I have a server running CentOS 6 on the bare metal, running the stock CentOS 6 OpenLDAP packages (openldap-2.4.40-16.el6.x86_64, openldap-clients-2.4.40-16.el6.x86_64, openldap-2.4.40-16.el6.i686, openldap-servers-2.4.40-16.el6.x86_64) [yes I know these are old, but they *work* -- "If it ain't broke, don't fix it."]. There are two VMs running on this server, one running Ubuntu 14.04 and the other Ubuntu 18.04. (These two VMs are/will be servers for DRBL.) The Ubuntu 14.04 VM (and all of its diskless clients) are perfectly happy to talk to the OpenLDAP server (slapd) running on the CentOS 6 machine. The Ubuntu 18.04 VM is not. ldapsearch works everywhere though, so it is NOT the server or the core ldap libraries on any of the machines (partitularly the Ubuntu 18.04 VM). I can only assume that there is something fishy with nslcd or the pam/ldap libraries or config on the Ubuntu 18.04 VM. I have checked everything, but I am coming up empty. I am thinking there might be some "trick" to getting LDAP Authentication to work under Ubuntu 18.04 that I am missing.
On Sat, 30 Mar 2019 16:44:31 -0400 (EDT) Robert Heller heller@deepsoft.com wrote:
I have a server running CentOS 6 on the bare metal, running the stock CentOS 6 OpenLDAP packages (openldap-2.4.40-16.el6.x86_64, openldap-clients-2.4.40-16.el6.x86_64, openldap-2.4.40-16.el6.i686, openldap-servers-2.4.40-16.el6.x86_64) [yes I know these are old, but they *work* -- "If it ain't broke, don't fix it."]. There are two VMs running on this server, one running Ubuntu 14.04 and the other Ubuntu 18.04. (These two VMs are/will be servers for DRBL.) The Ubuntu 14.04 VM (and all of its diskless clients) are perfectly happy to talk to the OpenLDAP server (slapd) running on the CentOS 6 machine. The Ubuntu 18.04 VM is not. ldapsearch works everywhere though, so it is NOT the server or the core ldap libraries on any of the machines (partitularly the Ubuntu 18.04 VM). I can only assume that there is something fishy with nslcd or the pam/ldap libraries or config on the Ubuntu 18.04 VM. I have checked everything, but I am coming up empty. I am thinking there might be some "trick" to getting LDAP Authentication to work under Ubuntu 18.04 that I am missing.
I have many Bionic systems running nslcd without any problems. I don't think that it is nslcd that is the problem.
When you are debugging you should turn of nscd. It just gets in the way. If it were me I would make sure that stats logging is on on the LDAP server. Then I would watch the LDAP server log as I attemptes a login on the 18.04 system.
Bill
At Sat, 30 Mar 2019 15:24:34 -0700 Billy MacAllister bill@ca-zephyr.org wrote:
On Sat, 30 Mar 2019 16:44:31 -0400 (EDT) Robert Heller heller@deepsoft.com wrote:
I have a server running CentOS 6 on the bare metal, running the stock CentOS 6 OpenLDAP packages (openldap-2.4.40-16.el6.x86_64, openldap-clients-2.4.40-16.el6.x86_64, openldap-2.4.40-16.el6.i686, openldap-servers-2.4.40-16.el6.x86_64) [yes I know these are old, but they *work* -- "If it ain't broke, don't fix it."]. There are two VMs running on this server, one running Ubuntu 14.04 and the other Ubuntu 18.04. (These two VMs are/will be servers for DRBL.) The Ubuntu 14.04 VM (and all of its diskless clients) are perfectly happy to talk to the OpenLDAP server (slapd) running on the CentOS 6 machine. The Ubuntu 18.04 VM is not. ldapsearch works everywhere though, so it is NOT the server or the core ldap libraries on any of the machines (partitularly the Ubuntu 18.04 VM). I can only assume that there is something fishy with nslcd or the pam/ldap libraries or config on the Ubuntu 18.04 VM. I have checked everything, but I am coming up empty. I am thinking there might be some "trick" to getting LDAP Authentication to work under Ubuntu 18.04 that I am missing.
I have many Bionic systems running nslcd without any problems. I don't think that it is nslcd that is the problem.
I am wondering if the problem is the version of /lib/x86_64-linux-gnu/security/pam_ldap.so I have installed. There appears to be *two* versions available:
One from the package libpam-ldapd and one from the package libpam-ldap.
YES! I just installed libpam-ldapd (replacing the previously installed libpam-ldap), and now things are working!
When you are debugging you should turn of nscd. It just gets in the way. If it were me I would make sure that stats logging is on on the LDAP server. Then I would watch the LDAP server log as I attemptes a login on the 18.04 system.
Bill
openldap-technical@openldap.org
-
Billy MacAllister -
Robert Heller