Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] ldap stopped working
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
midway
Apprentice
Apprentice


Joined: 01 Jun 2012
Posts: 181
Location: somewhr in the blighty

PostPosted: Thu Sep 27, 2012 12:02 pm    Post subject: [solved] ldap stopped working Reply with quote

hiya,

my webpage is not accepting any ldap login's anymore :(
any possible root cause and how to resolve this?

we use symfony cms package to host our intranet webpage. since yesterday (that is when I noticed) the ldap connection on this webpage has broken. When users/admin try to login then nothing happens (can not log in and no errors etc.)

many thanks.


Last edited by midway on Wed Oct 03, 2012 11:41 am; edited 1 time in total
Back to top
View user's profile Send private message
midway
Apprentice
Apprentice


Joined: 01 Jun 2012
Posts: 181
Location: somewhr in the blighty

PostPosted: Mon Oct 01, 2012 11:16 am    Post subject: Reply with quote

bump
Back to top
View user's profile Send private message
Veldrin
Veteran
Veteran


Joined: 27 Jul 2004
Posts: 1945
Location: Zurich, Switzerland

PostPosted: Mon Oct 01, 2012 12:28 pm    Post subject: Reply with quote

bumping is usually a bad idea, as it suggests, that there i already an answer, and the thread is likely to be ignored.

systems do not just stop working.
what has changed? any update?

if you check on the ldap server: do you see connection from your web server?
is the ldap server working properly?

At this point I am just wild guessing.
please provide some additional information about the setup.


V.
_________________
read the portage output!
If my answer is too concise, ask for an explanation.
Back to top
View user's profile Send private message
midway
Apprentice
Apprentice


Joined: 01 Jun 2012
Posts: 181
Location: somewhr in the blighty

PostPosted: Mon Oct 01, 2012 12:52 pm    Post subject: Reply with quote

Veldrin wrote:
bumping is usually a bad idea, as it suggests, that there i already an answer, and the thread is likely to be ignored.

systems do not just stop working.
what has changed? any update?

if you check on the ldap server: do you see connection from your web server?
is the ldap server working properly?

At this point I am just wild guessing.
please provide some additional information about the setup.


V.


ldap server is working fine. our other servers are authenticating through the same ldap. It might sound strange but yes there was no update done in last 2 days (when i was away) and on my return the ldap authentication stopped working. I tried downgrading php (as i read some versions of symfony has compatibility issues with newest php). but that didnt work. I have also tried running the machine from a backup but no joy.
Back to top
View user's profile Send private message
midway
Apprentice
Apprentice


Joined: 01 Jun 2012
Posts: 181
Location: somewhr in the blighty

PostPosted: Tue Oct 02, 2012 3:37 pm    Post subject: Reply with quote

ok, i gave-up on the idea of symfony plugin now. i am looking towards samba (where i should have looked in the first instance).

Code:

 # cat /etc/krb5.conf
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = abc.com
 dns_lookup_realm = false
 dns_lookup_kdc = false

[realms]
 abc.com = {
  kdc = d.abc.com:88
  admin_server = d.abc.com:749
  default_domain = abc.com
 }

[domain_realm]
 .abc.com = abc.com
  abc.com = abc.com

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }


smb.conf
Code:

[global]
workgroup = abc
netbios name = e
server string = Samba Server %v
local master = no
preferred master = no
domain logons = no
wins server = 193.63.xx.xx
wins proxy = no
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
os level = 20
max log size = 50
encrypt passwords = yes
dns proxy = no
password server = *
security = ADS
realm = abc.com
username map = /etc/samba/smbusers
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 IPTOS_LOWDELAY
add user script = /usr/sbin/useradd -m %u
valid users = midway

[homes]
comment = Home Directories
browseable = yes
writable = yes
case sensitive = no

[intranet]
comment = intranet
writable = yes
path = /home/intranet
force user = intranet
force group = intranet
valid users = midway


Code:

 # net ads testjoin
[2012/10/02 16:34:32.540348,  0] libads/kerberos.c:333(ads_kinit_password)
  kerberos_kinit_password e$@abc.com failed: Preauthentication failed

# net ads status
Enter root's password:
[2012/10/02 16:17:41.367505,  0] libads/kerberos.c:333(ads_kinit_password)
  kerberos_kinit_password root@abc.com failed: Client not found in Kerberos database

# klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)


many thanks for your time.
Back to top
View user's profile Send private message
midway
Apprentice
Apprentice


Joined: 01 Jun 2012
Posts: 181
Location: somewhr in the blighty

PostPosted: Wed Oct 03, 2012 11:41 am    Post subject: Reply with quote

ok, solved it.

a very simple fix that is rejoining the domain did the trick.

Code:

net ads join -U admin
password:
NT_STATUS_OK: Success (0x0)

ntlm_auth --username="midway" --domain="abc" --require-membership-of="abc\adgroup"
password:
NT_STATUS_OK: Success (0x0)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum