Follow me389 Directory Server formerly the Fedora Directory Server is an enterprise-class open source LDAP server for Linux. This article will show you how to setup the 389 Directory Server.
Make sure that your host name is properly registered in your DNS or /etc/hosts file. Check if your hostname is registered properly by executing
ping mail.acme.localin a terminal window, replace mail.acme.local with your own host name. If it returns 127.0.0.1 or unknown host that means it is not registered properly.
Installing 389 Directory Server
1. Type in the command below to update your Red Hat Enterprise Linux 5 or CentOS 5 to version 5.3 or higher.
yum updateVersion 5.3 and above is required to run the 389 Directory Server.
2. Install 389 Directory Server by typing in the commands below in a terminal window. This is the content of fedora-ds.repo.
cd /etc/yum.repos.d wget www.linuxmail.info/files/fedora-ds.repo yum install 389-ds openldap-clients
3. Create a new user and group named fds. This account will be used to run the fds service. Learn how to create a new user.
4. Type in setup-ds-admin.pl in a terminal window to setup 389 Directory Server. Most of the time, the default is simply accepted indicated by the ↵ in the sample session below.[root@mail ~]# setup-ds-admin.pl ============================================================================== This program will set up the 389 Directory and Administration Servers. It is recommended that you have "root" privilege to set up the software. Tips for using this program: - Press "Enter" to choose the default and go to the next screen - Type "Control-B" then "Enter" to go back to the previous screen - Type "Control-C" to cancel the setup program Would you like to continue with set up? [yes]: ↵ ============================================================================== BY SETTING UP AND USING THIS SOFTWARE YOU ARE CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THE AGREEMENT FOUND IN THE LICENSE.TXT FILE. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, PLEASE DO NOT SET UP OR USE THIS SOFTWARE. Do you agree to the license terms? [no]: yes ============================================================================== Your system has been scanned for potential problems, missing patches, etc. The following output is a report of the items found that need to be addressed before running this software in a production environment. 389 Directory Server system tuning analysis version 10-AUGUST-2007. NOTICE : System is i686-unknown-linux2.6.18-53.el5 (1 processor). WARNING: 376MB of physical memory is available on the system. 1024MB is recommended for best performance on large production system. NOTICE : The net.ipv4.tcp_keepalive_time is set to 7200000 milliseconds (120 minutes). This may cause temporary server congestion from lost client connections. WARNING: There are only 1024 file descriptors (hard limit) available, which limit the number of simultaneous connections. WARNING: There are only 1024 file descriptors (soft limit) available, which limit the number of simultaneous connections. Would you like to continue? [no]: yes ============================================================================== Choose a setup type: 1. Express Allows you to quickly set up the servers using the most common options and pre-defined defaults. Useful for quick evaluation of the products. 2. Typical Allows you to specify common defaults and options. 3. Custom Allows you to specify more advanced options. This is recommended for experienced server administrators only. To accept the default shown in brackets, press the Enter key. Choose a setup type [2]: ↵ ============================================================================== Enter the fully qualified domain name of the computer on which you're setting up server software. Using the form <hostname>.<domainname> Example: eros.example.com. To accept the default shown in brackets, press the Enter key. Computer name [mail.acme.local]: ↵ ============================================================================== The servers must run as a specific user in a specific group. It is strongly recommended that this user should have no privileges on the computer (i.e. a non-root user). The setup procedure will give this user/group some permissions in specific paths/files to perform server-specific operations. If you have not yet created a user and group for the servers, create this user and group using your native operating system utilities. System User [nobody]: fds System Group [nobody]: fds ============================================================================== Server information is stored in the configuration directory server. This information is used by the console and administration server to configure and manage your servers. If you have already set up a configuration directory server, you should register any servers you set up or create with the configuration server. To do so, the following information about the configuration server is required: the fully qualified host name of the form <hostname>.<domainname>(e.g. hostname.example.com), the port number (default 389), the suffix, the DN and password of a user having permission to write the configuration information, usually the configuration directory administrator, and if you are using security (TLS/SSL). If you are using TLS/SSL, specify the TLS/SSL (LDAPS) port number (default 636) instead of the regular LDAP port number, and provide the CA certificate (in PEM/ASCII format). If you do not yet have a configuration directory server, enter 'No' to be prompted to set up one. Do you want to register this software with an existing configuration directory server? [no]: ↵ ============================================================================== Please enter the administrator ID for the configuration directory server. This is the ID typically used to log in to the console. You will also be prompted for the password. Configuration directory server administrator ID [admin]: ↵ Password: Password (confirm): ============================================================================== The information stored in the configuration directory server can be separated into different Administration Domains. If you are managing multiple software releases at the same time, or managing information about multiple domains, you may use the Administration Domain to keep them separate. If you are not using administrative domains, press Enter to select the default. Otherwise, enter some descriptive, unique name for the administration domain, such as the name of the organization responsible for managing the domain. Administration Domain [acme.local]: ↵ ============================================================================== The standard directory server network port number is 389. However, if you are not logged as the superuser, or port 389 is in use, the default value will be a random unused port number greater than 1024. If you want to use port 389, make sure that you are logged in as the superuser, that port 389 is not in use. Directory server network port [389]: ↵ ============================================================================== Each instance of a directory server requires a unique identifier. This identifier is used to name the various instance specific files and directories in the file system, as well as for other uses as a server instance identifier. Directory server identifier [mail]: ↵ ============================================================================== The suffix is the root of your directory tree. The suffix must be a valid DN. It is recommended that you use the dc=domaincomponent suffix convention. For example, if your domain is example.com, you should use dc=example,dc=com for your suffix. Setup will create this initial suffix for you, but you may have more than one suffix. Use the directory server utilities to create additional suffixes. Suffix [dc=acme, dc=local]: ↵ ============================================================================== Certain directory server operations require an administrative user. This user is referred to as the Directory Manager and typically has a bind Distinguished Name (DN) of cn=Directory Manager. You will also be prompted for the password for this user. The password must be at least 8 characters long, and contain no spaces. Directory Manager DN [cn=Directory Manager]: ↵ Password: Password (confirm): ============================================================================== The Administration Server is separate from any of your web or application servers since it listens to a different port and access to it is restricted. Pick a port number between 1024 and 65535 to run your Administration Server on. You should NOT use a port number which you plan to run a web or application server on, rather, select a number which you will remember and which will not be used for anything else. Administration port [9830]: ↵ ============================================================================== The interactive phase is complete. The script will now set up your servers. Enter No or go Back if you want to change something. Are you ready to set up your servers? [yes]: ↵ Creating directory server . . . Your new DS instance 'mail' was successfully created. Creating the configuration directory server . . . Beginning Admin Server creation . . . Creating Admin Server files and directories . . . Updating adm.conf . . . Updating admpw . . . Registering admin server with the configuration directory server . . . Updating adm.conf with information from configuration directory server . . . Updating the configuration for the httpd engine . . . Starting admin server . . . The admin server was successfully started. Admin server was successfully created, configured, and started. Exiting . . . Log file is '/tmp/setupcT78dr.log' [root@mail ~]#
5. Setup the 389 Directory Server SSL by executing the commands below in a terminal windowwget http://github.com/richm/scripts/blob/master%2Fsetupssl2.sh?raw=true -O setupssl2.sh chmod +x setupssl2.sh ./setupssl2.sh /etc/dirsrv/slapd-mailReplace mail with your own server instance. During setup, you will be asked for the password of directory manager.
6. Start the dirsrv and dirsrv-admin service. Learn how to stop and start services here.Administering 389 Directory Server
1. From a terminal window, type in 389-console. This will launch the 389 Management Console Login window.
User ID
cn=directory manager
Password
the directory manager password
Administration URL
localhost:9830
2. Success. Learn more about using the 389 Management Console.Related Pages
Visit the forum to ask for help or to give a comment.
***
Posted on 5/25/2008 and last updated on 8/2/2010
Filed under 389 Directory Server , CentOS 5 , LDAP , Red Hat Enterprise Linux 5
July 21st, 2008 at 11:22 am
Thanks, the above info been helpfull to me.
Dharmin
October 1st, 2008 at 11:28 pm
When I get to yum install fedora-ds openldap-clients it runs through all the proper stuff, asks me it is ok to install the depends, then stops here with error:
GPG key retrieval failed [errno 14] HTTP Error 404: not found.
Anything that I need to do to point to the proper GPG key?
October 2nd, 2008 at 11:59 pm
Hi J,
Please download fedora-ds.repo. I’ve updated it to add the missing GPG key.
October 4th, 2008 at 12:13 pm
Hello!
If I install ldap server as user nobody everything works fine. If I change username to anything else I get in the end:
Administration port [9830]:
==============================================================================
The interactive phase is complete. The script will now set up your
servers. Enter No or go Back if you want to change something.
Are you ready to set up your servers? [yes]:
Creating directory server . . .
Server failed to start !!! Please check errors log for problems
Error log is empty (/tmp/….log). OS is FC9 and I try to install as root.
October 6th, 2008 at 5:51 pm
try to change rights on /var/run/dirsrv
chmod 777 /var/run/dirsrv
and restart the setup
it should work
The new FDS (1.1.3) dos not set proper rights on this directory
October 6th, 2008 at 10:06 pm
Hi said,
You’re right the setup indeed worked after setting the permission on /var/run/dirsrv. Thanks for the tip.
October 15th, 2008 at 11:41 am
Excellent! It is installed well.But I couldn’t get setupssl2.sh file.where can I get it.Except that it is working fine.I have some more doubt that how to set group policies to the user or group..
anyone plz guide me…thanks in advance..
October 15th, 2008 at 10:42 pm
Hi Selvakumar,
It seems the script is no longer available in the Fedora download directory. You can get it at
http://github.com/richm/scripts/tree/master%2Fsetupssl2.sh?raw=true
October 16th, 2008 at 8:48 am
I got the setupssl2.sh file from that location you mentioned.I installed it well as you mentioned above.But I am struggling to setup Group policies to the group and users.How can I setup and apply?Is there any other location for group policies?Plz guide me.Thanks a lot in advance
October 16th, 2008 at 2:04 pm
Hi Selvakumar,
Sorry, this is not Active Directory. Fedora Directory Server is only an LDAP directory.
October 17th, 2008 at 8:02 am
ok.Thanks.What is the difference between Fedora Directory server and windows ADS.How can I control users by FDS
October 17th, 2008 at 3:42 pm
Fedora Directory Server is just an LDAP directory, a central repository of information like contact and email address. Active Directory on the other hand is a technology created by Microsoft which provides a variety of network services like ldap directory, kerberos authentication, group policies, software deployment etc.
October 18th, 2008 at 7:31 am
Thank you.I want to control users changing desktop’s background image and also I want to push a common background image to all the users desktop.What kinds of attributes should be used.Thank you for your kind response.
October 19th, 2008 at 2:53 pm
Sorry, but what you are asking for is impossible to accomplish with FDS.
October 20th, 2008 at 8:38 am
ok.I would like to know that how to set auto-generated UID/GID in FDS because I have to set UID for each and every user manually.
October 21st, 2008 at 2:46 pm
Dear consultant I am waiting for your reply…
October 21st, 2008 at 3:07 pm
Hi Selvakumar,
There’s a libdna plugin in FDS, but I haven’t actually used it so you’ll just have to try it out yourself.
October 22nd, 2008 at 6:50 am
hi …
i need some info as how to create organisational units in fedora directory server…i m done with installation of server
October 30th, 2008 at 8:13 am
hi manohar!
you can create OU as follows select the “dc”(for example: example in example.com)and rightclick –>New–> “organisational unit” and give the name for it.
November 4th, 2008 at 5:24 am
hi selvakumar…
thanks for the reply…
i m not able to understand how to root suffix for the directory server,… i think i have to create root suffix first and then create OU and then users…
if u dont mind can help me understad this clearly..
November 4th, 2008 at 9:19 pm
Hi, I read your tutorial and i can see that you used a Fedora Directory Server in CentOS. My question is: Why Fedora Directory Server? Why not CentOS Directory Server?
The Fedora run better? now I am trying to configure the CentOS and I am getting an error… I will try the Fedora DS too, but first I want to know more things about Fedora DS
November 5th, 2008 at 12:35 pm
Hi Neriberto,
CentOS Directory Server is not yet production quality that’s why it is found in the Testing Repository. Fedora Directory Server on the other is production quality.
November 5th, 2008 at 4:03 pm
Ok, thanks!
I will try Fedora DS on my Testing Server
November 6th, 2008 at 4:29 am
hi..consultant…
pls guide me as how to create directory tree in fedora directory console.i also want to know how to create OU’s,groups and users under my dc.
November 18th, 2008 at 4:03 am
I have this msg when restarted dirsrv-admin:
/var/run/dirsrv is not writable for nobody [FAILED]
does anybody can help me, what that’s mean?
what does effect or troubles to my FDS?
November 18th, 2008 at 9:00 am
Hi, someone use this solution with samba? CentOS + Fedora Directory Server + Samba, some Howto?
tks.
November 18th, 2008 at 10:42 am
aKBaR,
See comment no. 5 of said, it might help.
November 18th, 2008 at 10:44 am
Neriberto,
See http://directory.fedoraproject.org/wiki/Howto:Samba
November 19th, 2008 at 2:43 am
Thx Mr. Consultant, it’s work! i can install my FDS, now would u help me again, just b’coz i’m newer using FC9 n’ fedora management console, guide me how to using fedora management console n’setup to my mail, group, user n’ for NFS?
p.s: sorry if i too much request.
December 2nd, 2008 at 5:40 pm
guys, DON’T follow the Samba howto linked earlier. It’s VERY outdated. Look at smbldap-tools, it’s possible to setup samba pdc with FDS backend in a half of an hour (if you have some samba knowledge, that is)
December 4th, 2008 at 9:04 am
Hi,
I am trying to migrate FDS with ADS(windows Active Directory Server).I could replicate all the user account from ADS to FDS,but I couldn’t replicate the all user password from ADS to FDS .can any linux expert help me?
December 15th, 2008 at 7:21 am
Hello all,
Well, when i’m reading the commen on this, I had problems that face almost the same. Perhaps colleagues, who know how to cofigure fds integration with nfs and also create a new login for users, I’m newbi n’ using Fedora Core 9, especially in the setup and configure FDS, honestly.. I just don’t know what should i do.
i have install FDS with the command: setup-ds-admin.pl continue into the console Fedora: Fedora-idm-console
I try to follow step tutorial from the official site http://directory.fedoraproject.org/ but it ended failed again and again … until I feel so hopeless I have been doing about for months to express this project, the boss’s patient, it’s smart out the results of his … please help me ….
i just want to know how to configure FDS integration with NFS, n’ make client/user can use fds.
December 17th, 2008 at 8:32 am
sorry I haven’t tried it yet.Now I am concentrating on FDS with ADS.
December 17th, 2008 at 9:55 am
Hi,
I have configured FDS and Syncronized with ADS.Every thing working fine.The password also syncronized between FDS server and ADS.When I change the password in windows client it is replicated to the FDS through ADS.But when I change the password in Linux client machine it does not replicated to the ADS. I need some clarification between FDS and ADS password policy.I hope some one will guide me.Thanks in advance.
December 23rd, 2008 at 8:14 am
hi selvakumar…
can pls send me the documentation link as how to synchronize FDS with ADS.
i will b very thnakfull if u can send me those links or details…
Regards
manohar
December 27th, 2008 at 9:41 am
Hi manokar these are the steps to be followed to sync with windows.
First you install the FDS as per linuxmail.info site.Then you follow the steps mentioned below.
My Setup:
echo -n “Creating password and noise file…”
#cd /etc/dirsrv/slapd-fdsserver (My server instance is fdsserver,and the fully qualified domain name is fdsserver.chennai.com)
echo “12345″ > /etc/dirsrv/slapd-fdsserver/pwdfile.txt
echo “12345″ > /etc/dirsrv/slapd-fdsserver/noise.txt
echo -n “Creating Databases…”
#certutil -N -d . -f pwdfile.txt
echo -n “Generating encryption key…”
#certutil -G -d . -z noise.txt -f pwdfile.txt
echo -n “Generating self-signed certificate…”
#certutil -S -n “CA certificate” -s “cn=CAcert” -x -t “CT,,” -m 1000 -v 120 -d . -z noise.txt -f pwdfile.txt
echo -n “Generating server certificate..”
#certutil -S -n “Server-Cert” -s “cn=fdsserver.chennai.com” -c “CA certificate” -t “u,u,u” -m 1001 -v 120 -d . -z noise.txt -f pwdfile.txt
mv key3.db slapd-msas-key3.db
mv cert8.db slapd-msas-cert8.db
ln -s slapd-msas-key3.db key3.db
ln -s slapd-chennai-cert8.db cert8.db
echo -n “Setting permissions..”
chown nobody.nobody /opt/dirsrv/slapd-fds*
echo -n “Exporting certificate..”
#certutil -L -d . -n “CA certificate” -r > cacert.der
echo “Converting certificate..”
openssl x509 -inform DER -in cacert.der -outform PEM -out cacert.pem
echo “Copying cacert.pem to /etc/openldap/cacerts..”
cp cacert.pem /etc/openldap/cacerts/
Enabling SSL in FDS
Enable SSL for your directory server.Go to Directory server–> configuration tab –> Encryption
*Enable SS for this server
*Use this Cipher family RSA
*uncheck hostname against name in certificate for outbound SSL connection.
restart FDS
Test SSL connections and ldapsearch netstat -an | grep 636
Install Active Directory on Windows Server
Install Certificate Services –> Enterprise root CA reboot Enable SSL on AD
1.Install Certificate Services on Windows 2000 Server and an Enterprise Certificate Authority in the Active Directory Domain. Make sure you install an Enterprise Certificate Authority.
2.2. Create a Security (Group) Policy to direct Domain Controllers to get an SSL certificate from the Certificate Authority (CA). 1. Open the Active Directory Users and Computers Administrative tool. 2. Under the domain, right-click on Domain Controllers.
3.3. Select Properties.
4.4. In the Group Policy tab, click to edit the Default Domain Controllers Policy.
5.5. Go to Computer Configuration->Windows Settings->Security Settings->Public Key Policies.
6.6. Right click Automatic Certificate Request Settings.
7.7. Select New.
8.8. Select Automatic Certificate Request.
9.9. Run the wizard. Select the Certificate Template for a Domain Controller.
10.10. Select your Enterprise Certificate Authority as the CA. Selecting a third-party CA works as well.
11.11. Complete the wizard.
12.12. All Domain Controllers now automatically request a certificate from the CA, and support LDAP using SSL on port 636. 3. Retrieve the Certificate Authority Certificate 1. Open a Web browser on the AD machine 2. Go to http://localhost/certsrv/ 3. Select the task Retrieve the CA certificate or certificate revocation list. 4. Click Next. 5. The next page automatically highlights the CA certificate. Click Download CA certificate. 6. A new download window opens. Save the file to the hard drive. Save in DER mode
Copy file to FDS server, convert to PEM format
openssl x509 -inform DER -in ad-cert.der -outform PEM -out ad-cert.pem
Import AD CA cert into FDS
certutil -A -d . -P slapd-instance- -t “CT,CT,CT” -a -i ad-cert.pem
check certs ( from /opt/fedora-ds/alias) certutil -L -d . -P slapd-instance
Check ldapsearch from FDS to AD
ldapsearch -Z -P -h -p -D ” -w -s -b “” “”
Install PassSync on Windows machine. Follow directions from Howto:WindowsSync (certificate creation) restart AD server
Enable Replication in Directory Server Console:
Go to configuration tab –> Replication –> enable changelog –> default Expand Replication, click UserRoot Check “Enable Replica” Single-master
restart FDS
right click win sync agreement –> Initiate Full Sync
In order for users to be created on the Windows side, users must have certain attributes.
e.g.
dn: uid=TBird,ou=People, dc=server,dc=com
givenName: Tweetie ntUserCreateNewAccount: true
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: ntuser
objectClass: posixAccount
facsimileTelephoneNumber: 510-555-5555
uid: TBird
mail: tbi…@server.com
uidNumber: 71209
cn: Tweetie Bird
ntUserComment: Tweetie Bird User Account
telephoneNumber: 510-555-5555
loginShell: /bin/bash
ntUserDomainId: tbird
gidNumber: 5000
ntUserDeleteAccount: true
gecos: Tweetie Bird
homeDirectory: /home/tbird
sn: Bird
userPassword::
I hope that I have this right.
January 1st, 2009 at 4:26 am
hi selvakumar…
Thanks for the detailed documentation…..
hope u will help further…..
wish u a very happy new year…
Regards
manohar
January 1st, 2009 at 4:06 pm
Hi selvakumar,
Thanks for the howto, those are really good stuff.
Hi manohar,
I’ve added a sync howto. You might find it useful.
January 9th, 2009 at 8:02 am
i successfully setup this centos directory server..first i have go thru to this link guide http://www.howtoforge.com/centos-directory-server-on-centos5.2..and the at certain stage i got stuck and then when i refer to you guide i have successfully installed the server..do you have any link how to manage the server..it possible for me to add new server instance e.g openldap from Zimbra mail server..
January 29th, 2009 at 2:15 am
Does anybody knows what is this mean? “ERROR: ld.so: object ‘/usr/lib/libssl3.so’ from LD_PRELOAD cannot be preloaded: ignored.”
when i try to install/setup FDS, appear this msg:
Are you ready to set up your servers? [yes]:
Creating directory server . . .
Your new DS instance ‘fds’ was successfully created.
Creating the configuration directory server . . .
Beginning Admin Server creation . . .
Creating Admin Server files and directories . . .
Updating adm.conf . . .
Updating admpw . . .
Registering admin server with the configuration directory server . . .
Updating adm.conf with information from configuration directory server . . .
Updating the configuration for the httpd engine . . .
Starting admin server . . .
output: ERROR: ld.so: object ‘/usr/lib/libssl3.so’ from LD_PRELOAD cannot be preloaded: ignored.
output: ERROR: ld.so: object ‘/usr/lib/libssl3.so’ from LD_PRELOAD cannot be preloaded: ignored.
The admin server was successfully started.
Admin server was successfully created, configured, and started.
Exiting . . .
Log file is ‘/tmp/setupNX4CR5.log’
please help me, n’ thx.
March 2nd, 2009 at 11:50 am
linux clients can login to fds but windows clients can’t login with an “an error occurred when dns was queried for the service location (SRV)…” error.
then i tried to use pGina but that doesn’t work in windows vista…is there any other software or another way to login from windows to fds?
March 3rd, 2009 at 11:30 am
hi willa
Its gr8 to hear that u are able to authenticate linux clients..
even i m not able to authenticate linux machines..
can u please send me the procedure as how to do that.,..
Regards
manohar
March 3rd, 2009 at 3:07 pm
hi manohar
our linux clients are fedora and centos; all clients can join fds without problem just with this command in terminal and then restart the client:
#authconfig –enableldap –enablemkhomedir –ldapserver=xxx.xxx.xxx.xxx –ldapbasedn=”dc=example,dc=com” –update
but notify me if you can login to fds by windows vista.
regards
March 4th, 2009 at 1:19 am
Hi willa,
Wow, it’s that simple. I was about to make an article on LDAP authentication based on my Active Directory Single Sign On article.
Regarding Vista authentication, the problem is Microsoft threw out Gina and replaced it with a PAM like Credential Providers. Credential Providers is a new technology so there’s still no pGina equivalent for it.
March 5th, 2009 at 8:57 am
hi willa,
I tried with the command u have given to me..
but authentication is not happening..
Are there any configurations which i have to make at server…
pls help me out in this regard
March 6th, 2009 at 7:39 am
hi,
the fds server doesn’t need any config…
look at your firewall for port 389 on server or nslookup the server name or server ip from clients and then getent passwd from clients to see the domain clients username….
March 6th, 2009 at 12:27 pm
Hi willa,
It is also not working in my case. I can login using SSH but not in Gnome Desktop. It seems there is an issue with gdm.
March 8th, 2009 at 10:29 pm
Hi willa,
Got it working. I just forgot your reboot the client step. Thanks.
March 8th, 2009 at 10:30 pm
Hi manohar,
If your setup is still not working, check out the LDAP Authentication article.
March 9th, 2009 at 8:12 am
hi willa…
Do i need to create accounts both in client machine and the server.
And how can u explain me the usage of getant passwd
March 9th, 2009 at 8:13 am
hi willa…
Do i need to create accounts both in client machine and the server.
And can u explain me the usage of getant passwd command
Regards
manohar
March 9th, 2009 at 8:03 pm
hi manohar,
you must create a user in server and a posix user for that user, then go to client and just do “#authconfig –enableldap …”
now you can (test the connectivity to server) put “#getent passwd” in terminal and enter.
the output is /etc/passwd file from domain server and you must see your username in the last line.
then reboot the client and in login use your username and passwd…
you don’t need to create any user in client.
regards
March 12th, 2009 at 7:19 am
hi willa..
i tried all the steps u have suggested me.
I created an user in the fds server and a posfix user for the same user in the fds, and i even created the user in the server.
After doing all these things i executed the the AUTHCONFIG command in the client and machine it was ok. but when i executed the getent passwd in client it not showing the user which i have created..
Thanks for the patence u have shown and giving me valuable suggestions & reply’s
pls suggest me necessary changes
waiting for ur reply.
Regards
manohar
March 12th, 2009 at 3:14 pm
hi manohar,
after installing the fedora directory server on your server you just need to create users in fds and not in server and you need to fill posix user section of that user.
for posix user you need a uid like 1000 and gid like 1000 and a home directory path like /home/willa…
these are enough in server side.
and in client side for fedora, redhat, centos, scientificlinux family it is enough to “#authconfig….” and then restart the client.
are the “#nslookup fds-name” and “#nslookup fds-ip” outputs from client the same?
can you ping fds server?
March 13th, 2009 at 6:08 am
hi willa,
I m able to ping the fds server and nslook up with name as well as ip address. I created a fresh user in the directory server and posfix user for the user with user id 1000 and /home/username as the home directory and /bin/bash as the login shell..
after running the authconfig command in the client and restarting, the client machine is taking long time to start where in it usually takes 3-4 min..
when i try to give the username and password that i created in the server its going no where..i m able to login only through the local root login of the machine…
i created the users in fds under my domain->directory server->directory tab->mydirectory->people
Pls let me now for further changes
Regards
manohar
March 13th, 2009 at 6:48 am
hi manohar,
everything looks good!
but maybe you need to check everything by instructions in this website or with redhat documentations…
for problem with long time boot, edit the /etc/ldap.conf and add “bind_policy soft” to “Reconnect policy” section.
March 13th, 2009 at 8:55 am
hi willa.,…
Thanks for the reply..
my long time boot issue fixed now..
but what would u suggest me to do then,….
shall i go for reinstallation of the server,,
Or u suggest the best option.
Regards
manohar
March 13th, 2009 at 3:22 pm
hi manohar,
nicht zu danken!
installing the fds in a virtual machine and test with clients is better.
the process of installing the fds and connect with linux clients is easy.i know that you can connect without problem.
i am working on login from xp and vista to fds without pgina.if you have any suggest please tell me.
March 16th, 2009 at 10:29 am
hi willa
thanks for the suggestion..i ll let u know if i ll test succesfully through windows.
but lemme complete the linux part firsrt…
Regards’
manohar
March 19th, 2009 at 3:46 pm
Hi Willa/Manohar,
I have been having similar trouble configuring a linux client to work with the FDS.
My current setup is: server=Centos5 clientmachine=RHEL3u9.
Manohar – did you get your issue fixed
Willa – I’ve followed your suggestions as well, however the “authconfig –enableldap…..”
yields the following bad argument (unknown option) error(s)for
-enableldap
-enablemkhomedir
-ldapserver
-ldapbasedn
Any thoughts would be appreciated.
Thanks,
Lowerlight
March 19th, 2009 at 5:05 pm
hi lowerlight,
if cli commands doesn’t work there is gui method for enabling domain authentication in clients, read and follow post 49 in this page by consultant.
March 19th, 2009 at 6:44 pm
Thanks Willa,
It works now; the problem was in my testing methodology.
My test was to log into the server(using ldap) from the new client. Which failed because the server was not set up to authenticate w/ldap.
My next query is:
How do I get my client to securely communicate with the fds server. I assume thats where the SSL (./setupssl2.sh /etc/dirsrv/slapd-mail) comes into play).
What changes do I need to make with the client?
Thanks again
March 20th, 2009 at 4:05 am
hi willa…
finally i could succesfully authenticate linux clients. now my requirement is integrate fds with radius serverd.can u have any idea as how to do that…
Thanks for ur help and support..
Regards
manohar
April 1st, 2009 at 11:06 am
Thank you very much for detailed instructions! It was very helpful for me!
June 13th, 2009 at 7:20 pm
Hi,
Thanks for this tutorial it is good but I am actually facing a problem. Every time I reach the last step I get the following error:
Creating directory server . . .
Your new DS instance ‘tweety20′ was successfully created.
Creating the configuration directory server . . .
Error: failed to open an LDAP connection to host ‘tweety20.dyndns.org’ port ’389′ as user ‘cn=Directory Manager’. Error: unknown.
Failed to create the configuration directory server
Exiting . . .
Log file is ‘/tmp/setupDetogL.log’
btw, I am using a dyndns account ( I hope it is not a probelm).
I really wish you help me with this.
Thank you.
June 13th, 2009 at 7:21 pm
sorry I forgot to tell you that the /var/run/dirsrv has the permissions 777 as you requested.
September 8th, 2009 at 6:10 pm
Dear consultant,
when i tried to yum as per you mentioned I got this error
http://download.fedora.redhat.com/pub/fedora/linux/extras/6/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found
Trying other mirror.
Error: Cannot open/read repomd.xml file for repository: fedora-extras
kindly update the repo
Regards
A.Selvakumar
September 11th, 2009 at 11:38 pm
Hi A.Selvakumar,
The file fedora-ds.repo has now been updated, please download it again.