reqtype = 42, reqdata = : 126226: Thu Nov 23 17:24:39 2006
ldap_getgrent: 126226: Thu Nov 23 17:24:39 2006
_ldap_grgetvals - start: 126226: Thu Nov 23 17:24:39 2006
_ldap_grgetvals - end: 126226: Thu Nov 23 17:24:39 2006
doCommand - ldap_getgrent() completed: 126226: Thu Nov 23 17:24:39 2006
reqtype = 42, reqdata = : 126226: Thu Nov 23 17:24:39 2006
ldap_getgrent: 126226: Thu Nov 23 17:24:39 2006
_ldap_grgetvals - start: 126226: Thu Nov 23 17:24:39 2006
_ldap_grgetvals - end: 126226: Thu Nov 23 17:24:39 2006
doCommand - ldap_getgrent() completed: 126226: Thu Nov 23 17:24:39 2006
reqtype = 42, reqdata = : 126226: Thu Nov 23 17:24:39 2006
ldap_getgrent: 126226: Thu Nov 23 17:24:39 2006
doCommand - ldap_getgrent() failed: 126226: Thu Nov 23 17:24:39 2006
doCommand - end: 126226: Thu Nov 23 17:24:39 2006
THREAD 0 exiting: 126226: Thu Nov 23 17:24:39 2006
-------------------------------------------
I suppose that other module and/or patch are necessary!
In my Tru64 Machine are installed this modules:
setld -i | grep -i LDAP
LDPUTILS120 - LDAP Client Utilities
OSFLDPAUTH540 - LDAP Authentication (Network-Server/Communications)
setld -i | grep -i Netscape
OSFNETSCAPE540 - Netscape Communicator V4.76 (Windows Applications)
OSFNETSCAPECLT540 - Netscape 6.2.3 Web Client (Windowing Environment)
OSFNETSCAPEGRT540 - Netscape 6.2.3 Gnome Runtime Support(Windowing Environment)
How are the pre-requisiste module that must be installed on machine Tru64?...The module that are installed on my Tru64 machine are sufficient?
Thanks!