You are not logged in.

Pages: 1

#1 2009-03-18 10:20:37

Gruntz
Member
From: Haskovo, Bulgaria
Registered: 2007-08-31
Posts: 291

LDAP authentication, sudo, ssl

Hi everyone.

First I asked in the CentOS5 forums, but no one can answer me there, so I decided that I can ask in my favorite forum :Pp~

I have a problem with my system and here it is:
I have Centos 5, set to use openldap server for user authentication. Both are using SSL for secure comunication. The authentication of the users is working as charm, but the sudo is not working. If I set the server and the client not to use SSL, sudo is working, but I want to use only ssl for comunication.

Here is what I have in the /var/log/messages

Mar 16 10:14:18 client_PC sudo: nss_ldap: failed to bind to LDAP server ldaps://ldap1.company.com: Can't contact LDAP server
Mar 16 10:14:18 client_PC sudo: nss_ldap: failed to bind to LDAP server ldaps://ldap2.company.com: Can't contact LDAP server
Mar 16 10:14:18 client_PC sudo: nss_ldap: could not search LDAP server - Server is unavailable

I have two openldap servers, that is why there are two rols of servers on the log. Everything is working if there is no SSL, but when I turn on the ssl, only the authentication is working, but the sudi is not.

Here is my /etc/ldap.conf:

base dc=company,dc=com
uri ldaps://ldap1.company.com ldaps://ldap2.company.com
sudoers_base ou=SUDOers,dc=sepbulgaria,dc=com
sudoers_debug 1
binddn cn=root,dc=company,dc=com
bindpw password
timelimit 120
bind_timelimit 120
bind_policy soft
idle_timelimit 3600
pam_password crypt
pam_password exop
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman
ssl start_tls
ssl on

And here is my /etc/openldap/ldap.conf

BASE            dc=company,dc=com
URI             ldaps://ldap1.company.com   ldaps://ldap2.company.com
TLS_REQCERT     allow

And when I try to make sudo I got:

sudo: uid 2001 does not exist in the passwd file!

And this is my /etc/nsswitch.conf:

passwd: files ldap
shadow: files ldap
group: files ldap
sudoers: files ldap
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus

Can someone give mi some hint.

Regards.

Offline

Pages: 1

Board footer

Powered by FluxBB