Single sign-on help requested
Matthew Gillen
me-5yx05kfkO/aqeI1yJSURBw at public.gmane.org
Thu Aug 23 11:16:34 EDT 2007
Scott Ehrlich wrote:
> I tweaked the LDAP and Kerberos settings using the CentOS/RH GUIs, and
> have the clients looking to the RH box for authentication.
>
> I also have the firewall enabled, but am letting kerberos and ldap ports
> through as tcp.
>
> During a login test, /var/log/messages on the client showed:
>
> lin1 gdm[pid]: nss_ldap: failed to bind to LDAP server
> ldap://192.168.1.100: Can't contact LDAP server
>
> lin1 gdm[pid]: nss_ldap: reconnecting to LDAP server (sleeping 32
> seconds)...
>
> lin1 dbus-daemon: nss_ldap: failed to bind to LDAP server
> ldap://192.168.1.100: Can't contact LDAP server
>
> lin1 dbus-daemon: dss_ldap: failed to bind to LDAP server...
I'd log into the client box as root or some local user, and use some
ldap-browsing utilities (RHEL5 docs suggest this tool:
http://www-unix.mcs.anl.gov/~gawor/ldap/ ) to see if it's your local
configuration, or if the server is misconfigured.
(it's also worthwhile to check /var/log/messages on the server box to see if
there are any "unauthorized client" types of messages).
If you're able to connect and browse via a stand-alone tool, that eliminates a
lot of possibilities.
> Anyway, what am I missing? Anything special RH 5 is doing compared to
> the openldap docs?
According to the docs
(https://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/ch-ldap.html
), it doesn't appear so.
> The goal is a to permit my test user, created on the server, to sit at a
> workstation, boot into either Linux or XP, and get their home directory.
>
> Ideally, the server only needs to consist of one account for them, which
> they get upon login on the workstation.
That's definitely do-able. (although you might need XP-Pro, since XP-Home has
some useful networking features broken).
> I want to highly restrict _any_ third-party tools/apps/etc. I will be
> happy to take suggestions and leads, but I want to try and rely on what
> RH has provided.
>
> Thanks for any insight/help.
>
> Scott
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Discuss
mailing list