Re: LDAP authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/17/2011 09:27 AM, Luc MAIGNAN wrote:
> Hi,
> 
> I want to use openLDAP to authenticate users to log-in.
> 
> In the previous versions of Fedora, I just use system-config-auth but it 
> doesn't seem to work in F14.
> 
> Has someone a good and pretty HOWTO to explain how to do this ?


That's concerning. System-config-auth saw a major overhaul in F13 to
support SSSD for LDAP authentication. What did you try to do, and how
did it fail?

As for a HOWTO, the answer should be:

Run authconfig-gtk (aka system-config-authentication), select LDAP for
user identity store and authentication and set up the certificate.

One change from older versions of Fedora is that, with SSSD, you cannot
use authentication against LDAP without encryption. This is because the
simple bind password would otherwise be sent in the clear over the wire.
Older versions of Fedora allowed using unencrypted auth, but no longer
(for your protection).

After running authconfig-gtk, can you attempt to do a user lookup on the
user you want to log in as with
getent passwd <username>

If that returns the correct information, then we know at least that it's
getting users correctly. The next thing to check after that would be to
try to log in and then look at /var/log/secure and /var/log/messages for
errors.


- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk00V3sACgkQeiVVYja6o6O8VACeLQLYANxAnClXUyOKoQ0MZmCK
QaEAnRaLBc89WnYznAAKH7y8Tcvqzomb
=46Zw
-----END PGP SIGNATURE-----
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux