I'm new to ClearOS but comfortable with Linux, macOS, Windows. I have a ClearOS VM running on an ESXi host. Everything for internet, gateway, and firewall are working nicely. I'm connected through it right now.
I cannot get authentication to work. I have OpenLDAP and OpenVPN setup but I cannot get any user I create to work. The common error is that ldap shows failed: no such object. even though the user exists...
[root@robocop ~]# getent passwd | grep ahachenberg
ahachenberg:x:2000:63000:Aaron Hachenberg:/home/ahachenberg:/bin/bash
[root@robocop ~]#
Scenario1
CentOS server VM (xgator.foo.bar) is configured to auth to openLDAP (robocop.foo.bar) on ClearOS but fails with:
Dec 5 15:57:49 xgator nslcd[1065]: [51b9f3] <authc="ahachenberg"> ldap_result() failed: No such object
Dec 5 15:57:49 xgator nslcd[1065]: [51b9f3] <authc="ahachenberg"> cn=Aaron Hachenberg,ou=Users,ou=Accounts,dc=foo,dc=bar: lookup failed: No such object
Scenario2
macOS laptop with VPN client cannot connect to ClearOS OpenVPN. fails with:
Dec 5 20:24:05 robocop nslcd[1704]: [86d60e] <authc="ahachenberg"> ldap_result() failed: No such object
Dec 5 20:24:05 robocop nslcd[1704]: [86d60e] <authc="ahachenberg"> cn=Aaron Hachenberg,ou=Users,ou=Accounts,dc=foo,dc=bar: lookup failed: No such object
Dec 5 20:24:07 robocop openvpn: AUTH-PAM: BACKGROUND: user 'ahachenberg' failed to authenticate: Authentication failure
I cannot get authentication to work. I have OpenLDAP and OpenVPN setup but I cannot get any user I create to work. The common error is that ldap shows failed: no such object. even though the user exists...
[root@robocop ~]# getent passwd | grep ahachenberg
ahachenberg:x:2000:63000:Aaron Hachenberg:/home/ahachenberg:/bin/bash
[root@robocop ~]#
Scenario1
CentOS server VM (xgator.foo.bar) is configured to auth to openLDAP (robocop.foo.bar) on ClearOS but fails with:
Dec 5 15:57:49 xgator nslcd[1065]: [51b9f3] <authc="ahachenberg"> ldap_result() failed: No such object
Dec 5 15:57:49 xgator nslcd[1065]: [51b9f3] <authc="ahachenberg"> cn=Aaron Hachenberg,ou=Users,ou=Accounts,dc=foo,dc=bar: lookup failed: No such object
Scenario2
macOS laptop with VPN client cannot connect to ClearOS OpenVPN. fails with:
Dec 5 20:24:05 robocop nslcd[1704]: [86d60e] <authc="ahachenberg"> ldap_result() failed: No such object
Dec 5 20:24:05 robocop nslcd[1704]: [86d60e] <authc="ahachenberg"> cn=Aaron Hachenberg,ou=Users,ou=Accounts,dc=foo,dc=bar: lookup failed: No such object
Dec 5 20:24:07 robocop openvpn: AUTH-PAM: BACKGROUND: user 'ahachenberg' failed to authenticate: Authentication failure
Share this post:
Responses (6)
-
Accepted Answer
-
Accepted Answer
I remembered the wrong file. To get OpenVPN to work when you have an LDAP password, you will need to edit /etc/openldap/slapd.conf. Down near the bottom, with the password access enabled, there is a line:
This needs to be moved to the end of the file. I don't think you need to restart slapd afterwards.include /etc/openldap/clearos_password_protected.conf
-
Accepted Answer
Thanks for your continued help! I'm not sure what two blocks of information you are referring to in nslcd.conf.
But, that prompted me to take a look at the ClearOS server's nslcd.conf. I compared that to my Centos nslcd.conf and found some differences. Auth to the Centos machine is working now!!
I added this to the Centos machine:
# Customize certain database lookups.
base group ou=Groups,ou=Accounts,dc=foo,dc=bar
base passwd ou=Users,ou=Accounts,dc=foo,dc=bar
base passwd ou=Computers,ou=Accounts,dc=foo,dc=bar
base shadow ou=Users,ou=Accounts,dc=foo,dc=bar
#base group ou=Groups,dc=example,dc=com
#base passwd ou=People,dc=example,dc=com
#base shadow ou=People,dc=example,dc=com
#scope group onelevel
#scope hosts sub
and at the bottom
pagesize 20000
nss_initgroups_ignoreusers root,ldap
ssl no -
Accepted Answer
-
Accepted Answer
Thanks Nick!
Scenario 1
Yes, I am trying to access ClearOS LDAP from a Centos7 VM. I just checked and the directory server is set to publish to local network. I have /etc/nslcd.conf and /etc/openldap/ldap.conf configured with URI ldaps://robocop.foo.bar:636
Scenario 2
If the password is set on Directory > Directory Server > Policies, then no. Picture attached for ref. -
Accepted Answer
In Scenario 1, are you trying to access ClearOS LDAP from Centos? If you are, in the Directory Server you need to set the Publish Policy to Local Network or All Networks. Once you do that, you need to use ldaps on port 636 and not ldap on 389. If you have to use ldap on 389, the slapd startup file needs to be hacked a little.
In Scenario 2, have you by any chance enabled a Directory Server password? If so, please can you try removing it? If this is the cause, there is a minor edit needed to a file to fix it but I can't remember the fix for the moment. I can check this evening when back on my system.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »