View previous topic :: View next topic |
Author |
Message |
midway Apprentice
Joined: 01 Jun 2012 Posts: 181 Location: somewhr in the blighty
|
Posted: Thu Sep 27, 2012 12:02 pm Post subject: [solved] ldap stopped working |
|
|
hiya,
my webpage is not accepting any ldap login's anymore
any possible root cause and how to resolve this?
we use symfony cms package to host our intranet webpage. since yesterday (that is when I noticed) the ldap connection on this webpage has broken. When users/admin try to login then nothing happens (can not log in and no errors etc.)
many thanks.
Last edited by midway on Wed Oct 03, 2012 11:41 am; edited 1 time in total |
|
Back to top |
|
|
midway Apprentice
Joined: 01 Jun 2012 Posts: 181 Location: somewhr in the blighty
|
Posted: Mon Oct 01, 2012 11:16 am Post subject: |
|
|
bump |
|
Back to top |
|
|
Veldrin Veteran
Joined: 27 Jul 2004 Posts: 1945 Location: Zurich, Switzerland
|
Posted: Mon Oct 01, 2012 12:28 pm Post subject: |
|
|
bumping is usually a bad idea, as it suggests, that there i already an answer, and the thread is likely to be ignored.
systems do not just stop working.
what has changed? any update?
if you check on the ldap server: do you see connection from your web server?
is the ldap server working properly?
At this point I am just wild guessing.
please provide some additional information about the setup.
V. _________________ read the portage output!
If my answer is too concise, ask for an explanation. |
|
Back to top |
|
|
midway Apprentice
Joined: 01 Jun 2012 Posts: 181 Location: somewhr in the blighty
|
Posted: Mon Oct 01, 2012 12:52 pm Post subject: |
|
|
Veldrin wrote: | bumping is usually a bad idea, as it suggests, that there i already an answer, and the thread is likely to be ignored.
systems do not just stop working.
what has changed? any update?
if you check on the ldap server: do you see connection from your web server?
is the ldap server working properly?
At this point I am just wild guessing.
please provide some additional information about the setup.
V. |
ldap server is working fine. our other servers are authenticating through the same ldap. It might sound strange but yes there was no update done in last 2 days (when i was away) and on my return the ldap authentication stopped working. I tried downgrading php (as i read some versions of symfony has compatibility issues with newest php). but that didnt work. I have also tried running the machine from a backup but no joy. |
|
Back to top |
|
|
midway Apprentice
Joined: 01 Jun 2012 Posts: 181 Location: somewhr in the blighty
|
Posted: Tue Oct 02, 2012 3:37 pm Post subject: |
|
|
ok, i gave-up on the idea of symfony plugin now. i am looking towards samba (where i should have looked in the first instance).
Code: |
# cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = abc.com
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
abc.com = {
kdc = d.abc.com:88
admin_server = d.abc.com:749
default_domain = abc.com
}
[domain_realm]
.abc.com = abc.com
abc.com = abc.com
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
|
smb.conf
Code: |
[global]
workgroup = abc
netbios name = e
server string = Samba Server %v
local master = no
preferred master = no
domain logons = no
wins server = 193.63.xx.xx
wins proxy = no
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
os level = 20
max log size = 50
encrypt passwords = yes
dns proxy = no
password server = *
security = ADS
realm = abc.com
username map = /etc/samba/smbusers
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 IPTOS_LOWDELAY
add user script = /usr/sbin/useradd -m %u
valid users = midway
[homes]
comment = Home Directories
browseable = yes
writable = yes
case sensitive = no
[intranet]
comment = intranet
writable = yes
path = /home/intranet
force user = intranet
force group = intranet
valid users = midway
|
Code: |
# net ads testjoin
[2012/10/02 16:34:32.540348, 0] libads/kerberos.c:333(ads_kinit_password)
kerberos_kinit_password e$@abc.com failed: Preauthentication failed
# net ads status
Enter root's password:
[2012/10/02 16:17:41.367505, 0] libads/kerberos.c:333(ads_kinit_password)
kerberos_kinit_password root@abc.com failed: Client not found in Kerberos database
# klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
|
many thanks for your time. |
|
Back to top |
|
|
midway Apprentice
Joined: 01 Jun 2012 Posts: 181 Location: somewhr in the blighty
|
Posted: Wed Oct 03, 2012 11:41 am Post subject: |
|
|
ok, solved it.
a very simple fix that is rejoining the domain did the trick.
Code: |
net ads join -U admin
password:
NT_STATUS_OK: Success (0x0)
ntlm_auth --username="midway" --domain="abc" --require-membership-of="abc\adgroup"
password:
NT_STATUS_OK: Success (0x0)
|
|
|
Back to top |
|
|
|