我在Ubuntu 14.04机器集群上configurationLDAP。
我使用这些说明成功设置了LDAP主机。 现在我正试图让LDAP客户端使用这些指令来工作。
ldapsearch从客户端工作(即我可以做的ldapsearch -x -LLL -h REDACTED -D REDACTED -w REDACTED -b REDACTED从客户机ldapsearch -x -LLL -h REDACTED -D REDACTED -w REDACTED -b REDACTED ,并得到完全我期望的结果)。
但是,客户机根本没有看到LDAP用户(即, getent passwd没有显示任何LDAP用户,客户端机器上的sudo su - LDAP_USERNAME返回No passwd entry for user错误的No passwd entry for user , ssh LDAP_USERNAME@LDAP_CLIENT获取Permission denied错误)。
相关文件:
/etc/nsswitch.conf中
passwd: ldap compat group: ldap compat shadow: ldap compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis
/etc/pam.d/common-session
session [default=1] pam_permit.so session requisite pam_deny.so session required pam_permit.so session optional pam_umask.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session required pam_unix.so session optional pam_ldap.so session optional pam_systemd.so
将/etc/pam.d/common-auth
auth [success=2 default=ignore] pam_unix.so nullok_secure auth [success=1 default=ignore] pam_ldap.so use_first_pass auth requisite pam_deny.so auth required pam_permit.so auth optional pam_cap.so
将/etc/pam.d/common-account
account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so account [success=1 default=ignore] pam_ldap.so account requisite pam_deny.so account required
/etc/pam.d/common-password
password [success=2 default=ignore] pam_unix.so obscure sha512 password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass password requisite pam_deny.so password required
有什么想法可能是这个问题的罪魁祸首? 如果这个信息不完整,请随时索要任何可能相关的附加信息。 任何帮助将不胜感激。
编辑:我在客户机上的/var/log/auth.log中看到以下内容。
Feb 20 11:19:31 REDACTED nscd: nss_ldap: failed to bind to LDAP server ldap:///REDACTED: Invalid credentials Feb 20 11:19:31 REDACTED nscd: nss_ldap: reconnecting to LDAP server... Feb 20 11:19:31 REDACTED nscd: nss_ldap: failed to bind to LDAP server ldap:///REDACTED: Invalid credentials Feb 20 11:19:31 REDACTED nscd: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)... Feb 20 11:19:32 REDACTED nscd: nss_ldap: failed to bind to LDAP server ldap:///REDACTED: Invalid credentials Feb 20 11:19:32 REDACTED nscd: nss_ldap: could not search LDAP server - Server is unavailable Feb 20 11:19:42 REDACTED nscd: nss_ldap: failed to bind to LDAP server ldap:///REDACTED: Invalid credentials Feb 20 11:19:42 REDACTED nscd: nss_ldap: reconnecting to LDAP server... Feb 20 11:19:42 REDACTED nscd: nss_ldap: failed to bind to LDAP server ldap:///REDACTED: Invalid credentials Feb 20 11:19:42 REDACTED nscd: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)... Feb 20 11:19:43 REDACTED nscd: nss_ldap: failed to bind to LDAP server ldap:///REDACTED: Invalid credentials Feb 20 11:19:43 REDACTED nscd: nss_ldap: could not search LDAP server - Server is unavailable
而且,重申一下,我可以使用ldapsearch通过LDAP客户端使用与/etc/ldap.secret中完全相同的密码连接到LDAP主机
编辑2:我试图改变主机服务器的机会,这是一些防火墙问题(虽然我不知道为什么ldapsearch会在这种情况下工作)。 同样确切的问题。