winbind

Mon Dec 3 14:01:14 MST 2012

Hello,
Centos 6.3 is somehow different in ldap auth
Here is my config that works:

[root at cerberus ~]# cat /etc/ldap.conf
#start_tls
ssl no
suffix "cn=aviamotors,cn=ro"
bind_policy soft
timelimit 30
bind_timelimit 30

#uri ldaps://auth.aviamotors.ro ldaps://smtp.aviamotors.ro
uri ldap://smtp.aviamotors.ro/

pam_password md5

ldap_version 3

pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberuid

nss_base_passwd ou=Users,dc=aviamotors,dc=ro
nss_base_shadow ou=Users,dc=aviamotors,dc=ro
nss_base_group  ou=Groups,dc=aviamotors,dc=ro
nss_base_hosts  ou=Computers,dc=aviamotors,dc=ro

scope one

TLS_CACERT     /etc/openldap/certs/cacert.pem
TLS_CERT     /etc/openldap/certs/servercrt.pem
TLS_KEY     /etc/openldap/certs/serverkey.pem
base cn=aviamotors,cn=ro
tls_cacertdir /etc/openldap/cacerts

[root at cerberus ~]# cat /etc/nsswitch.conf
passwd:     files ldap
shadow:     files ldap
group:      files ldap

hosts:      files dns
networks:    files dns

services:   files
protocols:   files db
rpc:         files db
ethers:      files db
netmasks:    files
netgroup:   files ldap
bootparams:  files

automount:  files ldap
aliases:     files ldap

[root at cerberus ~]# cat /etc/nslcd.conf
uri ldap://10.124.112.5
base dc=aviamotors,dc=ro
uid nslcd
gid ldap

nslcd daemon is essential. It seems that it replaces nsswitch.conf and
pam.d configs.

use the ip of the ldap and not the dns name. I could not make it work with
the ip.

[root at cerberus ~]# cat /etc/resolv.conf
options single-request-reopen
nameserver 10.124.112.3

[root at cerberus ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen
1000
    link/ether 00:1e:67:2f:46:dc brd ff:ff:ff:ff:ff:ff
    inet 192.168.30.250/24 brd 192.168.30.255 scope global eth0
    inet 10.124.112.3/24 brd 10.124.112.255 scope global eth0:0
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:1e:67:2f:46:dd brd ff:ff:ff:ff:ff:ff

[root at cerberus ~]# service --status-all
abrtd (pid  2021) is running...
abrt-dump-oops (pid 2029) is running...
acpid (pid  1865) is running...
atd (pid  2063) is running...
auditd (pid  1558) is running...
automount (pid  1954) is running...
named is stopped
certmonger is stopped
Stopped
cgred is stopped
Frequency scaling enabled using ondemand governor
crond (pid  2052) is running...
cupsd (pid  1840) is running...
hald (pid  1874) is running...
ip6tables: Firewall is not running.
iptables: Firewall is not running.
irqbalance (pid  1638) is running...
kadmind is stopped
Kdump is operational
kpropd is stopped
krb5kdc is stopped
ksm is not running
ksmtuned (pid  2043) is running...
ktune settings are not applied.
started
lvmetad is stopped
qpidd is stopped
matahari-qmf-hostd is stopped
matahari-qmf-networkd is stopped
matahari-qmf-rpcd is stopped
matahari-qmf-serviced is stopped
matahari-qmf-sysconfigd is stopped
matahari-qmf-sysconfig-consoled is stopped
Checking for mcelog
mcelog (pid  1735) is running...
mdmonitor (pid  1683) is running...
messagebus (pid  1818) is running...
No open transaction
netconsole module not loaded
Configured devices:
lo eth0 eth1
Currently active devices:
lo eth0
rpc.svcgssd is stopped
rpc.mountd is stopped
nfsd is stopped
rpc.rquotad is stopped
rpc.statd (pid  1670) is running...
nscd (pid 1971) is running...
nslcd (pid  1583) is running...
ntpd (pid  1999) is running...
oddjobd (pid  2071) is running...
portreserve (pid  1576) is running...
master is stopped
Process accounting is disabled.
qpidd is stopped
quota_nld is stopped
rdisc is stopped
rngd is stopped
rpcbind (pid  1652) is running...
rpc.gssd is stopped
rpc.idmapd (pid 1716) is running...
rpc.svcgssd is stopped
rsyslogd (pid  1596) is running...
sandbox is stopped
saslauthd is stopped
slapd is stopped
smartd is stopped
openssh-daemon (pid  1983) is running...
tuned is stopped
xinetd (pid  1991) is running...
ypbind is stopped
[root at cerberus ~]# service
Usage: service < option > | --status-all | [ service_name [ command |
--full-restart ] ]
[root at cerberus ~]# service --status-all
abrtd (pid  2021) is running...
abrt-dump-oops (pid 2029) is running...
acpid (pid  1865) is running...
atd (pid  2063) is running...
auditd (pid  1558) is running...
automount (pid  1954) is running...
named is stopped
certmonger is stopped
Stopped
cgred is stopped
Frequency scaling enabled using ondemand governor
crond (pid  2052) is running...
cupsd (pid  1840) is running...
hald (pid  1874) is running...
ip6tables: Firewall is not running.
iptables: Firewall is not running.
irqbalance (pid  1638) is running...
kadmind is stopped
Kdump is operational
kpropd is stopped
krb5kdc is stopped
ksm is not running
ksmtuned (pid  2043) is running...
ktune settings are not applied.
started
lvmetad is stopped
qpidd is stopped
matahari-qmf-hostd is stopped
matahari-qmf-networkd is stopped
matahari-qmf-rpcd is stopped
matahari-qmf-serviced is stopped
matahari-qmf-sysconfigd is stopped
matahari-qmf-sysconfig-consoled is stopped
Checking for mcelog
mcelog (pid  1735) is running...
mdmonitor (pid  1683) is running...
messagebus (pid  1818) is running...
No open transaction
netconsole module not loaded
Configured devices:
lo eth0 eth1
Currently active devices:
lo eth0
rpc.svcgssd is stopped
rpc.mountd is stopped
nfsd is stopped
rpc.rquotad is stopped
rpc.statd (pid  1670) is running...
nscd (pid 1971) is running...
nslcd (pid  1583) is running...
ntpd (pid  1999) is running...
oddjobd (pid  2071) is running...
portreserve (pid  1576) is running...
master is stopped
Process accounting is disabled.
qpidd is stopped
quota_nld is stopped
rdisc is stopped
rngd is stopped
rpcbind (pid  1652) is running...
rpc.gssd is stopped
rpc.idmapd (pid 1716) is running...
rpc.svcgssd is stopped
rsyslogd (pid  1596) is running...
sandbox is stopped
saslauthd is stopped
slapd is stopped
smartd is stopped
openssh-daemon (pid  1983) is running...
tuned is stopped
xinetd (pid  1991) is running...
ypbind is stopped

-- 
___________________________________________________
Cu stima/Best regards/Mit freundlichen Grüßen/最好的问候,

Chirana-Gheorghita Eugeniu-Theodor
Bucharest, Romania

e-mail : office at adaptcom.ro
mobile: 0743 698721
            0747 447675