Jump to content


  • Posts

  • Joined

  • Last visited

Posts posted by aioshin

  1. ok, the problem has been solved :D




    its an ACL issue. on my slapd.con, I added the ff:


    access to attr=userPassword
    		by self write
    		by anonymous auth
    		by dn.base="cn=Manager,dc=duriancity,dc=dvo" write
    		by * none
    access to *
    		by self write
    		by dn.base="cn=Manager,dc=duriancity,dc=dvo" write
    		by * read

    Details below for the ACL above, taken from openldap docs - link

    As this is the first database, the controls also apply to entries not held in any database (such as the Root DSE). For all applicable entries, the userPassword attribute is writable by the entry itself and by the "admin" entry. It may be used for authentication/authorization purposes, but is otherwise not readable. All other attributes are writable by the entry and the "admin" entry, but may be read by all users (authenticated or not).



    the on the client box, I change /etc/pam.d/passwd:


    original file on mandrivaLE2005


    auth	   required	pam_stack.so service=system-auth
    account	required	pam_stack.so service=system-auth
    password   required	pam_stack.so service=system-auth

    though with the above input on /etc/pam.d/passwd, the ldap user will be able to change its password using the passwd command but it will prompt to enter the password many times which is not normal... see below


    [ldapuser1001@nixbox ken]$ passwd
    Changing password for user ldapuser1001.
    Enter login(LDAP) password:
    New UNIX password:
    Retype new UNIX password:
    New password:
    Re-enter new password:
    LDAP password information changed for ldapuser1001
    passwd: all authentication tokens updated successfully.


    then, i found out by googling that I have to change /etc/pam.d/passwd to something like below:


    password		sufficient	  pam_ldap.so
    password		required		pam_unix.so nullok obscure min=4 max=8


    then when ldapuser1001 try to change its password by the passwd command:

    [ldapuser1001@nixbox ken]$ passwd
    Changing password for user ldapuser1001.
    Enter login(LDAP) password:
    New password:
    Re-enter new password:
    LDAP password information changed for ldapuser1001
    passwd: all authentication tokens updated successfully.

    its now behaving normally..


    note that its a basic install... no tls, no ssl.. so all ldap traffic uses port 389... and Im really new unto it, so basically, not yet secure :D

  2. here's the ldap.conf on my client mandriva box, part that pertains to ssl

    # Netscape SDK LDAPS
    #ssl on
    # Netscape SDK SSL options
    #sslpath /etc/ssl/certs/cert7.db
    # OpenLDAP SSL mechanism
    # start_tls mechanism uses the normal LDAP port, LDAPS typically 636
    #ssl start_tls
    #ssl on
    # OpenLDAP SSL options
    # Require and verify server certificate (yes/no)
    # Default is to use libldap's default behavior, which can be configured in
    # /etc/openldap/ldap.conf using the TLS_REQCERT setting.  The default for
    # OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
    #tls_checkpeer yes
    # CA certificates for server certificate verification
    # At least one of these are required if tls_checkpeer is "yes"
    #tls_cacertfile /etc/ssl/ca.cert


    thus are commented, which means, ssl or whatever above has no effect since not in use...


    thanks ian.. maybe I should ggogle more for an answer

  3. ok, I have the LDAP server reside at Centos, and client on Mandriva boxs... I am able to login from the client using the users defined at LDAP server... now I want to allow each LDAP users to change their password by the command




    but when trying that, it just gave the below error


    [ldapuser3@nixbox ~]$ passwd
    Changing password for user ldapuser3.
    Enter login(LDAP) password:
    New UNIX password:
    Retype new UNIX password:
    New password:
    Re-enter new password:
    LDAP password information update failed: Can't contact LDAP server
    passwd: Permission denied
    [ldapuser3@nixbox ~]$


    ok, here's my /etc/openldap/slapd.conf for add info


    include		 /etc/openldap/schema/core.schema
    include		 /etc/openldap/schema/cosine.schema
    include		 /etc/openldap/schema/inetorgperson.schema
    include		 /etc/openldap/schema/nis.schema
    # Allow LDAPv2 client connections.  This is NOT the default.
    allow bind_v2
    loglevel		296
    pidfile		 /var/run/slapd.pid
    argsfile		/var/run/slapd.args
    database		ldbm
    suffix		  "dc=duriancity,dc=dvo"
    rootdn		  "cn=ldapadmin,dc=duriancity,dc=dvo"
    rootpw				  {SSHA}POzRnaPcqsdffejfefedlacCVNuC7N99J3+u
    directory	   /var/lib/ldap/duriancity.dvo
    mode			0600
    # Indices to maintain for this database
    index objectClass					   eq,pres
    index ou,cn,mail,surname,givenname	  eq,pres,sub
    index uidNumber,gidNumber,loginShell	eq,pres
    index uid,memberUid					 eq,pres,sub


    and here's the entries on client pc's /etc/pam.d/system-auth


    auth		required	  pam_env.so
    auth		sufficient	pam_unix.so
    auth		sufficient	pam_ldap.so likeauth nullok use_first_pass
    auth		required	  pam_deny.so
    account	 sufficient	pam_unix.so
    account	 sufficient	pam_ldap.so use_first_pass
    account	 required	  pam_deny.so
    password	required	  pam_cracklib.so retry=3 minlen=2  dcredit=0  ucredit=0
    password	sufficient	pam_unix.so nullok use_authtok md5 shadow
    password	sufficient	pam_ldap.so
    password	required	  pam_deny.so
    session	 optional	  pam_mkhomedir.so skel=/etc/skel/ umask=0022
    session	 required	  pam_limits.so
    session	 required	  pam_unix.so
    session	 optional	  pam_ldap.so

    basically, by the above setup, the Mandriva Box allows local users and LDAP users to Login.



    Now, any idea what should I put on my config to allow the user to change their password using the command passwd?



  4. she can login to yahoo and/or msn using gaim (simultaneoulsly on gaim) or kopete instant messenger.. though gaim, currently have no support on any webcam, I've heard that kopete has a webcam feature....


    kopete is the default IM of Mandy, so it might be already installed.. (internet-chat)

  5. yeah, maybe you should turn that off, you only need it if you want it to serve as time server.. say you have other PCs on your network and you want their time to be sync on that BOX..or you want to join the NTP server pool.. but if not... then you may turn it off.. then let the ntpdate do the job

  6. there are site or linux distro that does'nt have mirrors or happen to have but very few, so they advice to use bitorrent... like xandros.. they usually let you download their community version via bittorent.. but if there are available mirrors for your distro of choice, 'would not rather use it...

  7. maybe OT, but FYI

    i've become quite efficient at compiling sources using the ./configure and make commands. i try to keep most of my software in /opt directory (dont ask me why), stuff like LAMPP ,firefox, thunderbird and azureus.

    The stuff that you put here are not actually the software you've compiled, these are still sources... if you run the ./configure with out prefixes, the software you've tried to install will go to /usr/local.. or to the default directory the package Makefile has been set.. try to ./configure --help for more options to choose on installing softwre from sources...

  8. you can untar firefox inside the /usr/local/ dir if you want it to be accessible by all users.. if you want it to be accessible by yourself only, then you can untar it inside your home directory.. then do the ff:


    if you want it accessible by all, create a symlink inside /usr/local/bin dir..

    as root:

    cd /usr/local/bin

    ln -s /usr/local/firefox-

    that would let you or anyone on that box run firefox by just invoking the command firefox... or create an application shortcut of it on your desktop.


    if you like it to be accessible by you only, untarring it in your home dir... then

    create a bin dir inside your home dir if in'snt exist yet..

    you can create it as a regular user since you have full control inside your home dir.

    mkdir /home/you/bin

    Note: you is your home dir which is equivalent to your username



    cd /home/you/bin

    ln -s /home/you/firefox-1.5.05/firefox

    then same as above mentioned. running the command firefox will lunch firefox 1.5.05


    if you want to remove that firefox-1.5.05.. just delete that directory


  9. or if you really want the latest of thus particular packages or software, you may install them from source...

    It worked for firefox - my browser was upgraded (to 1.06)

    if you mean you want to upgrade to latest firefox which is 1.5.05, you can go directly to its website and download it from there.. no need to compile, just untar and ready to run...


    other than doing that.. you can also add via easy urpmi the repos such as contrib..and plf, it contains other updated packages..


    others to consider...



    just be aware that they are independent packager.

  10. try to remove kat from your system...

    as root on a konsole

    urpme kat

    or for gui


    then search for kat, if you search on this board, kat usually causes the slo down....

    unrecognised option 'No'

    so you are using dial-up... since you dont need ethernet interface, you may disable those via MCC..

    the logs shows that the modem or might be KPPP has not been confirgured properly, try to reconfigure that via kppp interface...maybe some default options should be change..

  11. erk.. default install has these open ports..



    22/tcp open ssh

    23/tcp open telnet

    25/tcp open smtp

    111/tcp open rpcbind

    139/tcp open netbios-ssn

    445/tcp open microsoft-ds

    587/tcp open submission

    4045/tcp open lockd


    wow, when opening the services settings... so many services are running.. I really have to read more about its docu...



    ok, not only am lost because its gnome... but because its not linux.. its solaris :huh:

  • Create New...