Topic: Authenticating Ubuntu logins against SME Server (via winbind or ldap?)

[EnglishRob]

Hi folks,

I'm looking to roll out SME Server 7.3 at work as a replacement for a Windows 2003 Small Business Server.  I'm also looking to replace some (but not all) of our Windows XP Pro machines with Ubuntu 8.04 (or possibly 8.10) on the desktop.

The thing is, the users have a habit of playing musical desktops and will log onto random desktops.  What I'd like to do is get the Ubuntu machines to authenticate to the SME Server so that I don't have to create accounts for them on each Ubuntu machine, and so that their passwords will be the same which ever machine they logon to.

I'd like to use SME Server as it's a product I know and have been using successfully at home as an e-mail server for about 4 years or so, I did look into Ubuntu Server with eBox and eGroupware but it just seems overly complicated compared to SME Server.

I've been having a bit of a unsuccessful play with winbind on Ubuntu and I wondered if it was possible to use LDAP on the server to authenticate users?

Ta,

Rob

[CharlieBrady]

I wondered if it was possible to use LDAP on the server to authenticate users?

Search, and you will find.

[stephen noble]

But I'm not sure what you'll find

Winbind used to work on Ubuntu but doesn't anymore
&
SME don't support LDAP logins

However I'd suggest installing the beta e-smith-samba+ldap & e-smith-base+ldap rpms
and let us know how you go

http://wiki.contribs.org/LDAP
https://help.ubuntu.com/community/LDAPClientAuthentication

[EnglishRob]

Thanks I'll have a play and let you know how I get on.

Are these beta packages for SME Server 7.3, or are they for the newer 7.4 or 8.0 beta?

Rob

[stephen noble]

there is a sme7 or a sme8 version

they are the latest available rpms built from cvs

I'd install on the version of choice as per the wiki
also run this
yum update --enablerepo=smeupdates-testing

[EnglishRob]

Well that seemed to work (at least I got LDAP installed and phpldapadmin) on the server

I followed a guide on authenticating Ubuntu Hardy with LDAP but it doesn't seem to work on Intrepid and stopped SUDO working

I'm going to take a break from it and have another play but with Hardy this time.

Rob

[EnglishRob]

Okay I've been having a bit more of a play with it this weekend.

I've successfully configured Thunderbird so I can search entries on LDAP with the Thunderbird address book.

However I still can't for the life of me get Ubuntu working.

I tried following this guide which got me so far.  I was able to run getent group and getent passwd and it would give me the list of groups and users on the server.

So far so good I thought.

The problem is, it still wouldn't let me login.  I've set the rootbinddn to cn=admin,dn=somename,dn=homelinux,dn=org (which corresponds with what it tells me in the Server Manager with cn=admin added on the front) and I've set the password in /etc/ldap.secret which is the admin password on the server (in plain text).

On checking /var/log/slapd on the server, it comes up with an error 49 which I believe is invalid credentials.  I've also tried changing the cn=admin to cn=root and it still doesn't seem to work.

PHPLDAPAdmin is working fine on the server and I can see the users in the directory okay so I'm stumped on what to do now.  Should I be using cn=root or cn=admin when authenticating or doesn't it need a user to login with to get the user details?

Ta,

Rob

[stephen noble]

the ldap passwd is different to the server admin

have a look in the phpldapadmin conf file for credentials
i recall it uses root and has the password

[steever]

and has the password

... ?

[stephen noble]

cat /opt/phpldapadmin/config/config.php |more

$ldapservers->SetValue($i,'login','dn','cn=root,dc=smoeone,dc=dyndns,dc=org');   
$ldapservers->SetValue($i,'login','pass','aqOYq3oV9xxxxxxxxxxxxxxxxxxxxxQ+ot7PHBNbMt
TczwcRZHCW7tCPXvna4QFdDY8uSGcnbMLORtxX');                                       
 
actually it's from
cat /etc/openldap/ldap.pw

but phpldapadmin shows the cn= value

[steever]

English Rob.

Check http://tech.canterburyschool.org/tech/UbuntuWorkstations_2fAuthenticationSetup for updated hardy auth against samba using winbind.

Steve

[EnglishRob]

cat /opt/phpldapadmin/config/config.php |more

$ldapservers->SetValue($i,'login','dn','cn=root,dc=smoeone,dc=dyndns,dc=org');   
$ldapservers->SetValue($i,'login','pass','aqOYq3oV9xxxxxxxxxxxxxxxxxxxxxQ+ot7PHBNbMt
TczwcRZHCW7tCPXvna4QFdDY8uSGcnbMLORtxX');                                       
 
actually it's from
cat /etc/openldap/ldap.pw

but phpldapadmin shows the cn= value

Thanks for that.  Right I managed to copy the password into /etc/ldap.secret on the Ubuntu box so now I'm getting a little further.

The Ubuntu machine now recognises the user on the server and accepts it's password.  It then creates the home directory (/home/e-smith/files/users/joe.bloggs).  Then it comes up with a message saying that the X session lasted less than 10 seconds.

Here's the output from .xsession-errors:

Code: [Select]

/etc/gdm/Xsession: Beginning session setup...
Setting IM through im-switch for locale=en_GB.
Start IM through /etc/X11/xinit/xinput.d/all_ALL linked to /etc/X11/xinit/xinput.d/default.

(seahorse-agent:7567): GLib-WARNING **: getpwuid_r(): failed due to: Bad file descriptor.

(process:7567): GLib-WARNING **: getpwuid_r(): failed due to: Bad file descriptor.

(gconf-sanity-check-2:7650): GLib-WARNING **: getpwuid_r(): failed due to: Bad file descriptor.
SESSION_MANAGER=local/testbox:/tmp/.ICE-unix/7567
Could not get password database information for UID of current process: User "???" unknown or no memory to allocate password entry

Failed to start message bus: Memory allocation failure in message bus
dbus-daemon exited unexpectedly
**
** ERROR:(gsm-dbus.c:118):gsm_dbus_daemon_start: assertion failed: (dbus_daemon_pid != 0)

So I'm getting there, just need to figure out this error now.  Presumably this will be a pam issue?

Check http://tech.canterburyschool.org/tech/UbuntuWorkstations_2fAuthenticationSetup for updated hardy auth against samba using winbind.

Steve,

I did try going through that guide but without using the old Feisty packages.  It worked for one login, after I shut the VM down to backup the working configuration and started it up again it wouldn't authenicate again.  I'll have another go with this too.

Rob