Add Ubuntu to an debian-server

Martin Schulte schulte-martin at web.de
Tue Jan 5 13:04:35 UTC 2010 

Hello,
Currently I'm trying to add  a Ubuntu 9.10 to an skolelinux/debian-edu 
Server  ( http://slx.no/ ). But I got some problems.
I installed

apt-get install autofs-ldap ldap-utils libldap-2.4-2 
libnss-ldap libpam-ldap nscd ssh slapd

I changed ldapi:// to ldap:// during configuration.

After this, I copied this files from a running skolelinux-workstation to 
ubuntu:

/etc/pam.d  
/etc/nsswitch.conf  
/etc/libnss-ldap.conf 
/etc/nscd.conf 
/etc/default/autofs  
/etc/init.d/autofs 
/etc/ldap 
/etc/pam_ldap.conf 
/etc/auto.master

and set a link from /etc/ldap.conf to /etc/ldap/ldap.conf.

This was working -> under Ubuntu 6.06.



But now:
#######

getent passwd delivers all LDAP users --> ok

Running su -<username> prompts 
Password:
Typing password returns "Authentication failure"


This is the interesting part from auth.log

-----
Jan  4 21:25:19 rootgym-laptop login[2838]: pam_unix(login:auth): 
authentication failure; logname=rootgym uid=0 euid=0 tty=/dev/pts/2 
ruser= rhost=  user=mschulte
Jan  4 21:25:19 rootgym-laptop login[2838]: pam_ldap: error trying to 
bind as user "uid=mschulte,ou=People,dc=skole,dc=skolelinux,dc=no" 
(Confidentiality required)
Jan  4 21:25:21 rootgym-laptop login[2838]: FAILED LOGIN (2) on 
'/dev/pts/2' FOR 'mschulte', Authentication failure
Jan  4 21:25:29 rootgym-laptop login[2838]: pam_ldap: error trying to 
bind as user "uid=mschulte,ou=People,dc=skole,dc=skolelinux,dc=no" 
(Confidentiality required)
Jan  4 21:25:31 rootgym-laptop login[2838]: FAILED LOGIN (3) on 
'/dev/pts/2' FOR 'mschulte', Authentication failure
-----


I copied a new LDAP server SSL certificate from the server to /etc/ldap/ssl, and also the /etc/pam_ldap.conf contains 'ssl start_tls'.

Some interesting files_
-------
:~# grep -v '#' /etc/pam_ldap.conf |sort -u

base ou=People,dc=skole,dc=skolelinux,dc=no
host ldap
ldap_version 3
pam_filter objectclass=posixAccount
pam_password exop
ssl start_tls
--------


-------
:~# grep -v '#' /etc/ldap/ldap.conf |sort -u

BASE    dc=skole,dc=skolelinux,dc=no
HOST ldap
TLS_CACERT /etc/ldap/ssl/ldap-server-pubkey.pem
TLS_REQCERT never
--------

I also tried TLS_REQCERT allow .


So, as I said, this was working under Ubuntu 6.06. Do someone remember changes which are import for this purpose?

Thanks, martin

More information about the ubuntu-users mailing list