ubuntuusers.de

LDAP Client einrichten -> Ubuntu Client + QNAP-OpenLDAP-Server

Status: Gelöst | Ubuntu-Version: Kubuntu 20.04 (Focal Fossa)
Antworten |

kaktux

Anmeldungsdatum:
16. Januar 2006

Beiträge: Zähle...

Moin,

ich versuche seit einer langen Weile erfolglos meine ersten Schritte mit LDAP zu machen. Ich habe einen QNAP, der in der Benutzerverwaltung einen OpenLDAP Server nutzt. Zugriff auf den Dateiserver via Dolphin/samba funktioniert wunderbar. Jetzt würde ich gerne auch meinen Rechner so einrichten, das die beim NAS eingerichtenten Benutzer sich authentifizieren können.

Allerdings habe ich dabei mit jeder Anleitung, die ich zu dem Thema Ubuntu + Openldap finden konnte keinen Erfolg.

Was ich hinbekommen habe ist ein Anzeigen der ldif mit ldapsearch

ldapsearch -x -b 'dc=ldap,dc=mydomain,dc=de' -D'cn=admin,dc=ldap,dc=mydomain,dc=de' -H ldap://192.168.5.10 -W

resultiert in

# extended LDIF
#
# LDAPv3
# base <dc=ldap,dc=mydomain,dc=de> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# ldap.mydomain.de
dn: dc=ldap,dc=mydomain,dc=de
dc: ldap
objectClass: domain

# people, ldap.mydomain.de
dn: ou=people,dc=ldap,dc=mydomain,dc=de
ou: people
objectClass: organizationalUnit

# group, ldap.mydomain.de
dn: ou=group,dc=ldap,dc=mydomain,dc=de
ou: group
objectClass: organizationalUnit

# idpoolconf, ldap.mydomain.de
dn: ou=idpoolconf,dc=ldap,dc=mydomain,dc=de
ou: idpoolconf
objectClass: organizationalUnit

# minid, idpoolconf, ldap.mydomain.de
dn: cn=minid,ou=idpoolconf,dc=ldap,dc=mydomain,dc=de
cn: minid
uidNumber: 1000000
gidNumber: 1000000
objectClass: organizationalRole
objectClass: sambaUnixIdPool

# maxid, idpoolconf, ldap.mydomain.de
dn: cn=maxid,ou=idpoolconf,dc=ldap,dc=mydomain,dc=de
cn: maxid
uidNumber: 2000000
gidNumber: 2000000
objectClass: organizationalRole
objectClass: sambaUnixIdPool

# curid, idpoolconf, ldap.mydomain.de
dn: cn=curid,ou=idpoolconf,dc=ldap,dc=mydomain,dc=de
cn: curid
objectClass: organizationalRole
objectClass: sambaUnixIdPool
gidNumber: 1000010
uidNumber: 1000012

# maxnum, idpoolconf, ldap.mydomain.de
dn: cn=maxnum,ou=idpoolconf,dc=ldap,dc=mydomain,dc=de
cn: maxnum
uidNumber: 100000
gidNumber: 100000
objectClass: organizationalRole
objectClass: sambaUnixIdPool

# ldap, ldap.mydomain.de
dn: sambaDomainName=ldap,dc=ldap,dc=mydomain,dc=de
objectClass: sambaDomain
sambaDomainName: ldap
sambaSID: S-1-5-21-581542813-1543657442-898407133
sambaAlgorithmicRidBase: 1000
sambaMinPwdLength: 5
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0
sambaNextUserRid: 1022

# Domain Users, group, ldap.mydomain.de
dn: cn=Domain Users,ou=group,dc=ldap,dc=mydomain,dc=de
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: sambaIdmapEntry
objectClass: apple-group
cn: Domain Users
gidNumber: 1000000
sambaGroupType: 2
sambaSID: S-1-5-21-581542813-1543657442-898407133-1000
displayName: Domain Users
description: default user group
memberUid: ldap-it-master
memberUid: benutzername2.nachname
memberUid: benutzername1.nachname
memberUid: scanner1
memberUid: scanner2
memberUid: benutzername2.nachname.mobile
memberUid: it-user
memberUid: benutzername1.nachname.mobile
memberUid: ldap-ltsp-admin
memberUid: user3
memberUid: backupuser
memberUid: readonlyadmin

# everyone, group, ldap.mydomain.de
dn: cn=everyone,ou=group,dc=ldap,dc=mydomain,dc=de
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: sambaIdmapEntry
objectClass: apple-group
cn: everyone
gidNumber: 1000001
sambaGroupType: 2
sambaSID: S-1-5-21-581542813-1543657442-898407133-1001
displayName: everyone

# administrators, group, ldap.mydomain.de
dn: cn=administrators,ou=group,dc=ldap,dc=mydomain,dc=de
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: sambaIdmapEntry
objectClass: apple-group
cn: administrators
gidNumber: 1000002
sambaGroupType: 2
sambaSID: S-1-5-21-581542813-1543657442-898407133-1002
displayName: administrators
memberUid: ldap-it-master
memberUid: 9

# management, group, ldap.mydomain.de
dn: cn=management,ou=group,dc=ldap,dc=mydomain,dc=de
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: sambaIdmapEntry
objectClass: apple-group
cn: management
gidNumber: 1000003
sambaGroupType: 2
sambaSID: S-1-5-21-581542813-1543657442-898407133-1003
displayName: management
memberUid: benutzername2.nachname
memberUid: benutzername1.nachname

# devices, group, ldap.mydomain.de
dn: cn=devices,ou=group,dc=ldap,dc=mydomain,dc=de
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: sambaIdmapEntry
objectClass: apple-group
cn: devices
gidNumber: 1000004
sambaGroupType: 2
sambaSID: S-1-5-21-581542813-1543657442-898407133-1004
displayName: devices
memberUid: scanner1
memberUid: scanner2

# mobile_users, group, ldap.mydomain.de
dn: cn=mobile_users,ou=group,dc=ldap,dc=mydomain,dc=de
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: sambaIdmapEntry
objectClass: apple-group
cn: mobile_users
gidNumber: 1000005
sambaGroupType: 2
sambaSID: S-1-5-21-581542813-1543657442-898407133-1005
displayName: mobile_users
memberUid: benutzername2.nachname.mobile
memberUid: benutzername1.nachname.mobile

# it-user, group, ldap.mydomain.de
dn: cn=it-user,ou=group,dc=ldap,dc=mydomain,dc=de
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: sambaIdmapEntry
objectClass: apple-group
cn: it-user
gidNumber: 1000006
sambaGroupType: 2
sambaSID: S-1-5-21-581542813-1543657442-898407133-1006
displayName: it-user
memberUid: it-user

# ldap-admins, group, ldap.mydomain.de
dn: cn=ldap-admins,ou=group,dc=ldap,dc=mydomain,dc=de
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: sambaIdmapEntry
objectClass: apple-group
cn: ldap-admins
gidNumber: 1000007
sambaGroupType: 2
sambaSID: S-1-5-21-581542813-1543657442-898407133-1007
displayName: ldap-admins
memberUid: ldap-ltsp-admin
memberUid: readonlyadmin

# Labuser, group, ldap.mydomain.de
dn: cn=Labuser,ou=group,dc=ldap,dc=mydomain,dc=de
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: sambaIdmapEntry
objectClass: apple-group
cn: Labuser
gidNumber: 1000008
sambaGroupType: 2
sambaSID: S-1-5-21-581542813-1543657442-898407133-1008
displayName: Labuser
memberUid: user3

# backupuser, group, ldap.mydomain.de
dn: cn=backupuser,ou=group,dc=ldap,dc=mydomain,dc=de
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: sambaIdmapEntry
objectClass: apple-group
cn: backupuser
gidNumber: 1000009
sambaGroupType: 2
sambaSID: S-1-5-21-581542813-1543657442-898407133-1009
displayName: backupuser
memberUid: backupuser

# ldap-it-master, people, ldap.mydomain.de
dn: uid=ldap-it-master,ou=people,dc=ldap,dc=mydomain,dc=de
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: sambaIdmapEntry
objectClass: apple-user
cn: ldap-it-master
sn: ldap-it-master
uid: ldap-it-master
uidNumber: 1000000
gidNumber: 1000000
userPassword:: e0NSWVBUfSQxJFFhRXdWdVdMJHZWMS9UZndkRzd0azNLUldDVFlJMzE=
homeDirectory: /home/ldap-it-master
shadowLastChange: 19018
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
shadowExpire: -1
shadowInactive: 0
shadowFlag: 0
displayName: ldap-it-master
sambaSID: S-1-5-21-581542813-1543657442-898407133-1010
sambaLMPassword: A7D19039BC90DB0DF4B2712C32AC14D0
sambaNTPassword: 9FEE5AAA861F9D8CC769CA7BF3B122AB
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
 00000000
sambaPwdLastSet: 1643186588
sambaAcctFlags: [U          ]
sambaKickoffTime: 0

# benutzername2.nachname, people, ldap.mydomain.de
dn: uid=benutzername2.nachname,ou=people,dc=ldap,dc=mydomain,dc=de
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: sambaIdmapEntry
objectClass: apple-user
cn: benutzername2.nachname
sn: benutzername2.nachname
uid: benutzername2.nachname
uidNumber: 1000001
gidNumber: 1000000
userPassword:: e0NSWVBUfSQxJDhiRXdWbFdHJEh4NlBrWFJYbXFvbmp1LjYuNlRITS8=
homeDirectory: /home/benutzername2.nachname
shadowLastChange: 19018
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
shadowExpire: -1
shadowInactive: 0
shadowFlag: 0
displayName: benutzername2.nachname
sambaSID: S-1-5-21-581542813-1543657442-898407133-1011
sambaLMPassword: A7D19039BC90DB0DB5EB7F3A6BC6FC11
sambaNTPassword: DC384809C26ACD57561384AF90188183
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
 00000000
sambaPwdLastSet: 1643186634
sambaAcctFlags: [U          ]
sambaKickoffTime: 0

# benutzername1.nachname, people, ldap.mydomain.de
dn: uid=benutzername1.nachname,ou=people,dc=ldap,dc=mydomain,dc=de
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: sambaIdmapEntry
objectClass: apple-user
cn: benutzername1.nachname
sn: benutzername1.nachname
uid: benutzername1.nachname
uidNumber: 1000002
gidNumber: 1000000
userPassword:: e0NSWVBUfSQxJGViRXdWRjlJJGM5dzBVenFLQzh1ZkpGdHpGb0NrSTA=
homeDirectory: /home/benutzername1.nachname
shadowLastChange: 19018
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
shadowExpire: -1
shadowInactive: 0
shadowFlag: 0
displayName: benutzername1.nachname
sambaSID: S-1-5-21-581542813-1543657442-898407133-1012
sambaLMPassword: A7D19039BC90DB0D09BD60E199946D73
sambaNTPassword: F7C07C6EAFAE6C8F6E31E0A99B576D26
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
 00000000
sambaPwdLastSet: 1643186666
sambaAcctFlags: [U          ]
sambaKickoffTime: 0

# scanner1, people, ldap.mydomain.de
dn: uid=scanner1,ou=people,dc=ldap,dc=mydomain,dc=de
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: sambaIdmapEntry
objectClass: apple-user
cn: scanner1
sn: scanner1
uid: scanner1
uidNumber: 1000003
gidNumber: 1000000
userPassword:: e0NSWVBUfSQxJEdlRXdWOXhGJGN4YzJMZUJ2WUdJUjNEdFFvaG43MC8=
homeDirectory: /home/scanner1
shadowLastChange: 19018
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
shadowExpire: -1
shadowInactive: 0
shadowFlag: 0
displayName: scanner1
sambaSID: S-1-5-21-581542813-1543657442-898407133-1013
sambaLMPassword: B7F8D2FB0CBFD15F813BA6BD445BAE12
sambaNTPassword: 64C1E160B4CF3B4D47B2DEC5C70FA29F
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
 00000000
sambaPwdLastSet: 1643186834
sambaAcctFlags: [U          ]
sambaKickoffTime: 0

# scanner2, people, ldap.mydomain.de
dn: uid=scanner2,ou=people,dc=ldap,dc=mydomain,dc=de
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: sambaIdmapEntry
objectClass: apple-user
cn: scanner2
sn: scanner2
uid: scanner2
uidNumber: 1000004
gidNumber: 1000000
userPassword:: e0NSWVBUfSQxJG9lRXdWT1VIJEJKWVZocnBQekg5WEdqQ1c3MUwwVTA=
homeDirectory: /home/scanner2
shadowLastChange: 19018
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
shadowExpire: -1
shadowInactive: 0
shadowFlag: 0
displayName: scanner2
sambaSID: S-1-5-21-581542813-1543657442-898407133-1014
sambaLMPassword: B7F8D2FB0CBFD15F813BA6BD445BAE12
sambaNTPassword: 08AE8114FB0DB84D1AF7A3E20D383B84
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
 00000000
sambaPwdLastSet: 1643186868
sambaAcctFlags: [U          ]
sambaKickoffTime: 0

# benutzername2.nachname.mobile, people, ldap.mydomain.de
dn: uid=benutzername2.nachname.mobile,ou=people,dc=ldap,dc=mydomain,dc=de
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: sambaIdmapEntry
objectClass: apple-user
cn: benutzername2.nachname.mobile
sn: benutzername2.nachname.mobile
uid: benutzername2.nachname.mobile
uidNumber: 1000005
gidNumber: 1000000
userPassword:: e0NSWVBUfSQxJGlmRXdWb1NLJFdGYmJMYWl0dDRYWUo3Qm55TVljZTA=
homeDirectory: /home/benutzername2.nachname.mobile
shadowLastChange: 19018
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
shadowExpire: -1
shadowInactive: 0
shadowFlag: 0
displayName: benutzername2.nachname.mobile
sambaSID: S-1-5-21-581542813-1543657442-898407133-1015
sambaLMPassword: A7D19039BC90DB0D88579B84A35CC87E
sambaNTPassword: 5138FB3452996E36C1A847B4EF6032A3
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
 00000000
sambaPwdLastSet: 1643186926
sambaAcctFlags: [U          ]
sambaKickoffTime: 0

# it-user, people, ldap.mydomain.de
dn: uid=it-user,ou=people,dc=ldap,dc=mydomain,dc=de
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: sambaIdmapEntry
objectClass: apple-user
cn: it-user
sn: it-user
uid: it-user
uidNumber: 1000006
gidNumber: 1000000
userPassword:: e0NSWVBUfSQxJENnRXdWcmxMJDZ3T3RZVC9jaU9jNE4zSTE0R2dkMi8=
homeDirectory: /home/it-user
shadowLastChange: 19018
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
shadowExpire: -1
shadowInactive: 0
shadowFlag: 0
displayName: it-user
sambaSID: S-1-5-21-581542813-1543657442-898407133-1016
sambaLMPassword: A7D19039BC90DB0DE28890FB4D388949
sambaNTPassword: FE2D8BEF46B153453B2FB32713B34711
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
 00000000
sambaPwdLastSet: 1643186958
sambaAcctFlags: [U          ]
sambaKickoffTime: 0

# benutzername1.nachname.mobile, people, ldap.mydomain.de
dn: uid=benutzername1.nachname.mobile,ou=people,dc=ldap,dc=mydomain,dc=de
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: sambaIdmapEntry
objectClass: apple-user
cn: benutzername1.nachname.mobile
sn: benutzername1.nachname.mobile
uid: benutzername1.nachname.mobile
uidNumber: 1000007
gidNumber: 1000000
userPassword:: e0NSWVBUfSQxJG5nRXdWL1NGJEJMbkZsUG0xemdKVEZDYVBHcENOLy8=
homeDirectory: /home/benutzername1.nachname.mobile
shadowLastChange: 19018
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
shadowExpire: -1
shadowInactive: 0
shadowFlag: 0
displayName: benutzername1.nachname.mobile
sambaSID: S-1-5-21-581542813-1543657442-898407133-1017
sambaLMPassword: A7D19039BC90DB0D28A2612667E70EBD
sambaNTPassword: 3A32BA8D16CAA1A3C39AD69F1766505F
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
 00000000
sambaPwdLastSet: 1643186995
sambaAcctFlags: [U          ]
sambaKickoffTime: 0

# ldap-ltsp-admin, people, ldap.mydomain.de
dn: uid=ldap-ltsp-admin,ou=people,dc=ldap,dc=mydomain,dc=de
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: sambaIdmapEntry
objectClass: apple-user
cn: ldap-ltsp-admin
sn: ldap-ltsp-admin
uid: ldap-ltsp-admin
uidNumber: 1000008
gidNumber: 1000000
userPassword:: e0NSWVBUfSQxJFNoRXdWVkZKJHEzNlcvV0ZmLnRsR0g1a2pFbVNzQy8=
homeDirectory: /home/ldap-ltsp-admin
shadowLastChange: 19018
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
shadowExpire: -1
shadowInactive: 0
shadowFlag: 0
displayName: ldap-ltsp-admin
sambaSID: S-1-5-21-581542813-1543657442-898407133-1018
sambaLMPassword: A7D19039BC90DB0D31CCBD13B4D6835E
sambaNTPassword: C8329307747A7214EE13C5EF6ACA460A
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
 00000000
sambaPwdLastSet: 1643187038
sambaAcctFlags: [U          ]
sambaKickoffTime: 0

# user3, people, ldap.mydomain.de
dn: uid=user3,ou=people,dc=ldap,dc=mydomain,dc=de
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: sambaIdmapEntry
objectClass: apple-user
cn: user3
sn: user3
uid: user3
uidNumber: 1000009
gidNumber: 1000000
userPassword:: e0NSWVBUfSQxJC5pRXdWMENMJDhrTmQ1QkE5Q1N5T0x2UWxORjZYbzE=
homeDirectory: /home/user3
shadowLastChange: 19018
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
shadowExpire: -1
shadowInactive: 0
shadowFlag: 0
displayName: user3
sambaSID: S-1-5-21-581542813-1543657442-898407133-1019
sambaLMPassword: A7D19039BC90DB0D9EF73BACC0E55ECD
sambaNTPassword: 62A8425A1FC4DDE4E57C91C7567D472E
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
 00000000
sambaPwdLastSet: 1643187072
sambaAcctFlags: [U          ]
sambaKickoffTime: 0

# backupuser, people, ldap.mydomain.de
dn: uid=backupuser,ou=people,dc=ldap,dc=mydomain,dc=de
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: sambaIdmapEntry
objectClass: apple-user
cn: backupuser
sn: backupuser
uid: backupuser
uidNumber: 1000010
gidNumber: 1000000
userPassword:: e0NSWVBUfSQxJFppRXdWN29FJHovZFEvNUMzSmYuclFQMXo2b2F2ai4=
homeDirectory: /home/backupuser
shadowLastChange: 19018
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
shadowExpire: -1
shadowInactive: 0
shadowFlag: 0
displayName: backupuser
sambaSID: S-1-5-21-581542813-1543657442-898407133-1020
sambaLMPassword: A7D19039BC90DB0D56F80C8FFB6E18AA
sambaNTPassword: 3293919E01EE0700406081F453F587FC
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
 00000000
sambaPwdLastSet: 1643187109
sambaAcctFlags: [U          ]
sambaKickoffTime: 0

# readonlyadmin, people, ldap.mydomain.de
dn: uid=readonlyadmin,ou=people,dc=ldap,dc=mydomain,dc=de
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: sambaIdmapEntry
objectClass: apple-user
cn: readonlyadmin
sn: readonlyadmin
uid: readonlyadmin
uidNumber: 1000011
gidNumber: 1000000
userPassword:: e0NSWVBUfSQxJDJ4d3hWYlZMJHdLNnFyTVRkdnczRm1PcEkzUWl2RC4=
homeDirectory: /home/readonlyadmin
gecos:: QWRtaW4gZsO8ciBMREFQIFZNcw==
shadowLastChange: 19023
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
shadowExpire: -1
shadowInactive: 0
shadowFlag: 0
displayName: readonlyadmin
sambaSID: S-1-5-21-581542813-1543657442-898407133-1021
sambaLMPassword: A7D19039BC90DB0D3C3ADEF87BB2A955
sambaNTPassword: 515EE25D0399F6A3FB257589F1C169EE
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
 00000000
sambaPwdLastSet: 1643630404
sambaAcctFlags: [U          ]
sambaKickoffTime: 0

# search result
search: 2
result: 0 Success

# numResponses: 32
# numEntries: 31

Ich habe keinen Plan, wo der Fehler liegen könnte - habe wie gesagt zig Anleitungen probiert - alle erfolglos.

Habt ihr Erfahrungen damit und könnt mir auf die Sprünge helfen? Bin für jeden Tip dankbar.

schragge

Anmeldungsdatum:
27. Januar 2022

Beiträge: 181

Hast du ldap in /etc/nsswitch.conf eingetragen? Hier ist ein Beispiel. Debian-Wiki hat eine gute Anleitung: LDAP/NSS. Kannst du LDAP-Nutzer mit getent abfragen?

getent passwd NUTZERNAME 

kaktux

(Themenstarter)

Anmeldungsdatum:
16. Januar 2006

Beiträge: 226

Edit: einen Tag später habe ich - zumindest bei der virtuellen Maschine mit Turnkey-Linux-OpenLDAP alles zum laufen bekommen. Den Beitrag von gestern lasse ich der Vollständigkeit halber mal stehen - und poste hier drunter neu.

Die Lösung für den Testserver (leider nicht für den QNAP) war: install libnss-ldapd configure /etc/nslcd.conf uri ldap://192.168.5.16/ base dc=ldap,dc=mydomain,dc=de configure /etc/nsswitch.conf: passwd, group, shadow

2. install pam-ldapd pam-auth-update oder dpkg-reconfigure libpam-runtime → 5 Optionen (sonst fehlen Module) → alle anklicken inkl. create homeDirectory

sudo service nslcd restart sudo service nscd restart

→ login per gui funktioniert.

Veraltet

Danke dir - die Anleitung hilft schonmal ein wenig weiter.

Ich habe testweise (neben dem vorinstallierten openLDAP, das auf dem QNAP-NAS ist) eine virtuelle Maschine mit Turnkey-Linux (debian basiert) inkl. openLDAP erstellt - um zu testen, inwieweit sich die QNAP-Version von einer "normalen" unterscheidet, bzw. um es zuerst via Turnkey zum laufen zu bringen und danach auf dem QNAP.

Installiert habe ich jetzt - wie in deinem Link beschrieben - das Paket libnss-ldapd. Dabei wurde auch gleich nach den Eintragungen für /etc/nsswitch.conf gefragt. Gewählt habe ich passwd, group und shadow.

getent kannte ich nicht und musste ein wenig probieren.

getent passwd  

funktioniert auf dem Turnkey-OpenLDAP → dort werden die 3 Benutzer, die ich erstellt habe angezeigt. Allerdings habe ich 2 neue Probleme festgestellt. Zwar werden jetzt, wenn ich meine Kubuntu-Desktop-VM zum einloggen nehmen diese 3 Benutzer angezeigt - allerdings passiert nach Login nichts. Bei 2 Usern wird das Passwort angenommen - dann wird der Bildschirm kurz schwarz - und kehrt dann zum Login zurück. Beim 3ten schlägt die Anmeldung fehl. Das kann daran liegen, das Benutzer 3 ein längeres Passwort mit Sonderzeichen (@ und !) hat - während ich bei den andren etwas einfaches wie "test" gewählt habe.

Ausgabe ist (gekürzt):

vorname.nachname:*:2000:100:vorname.nachname:/home/users/vorname.nachname:
readonlyadmin:*:2001:100: readonlyadmin:/home/users/readonlyadmin:
test:*:2002:100: test:/home/users/test:

Der oberste Benutzer als "Real"beispiel ist derjenige, bei dem die Anmeldung bei Passworteingabe fehlschlägt.

Die zweite Sache die mit Turnkey-openLDAP nicht funktioniert, ist das hinzufügen eines neuen Benutzers. Ich habe via phpLDAPadmin einen Benutzer test2 erstellt - dieser wird aber auch nach Neustart und mehreren Versuchen nicht angezeigt - weder beim Login, noch wenn ich getent passwd aufrufe. Da sind es immer noch die alten 3.

Ich habe einmal nach dem Hochfahren und Anmeldungsversuchen mit den Benutzern test und readonlyadmin (kurz schwarzer Bildschirm, dann zurück zum Login) und vorname.nachname (Anmeldung schlägt fehl, Passwort mit @ und ! )

journalctl -b 

ausgeführt:

Feb 08 16:42:26 LTSP-Server systemd-timesyncd[420]: Initial synchronization to time server 91.189.91.157:123 (ntp.ubuntu.com).
Feb 08 16:42:27 LTSP-Server systemd[1]: systemd-hostnamed.service: Succeeded.
Feb 08 16:42:29 LTSP-Server sddm-greeter[809]: Reading from "/usr/share/xsessions/plasma.desktop"
Feb 08 16:42:29 LTSP-Server sddm[597]: Message received from greeter: Login
Feb 08 16:42:29 LTSP-Server sddm[597]: Reading from "/usr/share/xsessions/plasma.desktop"
Feb 08 16:42:29 LTSP-Server sddm[597]: Reading from "/usr/share/xsessions/plasma.desktop"
Feb 08 16:42:29 LTSP-Server sddm[597]: Session "plasma.desktop" selected, command: "/usr/bin/startplasma-x11"
Feb 08 16:42:29 LTSP-Server sddm-helper[837]: [PAM] Starting...
Feb 08 16:42:29 LTSP-Server sddm-helper[837]: pam_unix(sddm:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=vorname.nachname
Feb 08 16:42:29 LTSP-Server sddm-helper[837]: [PAM] Authenticating...
Feb 08 16:42:29 LTSP-Server sddm-helper[837]: [PAM] Preparing to converse...
Feb 08 16:42:29 LTSP-Server sddm-helper[837]: [PAM] Conversation with 1 messages
Feb 08 16:42:29 LTSP-Server nslcd[765]: [7b8ddc] <authc="vorname.nachname"> cn=vorname.nachname,ou=Users,dc=ldap,dc=mydomain,dc=de: Invalid credentials
Feb 08 16:42:29 LTSP-Server sddm-helper[837]: pam_ldap(sddm:auth): Authentication failure; user=vorname.nachname
Feb 08 16:42:31 LTSP-Server sddm-helper[837]: [PAM] authenticate: Authentication failure
Feb 08 16:42:31 LTSP-Server sddm-helper[837]: [PAM] returning.
Feb 08 16:42:31 LTSP-Server sddm[597]: Authentication error: "Authentication failure"
Feb 08 16:42:31 LTSP-Server sddm-helper[837]: [PAM] Ended.
Feb 08 16:42:31 LTSP-Server sddm-greeter[809]: Message received from daemon: LoginFailed
Feb 08 16:42:31 LTSP-Server sddm[597]: Auth: sddm-helper exited with 1
Feb 08 16:42:34 LTSP-Server sddm-greeter[809]: Reading from "/usr/share/xsessions/plasma.desktop"
Feb 08 16:42:34 LTSP-Server sddm[597]: Message received from greeter: Login
Feb 08 16:42:34 LTSP-Server sddm[597]: Reading from "/usr/share/xsessions/plasma.desktop"
Feb 08 16:42:34 LTSP-Server sddm[597]: Reading from "/usr/share/xsessions/plasma.desktop"
Feb 08 16:42:34 LTSP-Server sddm[597]: Session "plasma.desktop" selected, command: "/usr/bin/startplasma-x11"
Feb 08 16:42:34 LTSP-Server sddm-helper[838]: [PAM] Starting...
Feb 08 16:42:34 LTSP-Server sddm-helper[838]: [PAM] Authenticating...
Feb 08 16:42:34 LTSP-Server sddm-helper[838]: [PAM] Preparing to converse...
Feb 08 16:42:34 LTSP-Server sddm-helper[838]: [PAM] Conversation with 1 messages
Feb 08 16:42:34 LTSP-Server sddm-helper[838]: pam_unix(sddm:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=readonlyadmin
Feb 08 16:42:34 LTSP-Server sddm-helper[838]: pam_kwallet5(sddm:auth): (null): pam_sm_authenticate
Feb 08 16:42:34 LTSP-Server sddm-helper[838]: [PAM] returning.
Feb 08 16:42:34 LTSP-Server sddm[597]: Authenticated successfully
Feb 08 16:42:34 LTSP-Server sddm-helper[838]: pam_kwallet5(sddm:setcred): pam_kwallet5: pam_sm_setcred
Feb 08 16:42:34 LTSP-Server sddm-helper[838]: pam_unix(sddm:session): session opened for user readonlyadmin by (uid=0)
Feb 08 16:42:34 LTSP-Server sddm-greeter[809]: Message received from daemon: LoginSucceeded
Feb 08 16:42:34 LTSP-Server systemd[1]: Created slice User Slice of UID 2001.
Feb 08 16:42:34 LTSP-Server systemd[1]: Starting User Runtime Directory /run/user/2001...
Feb 08 16:42:34 LTSP-Server systemd-logind[496]: New session 6 of user readonlyadmin.
Feb 08 16:42:34 LTSP-Server systemd[1]: Finished User Runtime Directory /run/user/2001.
Feb 08 16:42:34 LTSP-Server systemd[1]: Starting User Manager for UID 2001...
Feb 08 16:42:34 LTSP-Server systemd[840]: pam_unix(systemd-user:session): session opened for user readonlyadmin by (uid=0)
Feb 08 16:42:34 LTSP-Server sddm-helper[806]: [PAM] Closing session
Feb 08 16:42:34 LTSP-Server sddm-helper[806]: pam_unix(sddm-greeter:session): session closed for user sddm
Feb 08 16:42:34 LTSP-Server sddm-helper[806]: [PAM] Ended.
Feb 08 16:42:34 LTSP-Server sddm[597]: Auth: sddm-helper exited successfully
Feb 08 16:42:34 LTSP-Server sddm[597]: Greeter stopped.
Feb 08 16:42:34 LTSP-Server systemd[1]: session-5.scope: Succeeded.
Feb 08 16:42:34 LTSP-Server systemd-logind[496]: Session 5 logged out. Waiting for processes to exit.
Feb 08 16:42:34 LTSP-Server systemd-logind[496]: Removed session 5.
Feb 08 16:42:34 LTSP-Server systemd[840]: Reached target Paths.
Feb 08 16:42:34 LTSP-Server sddm-helper[838]: pam_kwallet5(sddm:session): pam_kwallet5: pam_sm_open_session
Feb 08 16:42:34 LTSP-Server systemd[840]: Reached target Timers.
Feb 08 16:42:34 LTSP-Server sddm-helper[838]: pam_kwallet5-kwalletd: user home folder does not exist
Feb 08 16:42:34 LTSP-Server systemd[840]: Starting D-Bus User Message Bus Socket.
Feb 08 16:42:34 LTSP-Server sddm-helper[838]: pam_kwallet5(sddm:session): pam_kwallet5: Fail into creating the hash
Feb 08 16:42:34 LTSP-Server systemd[840]: Listening on GnuPG network certificate management daemon.
Feb 08 16:42:34 LTSP-Server sddm-helper[838]: pam_unix(sddm:session): session closed for user readonlyadmin
Feb 08 16:42:34 LTSP-Server systemd[840]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers).
Feb 08 16:42:34 LTSP-Server sddm-helper[838]: pam_kwallet5(sddm:session): pam_kwallet5: pam_sm_close_session
Feb 08 16:42:34 LTSP-Server systemd[840]: Listening on GnuPG cryptographic agent and passphrase cache (restricted).
Feb 08 16:42:34 LTSP-Server sddm-helper[838]: pam_kwallet5(sddm:setcred): pam_kwallet5: pam_sm_setcred
Feb 08 16:42:34 LTSP-Server systemd[840]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Feb 08 16:42:34 LTSP-Server systemd[840]: Listening on GnuPG cryptographic agent and passphrase cache.
Feb 08 16:42:34 LTSP-Server systemd[840]: Listening on debconf communication socket.
Feb 08 16:42:34 LTSP-Server systemd[840]: Listening on Sound System.
Feb 08 16:42:34 LTSP-Server systemd[840]: Listening on REST API socket for snapd user session agent.
Feb 08 16:42:34 LTSP-Server systemd[840]: Listening on D-Bus User Message Bus Socket.
Feb 08 16:42:34 LTSP-Server systemd[840]: Reached target Sockets.
Feb 08 16:42:34 LTSP-Server systemd[840]: Reached target Basic System.
Feb 08 16:42:34 LTSP-Server systemd[1]: Started User Manager for UID 2001.
Feb 08 16:42:34 LTSP-Server systemd[1]: Started Session 6 of user readonlyadmin.
Feb 08 16:42:34 LTSP-Server systemd[840]: Starting Sound Service...
Feb 08 16:42:34 LTSP-Server sddm-helper[838]: Starting: "/etc/sddm/Xsession \"/usr/bin/startplasma-x11\""
Feb 08 16:42:34 LTSP-Server sddm-helper[847]: chdir( /home/users/readonlyadmin ) failed for user:  "readonlyadmin"
Feb 08 16:42:34 LTSP-Server sddm-helper[847]: verify directory exist and has sufficient permissions
Feb 08 16:42:34 LTSP-Server sddm[597]: Session started
Feb 08 16:42:34 LTSP-Server sddm-helper[838]: [PAM] Closing session
Feb 08 16:42:34 LTSP-Server sddm-helper[838]: [PAM] Ended.
Feb 08 16:42:34 LTSP-Server systemd[1]: session-6.scope: Succeeded.
Feb 08 16:42:34 LTSP-Server sddm[597]: Auth: sddm-helper exited with 3
Feb 08 16:42:34 LTSP-Server sddm[597]: Socket server stopping...
Feb 08 16:42:34 LTSP-Server sddm[597]: Socket server stopped.
Feb 08 16:42:34 LTSP-Server sddm[597]: Display server stopping...
Feb 08 16:42:34 LTSP-Server systemd-logind[496]: Session 6 logged out. Waiting for processes to exit.
Feb 08 16:42:34 LTSP-Server systemd-logind[496]: Removed session 6.
Feb 08 16:42:34 LTSP-Server pulseaudio[846]: Failed to create secure directory (/home/users/readonlyadmin/.config/pulse): Datei oder Verzeichnis nicht gefunden
Feb 08 16:42:34 LTSP-Server systemd[840]: pulseaudio.service: Main process exited, code=exited, status=1/FAILURE
Feb 08 16:42:34 LTSP-Server systemd[840]: pulseaudio.service: Failed with result 'exit-code'.
Feb 08 16:42:34 LTSP-Server systemd[840]: Failed to start Sound Service.
Feb 08 16:42:34 LTSP-Server systemd[840]: Reached target Main User Target.
Feb 08 16:42:34 LTSP-Server systemd[840]: Startup finished in 224ms.
Feb 08 16:42:34 LTSP-Server sddm[597]: Display server stopped.
Feb 08 16:42:34 LTSP-Server sddm[597]: Running display stop script  "/usr/share/sddm/scripts/Xstop"
Feb 08 16:42:35 LTSP-Server sddm[597]: Removing display ":0" ...
Feb 08 16:42:35 LTSP-Server sddm[597]: Adding new display on vt 1 ...
Feb 08 16:42:35 LTSP-Server sddm[597]: Loading theme configuration from ""
Feb 08 16:42:35 LTSP-Server sddm[597]: Display server starting...
Feb 08 16:42:35 LTSP-Server sddm[597]: Running: /usr/bin/X -nolisten tcp -auth /var/run/sddm/{dfd92634-f0cf-4bd4-b33c-1a31025f878a} -background none -noreset -displayfd >
Feb 08 16:42:35 LTSP-Server systemd[840]: pulseaudio.service: Scheduled restart job, restart counter is at 1.
Feb 08 16:42:35 LTSP-Server systemd[840]: Stopped Sound Service.
Feb 08 16:42:35 LTSP-Server systemd[840]: Starting Sound Service...
Feb 08 16:42:35 LTSP-Server pulseaudio[866]: Failed to create secure directory (/home/users/readonlyadmin/.config/pulse): Datei oder Verzeichnis nicht gefunden
Feb 08 16:42:35 LTSP-Server systemd[840]: pulseaudio.service: Main process exited, code=exited, status=1/FAILURE
Feb 08 16:42:35 LTSP-Server systemd[840]: pulseaudio.service: Failed with result 'exit-code'.
Feb 08 16:42:35 LTSP-Server systemd[840]: Failed to start Sound Service.
Feb 08 16:42:35 LTSP-Server sddm[597]: Setting default cursor
Feb 08 16:42:35 LTSP-Server sddm[597]: Running display setup script  "/usr/share/sddm/scripts/Xsetup"
Feb 08 16:42:35 LTSP-Server sddm[597]: Display server started.
Feb 08 16:42:35 LTSP-Server sddm[597]: Socket server starting...
Feb 08 16:42:35 LTSP-Server sddm[597]: Socket server started.
Feb 08 16:42:35 LTSP-Server sddm[597]: Loading theme configuration from "/usr/share/sddm/themes/ubuntu-theme/theme.conf"
Feb 08 16:42:35 LTSP-Server sddm[597]: Greeter starting...
Feb 08 16:42:35 LTSP-Server sddm[597]: Adding cookie to "/var/run/sddm/{dfd92634-f0cf-4bd4-b33c-1a31025f878a}"
Feb 08 16:42:35 LTSP-Server sddm-helper[870]: [PAM] Starting...
Feb 08 16:42:35 LTSP-Server sddm-helper[870]: [PAM] Authenticating...
Feb 08 16:42:35 LTSP-Server sddm-helper[870]: [PAM] returning.
Feb 08 16:42:35 LTSP-Server sddm-helper[870]: pam_unix(sddm-greeter:session): session opened for user sddm by (uid=0)
Feb 08 16:42:35 LTSP-Server systemd-logind[496]: New session 8 of user sddm.
Feb 08 16:42:35 LTSP-Server systemd[1]: Started Session 8 of user sddm.
Feb 08 16:42:35 LTSP-Server sddm[597]: Greeter session started successfully
Feb 08 16:42:35 LTSP-Server sddm-greeter[873]: High-DPI autoscaling not Enabled
Feb 08 16:42:35 LTSP-Server sddm-greeter[873]: Reading from "/usr/share/xsessions/plasma.desktop"
Feb 08 16:42:35 LTSP-Server sddm-greeter[873]: Loading theme configuration from "/usr/share/sddm/themes/ubuntu-theme/theme.conf"
Feb 08 16:42:35 LTSP-Server sddm-greeter[873]: Connected to the daemon.
Feb 08 16:42:35 LTSP-Server sddm[597]: Message received from greeter: Connect
Feb 08 16:42:35 LTSP-Server sddm-greeter[873]: Loading file:///usr/share/sddm/themes/ubuntu-theme/Main.qml...
Feb 08 16:42:35 LTSP-Server sddm-greeter[873]: QObject: Cannot create children for a parent that is in a different thread.
                                               (Parent is QGuiApplication(0x7fff1c81efc0), parent's thread is QThread(0x564043c5dda0), current thread is QThread(0x564043>
Feb 08 16:42:35 LTSP-Server sddm-greeter[873]: QObject: Cannot create children for a parent that is in a different thread.
                                               (Parent is QGuiApplication(0x7fff1c81efc0), parent's thread is QThread(0x564043c5dda0), current thread is QThread(0x564043>
Feb 08 16:42:35 LTSP-Server sddm-greeter[873]: QObject: Cannot create children for a parent that is in a different thread.
                                         (Parent is QGuiApplication(0x7fff1c81efc0), parent's thread is QThread(0x564043c5dda0), current thread is QThread(0x564043>
Feb 08 16:42:35 LTSP-Server sddm-greeter[873]: QObject::installEventFilter(): Cannot filter events for objects in a different thread.
Feb 08 16:42:35 LTSP-Server systemd[840]: pulseaudio.service: Scheduled restart job, restart counter is at 2.
Feb 08 16:42:35 LTSP-Server systemd[840]: Stopped Sound Service.
Feb 08 16:42:35 LTSP-Server systemd[840]: Starting Sound Service...
Feb 08 16:42:35 LTSP-Server pulseaudio[885]: Failed to create secure directory (/home/users/readonlyadmin/.config/pulse): Datei oder Verzeichnis nicht gefunden
Feb 08 16:42:35 LTSP-Server systemd[840]: pulseaudio.service: Main process exited, code=exited, status=1/FAILURE
Feb 08 16:42:35 LTSP-Server systemd[840]: pulseaudio.service: Failed with result 'exit-code'.
Feb 08 16:42:35 LTSP-Server systemd[840]: Failed to start Sound Service.
Feb 08 16:42:36 LTSP-Server systemd[840]: pulseaudio.service: Scheduled restart job, restart counter is at 3.
Feb 08 16:42:36 LTSP-Server systemd[840]: Stopped Sound Service.
Feb 08 16:42:36 LTSP-Server systemd[840]: Starting Sound Service...
Feb 08 16:42:36 LTSP-Server pulseaudio[888]: Failed to create secure directory (/home/users/readonlyadmin/.config/pulse): Datei oder Verzeichnis nicht gefunden
Feb 08 16:42:36 LTSP-Server systemd[840]: pulseaudio.service: Main process exited, code=exited, status=1/FAILURE
Feb 08 16:42:36 LTSP-Server systemd[840]: pulseaudio.service: Failed with result 'exit-code'.
Feb 08 16:42:36 LTSP-Server systemd[840]: Failed to start Sound Service.
Feb 08 16:42:36 LTSP-Server systemd[840]: pulseaudio.service: Scheduled restart job, restart counter is at 4.
Feb 08 16:42:36 LTSP-Server systemd[840]: Stopped Sound Service.
Feb 08 16:42:36 LTSP-Server systemd[840]: Starting Sound Service...
Feb 08 16:42:36 LTSP-Server pulseaudio[892]: Failed to create secure directory (/home/users/readonlyadmin/.config/pulse): Datei oder Verzeichnis nicht gefunden
Feb 08 16:42:36 LTSP-Server systemd[840]: pulseaudio.service: Main process exited, code=exited, status=1/FAILURE
Feb 08 16:42:36 LTSP-Server systemd[840]: pulseaudio.service: Failed with result 'exit-code'.
Feb 08 16:42:36 LTSP-Server systemd[840]: Failed to start Sound Service.
Feb 08 16:42:36 LTSP-Server systemd[840]: pulseaudio.service: Scheduled restart job, restart counter is at 5.
Feb 08 16:42:36 LTSP-Server systemd[840]: Stopped Sound Service.
Feb 08 16:42:36 LTSP-Server systemd[840]: pulseaudio.service: Start request repeated too quickly.
Feb 08 16:42:36 LTSP-Server systemd[840]: pulseaudio.service: Failed with result 'exit-code'.
Feb 08 16:42:36 LTSP-Server systemd[840]: Failed to start Sound Service.
Feb 08 16:42:36 LTSP-Server systemd[840]: pulseaudio.socket: Failed with result 'service-start-limit-hit'.
Feb 08 16:42:36 LTSP-Server sddm-greeter[873]: Adding view for "Virtual-1" QRect(0,0 1024x768)
Feb 08 16:42:37 LTSP-Server sddm-greeter[873]: Message received from daemon: Capabilities
Feb 08 16:42:37 LTSP-Server sddm-greeter[873]: Message received from daemon: HostName
Feb 08 16:42:45 LTSP-Server systemd[1]: Stopping User Manager for UID 2001...
Feb 08 16:42:45 LTSP-Server systemd[840]: Stopped target Main User Target.
Feb 08 16:42:45 LTSP-Server systemd[840]: Stopped target Basic System.
Feb 08 16:42:45 LTSP-Server systemd[840]: Stopped target Paths.
Feb 08 16:42:45 LTSP-Server systemd[840]: Stopped target Sockets.
Feb 08 16:42:45 LTSP-Server systemd[840]: Stopped target Timers.
Feb 08 16:42:45 LTSP-Server systemd[840]: dbus.socket: Succeeded.
Feb 08 16:42:45 LTSP-Server systemd[840]: Closed D-Bus User Message Bus Socket.
Feb 08 16:42:45 LTSP-Server systemd[840]: dirmngr.socket: Succeeded.
Feb 08 16:42:45 LTSP-Server systemd[840]: Closed GnuPG network certificate management daemon.
Feb 08 16:42:45 LTSP-Server systemd[840]: gpg-agent-browser.socket: Succeeded.
Feb 08 16:42:45 LTSP-Server systemd[840]: Closed GnuPG cryptographic agent and passphrase cache (access for web browsers).
Feb 08 16:42:45 LTSP-Server systemd[840]: gpg-agent-extra.socket: Succeeded.
Feb 08 16:42:45 LTSP-Server systemd[840]: Closed GnuPG cryptographic agent and passphrase cache (restricted).
Feb 08 16:42:45 LTSP-Server systemd[840]: gpg-agent-ssh.socket: Succeeded.
Feb 08 16:42:45 LTSP-Server systemd[840]: Closed GnuPG cryptographic agent (ssh-agent emulation).
Feb 08 16:42:45 LTSP-Server systemd[840]: gpg-agent.socket: Succeeded.
Feb 08 16:42:45 LTSP-Server systemd[840]: Closed GnuPG cryptographic agent and passphrase cache.
Feb 08 16:42:45 LTSP-Server systemd[840]: pk-debconf-helper.socket: Succeeded.
Feb 08 16:42:45 LTSP-Server systemd[840]: Closed debconf communication socket.
Feb 08 16:42:45 LTSP-Server systemd[840]: snapd.session-agent.socket: Succeeded.
Feb 08 16:42:45 LTSP-Server systemd[840]: Closed REST API socket for snapd user session agent.
Feb 08 16:42:45 LTSP-Server systemd[840]: Reached target Shutdown.
Feb 08 16:42:45 LTSP-Server systemd[840]: systemd-exit.service: Succeeded.
Feb 08 16:42:45 LTSP-Server systemd[840]: Finished Exit the Session.
Feb 08 16:42:45 LTSP-Server systemd[840]: Reached target Exit the Session.
Feb 08 16:42:45 LTSP-Server systemd[1]: user@2001.service: Succeeded.
Feb 08 16:42:45 LTSP-Server systemd[1]: Stopped User Manager for UID 2001.
Feb 08 16:42:45 LTSP-Server systemd[1]: Stopping User Runtime Directory /run/user/2001...
Feb 08 16:42:45 LTSP-Server systemd[661]: run-user-2001.mount: Succeeded.
Feb 08 16:42:45 LTSP-Server systemd[1]: run-user-2001.mount: Succeeded.
Feb 08 16:42:45 LTSP-Server systemd[1]: user-runtime-dir@2001.service: Succeeded.
Feb 08 16:42:45 LTSP-Server systemd[1]: Stopped User Runtime Directory /run/user/2001.
Feb 08 16:42:45 LTSP-Server systemd[1]: Removed slice User Slice of UID 2001.
Feb 08 16:42:47 LTSP-Server sshd[894]: Accepted password for it-verwalter from 192.168.55.110 port 43462 ssh2
Feb 08 16:42:47 LTSP-Server sshd[894]: pam_unix(sshd:session): session opened for user it-verwalter by (uid=0)
Feb 08 16:42:47 LTSP-Server systemd[1]: Created slice User Slice of UID 1000.
Feb 08 16:42:47 LTSP-Server systemd[1]: Starting User Runtime Directory /run/user/1000...
Feb 08 16:42:47 LTSP-Server systemd-logind[496]: New session 9 of user it-verwalter.
Feb 08 16:42:47 LTSP-Server systemd[1]: Finished User Runtime Directory /run/user/1000.
Feb 08 16:42:47 LTSP-Server systemd[1]: Starting User Manager for UID 1000...
Feb 08 16:42:47 LTSP-Server systemd[898]: pam_unix(systemd-user:session): session opened for user it-verwalter by (uid=0)
Feb 08 16:42:47 LTSP-Server systemd[898]: Reached target Paths.
Feb 08 16:42:47 LTSP-Server systemd[898]: Reached target Timers.
Feb 08 16:42:47 LTSP-Server systemd[898]: Starting D-Bus User Message Bus Socket.
Feb 08 16:42:47 LTSP-Server systemd[898]: Listening on GnuPG network certificate management daemon.
Feb 08 16:42:47 LTSP-Server systemd[898]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers).
Feb 08 16:42:47 LTSP-Server systemd[898]: Listening on GnuPG cryptographic agent and passphrase cache (restricted).
Feb 08 16:42:47 LTSP-Server systemd[898]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Feb 08 16:42:47 LTSP-Server systemd[898]: Listening on GnuPG cryptographic agent and passphrase cache.
Feb 08 16:42:47 LTSP-Server systemd[898]: Listening on debconf communication socket.
Feb 08 16:42:47 LTSP-Server systemd[898]: Listening on Sound System.
Feb 08 16:42:47 LTSP-Server systemd[898]: Listening on REST API socket for snapd user session agent.
Feb 08 16:42:47 LTSP-Server systemd[898]: Listening on D-Bus User Message Bus Socket.
Feb 08 16:42:47 LTSP-Server systemd[898]: Reached target Sockets.
Feb 08 16:42:47 LTSP-Server systemd[898]: Reached target Basic System.
Feb 08 16:42:47 LTSP-Server systemd[1]: Started User Manager for UID 1000.
Feb 08 16:42:47 LTSP-Server systemd[1]: Started Session 9 of user it-verwalter.
Feb 08 16:42:47 LTSP-Server systemd[898]: Starting Sound Service...
Feb 08 16:42:47 LTSP-Server dbus-daemon[451]: [system] Activating via systemd: service name='org.bluez' unit='dbus-org.bluez.service' requested by ':1.193' (uid=1000 pid>
Feb 08 16:42:47 LTSP-Server systemd[1]: Condition check resulted in Bluetooth service being skipped.
Feb 08 16:42:47 LTSP-Server rtkit-daemon[669]: Supervising 0 threads of 0 processes of 4 users.
Feb 08 16:42:47 LTSP-Server rtkit-daemon[669]: Supervising 0 threads of 0 processes of 4 users.
Feb 08 16:42:47 LTSP-Server rtkit-daemon[669]: Supervising 0 threads of 0 processes of 4 users.
Feb 08 16:42:47 LTSP-Server rtkit-daemon[669]: Supervising 0 threads of 0 processes of 4 users.
Feb 08 16:42:47 LTSP-Server rtkit-daemon[669]: Supervising 0 threads of 0 processes of 4 users.
Feb 08 16:42:47 LTSP-Server systemd[898]: Started D-Bus User Message Bus.
Feb 08 16:42:47 LTSP-Server dbus-daemon[922]: [session uid=1000 pid=922] AppArmor D-Bus mediation is enabled
Feb 08 16:42:47 LTSP-Server systemd[898]: Started Sound Service.
Feb 08 16:42:47 LTSP-Server systemd[898]: Reached target Main User Target.
Feb 08 16:42:47 LTSP-Server systemd[898]: Startup finished in 314ms.

Wenn ich in /etc/nslcd.conf die Ip von Turnkey-LDAP zu der des Qnaps ändere und dann getent passwd ausführe, wird hingegen kein User angezeiget.

Damit bin ich zumindest schon einmal einen kleinen Schritt weiter als vorher. Danke dir soweit.

kaktux

(Themenstarter)

Anmeldungsdatum:
16. Januar 2006

Beiträge: 226

Auf dem Qnap bzw. dem dort laufenden LDAP Server kann ich mich nicht auf die selbe Weise anmelden.

journalctl -b zeigt u.a.

Feb 09 17:38:34 LTSP-Server nslcd[750]: [7b23c6] <passwd="readonlyadmin"> no available LDAP server found, sleeping 1 seconds
Feb 09 17:38:35 LTSP-Server nslcd[750]: [7b23c6] <passwd="readonlyadmin"> failed to bind to LDAP server ldap://192.168.5.10/: Inappropriate authentication: anonymous b>
Feb 09 17:38:35 LTSP-Server nslcd[750]: [7b23c6] <passwd="readonlyadmin"> no available LDAP server found: Inappropriate authentication
Feb 09 17:38:35 LTSP-Server sddm-helper[800]: [PAM] Preparing to converse...
Feb 09 17:38:35 LTSP-Server sddm-helper[800]: [PAM] Conversation with 1 messages
Feb 09 17:38:35 LTSP-Server nslcd[750]: [3c9869] <passwd="readonlyadmin"> no available LDAP server found: Server is unavailable
Feb 09 17:38:35 LTSP-Server sddm-helper[800]: pam_unix(sddm:auth): check pass; user unknown
Feb 09 17:38:35 LTSP-Server sddm-helper[800]: pam_unix(sddm:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Feb 09 17:38:35 LTSP-Server nslcd[750]: [334873] <passwd="readonlyadmin"> no available LDAP server found: Server is unavailable
Feb 09 17:38:35 LTSP-Server nslcd[750]: [b0dc51] <authc="readonlyadmin"> no available LDAP server found: Server is unavailable
Feb 09 17:38:35 LTSP-Server sddm-helper[800]: pam_ldap(sddm:auth): error reading from nslcd: Connection reset by peer
Feb 09 17:38:36 LTSP-Server sddm-helper[800]: [PAM] authenticate: User not known to the underlying authentication module
Feb 09 17:38:36 LTSP-Server sddm-helper[800]: [PAM] returning.
Feb 09 17:38:36 LTSP-Server sddm[579]: Authentication error: "User not known to the underlying authentication module"
Feb 09 17:38:36 LTSP-Server sddm-helper[800]: [PAM] Ended.
Feb 09 17:38:36 LTSP-Server sddm-greeter[671]: Message received from daemon: LoginFailed
Feb 09 17:38:36 LTSP-Server sddm[579]: Auth: sddm-helper exited with 1
Feb 09 16:38:47 LTSP-Server systemd-timesyncd[422]: Initial synchronization to time server 91.189.91.157:123 (ntp.ubuntu.com).
Feb 09 16:38:48 LTSP-Server nslcd[750]: [495cff] <authz="it-verwalter"> no available LDAP server found: Server is unavailable
Feb 09 16:38:48 LTSP-Server sshd[802]: pam_ldap(sshd:account): error reading from nslcd: Connection reset by peer

Das ist mein momentaner Stand - bisher bin ich noch nicht weiter gekommen mit dem QNAP-LDAP

schragge

Anmeldungsdatum:
27. Januar 2022

Beiträge: 181

kaktux schrieb:

Feb 09 17:38:35 LTSP-Server nslcd[750]: [7b23c6] <passwd="readonlyadmin"> failed to bind to LDAP server ldap://192.168.5.10/: Inappropriate authentication: anonymous b>

Vergleiche LDAP-Konfiguration auf den beiden Servern (/etc/ldap/slapd.d/*, /etc/ldap/slapd.conf, /etc/default/slapd). Besonders Optionen wie allow, disallow und require.

kaktux

(Themenstarter)

Anmeldungsdatum:
16. Januar 2006

Beiträge: 226

Die Lösung war jetzt einfacher als gedacht. Dieselbe Konfiguration, mit der der Turnkey-OpenLDAP Server funktionierte ging mit wenigen Änderungen auch mit dem QNAP-LDAP.

Die Info habe ich aus den Debian manpages für die nslcd.conf:

binddn DN
    Specifies the distinguished name with which to bind to the directory server for lookups. The default is to bind anonymously.
bindpw PASSWORD
    Specifies the credentials with which to bind. This option is only applicable when used with binddn above. If you set this option you should consider changing the permissions of the nslcd.conf file to only grant access to the root user.

Sprich - ich musste einfach die Datei /etc/nslcd.conf editieren 1. Die uri auf die IP des QNAPs ändern 2. binddn cn=admin,dc=ldap,dc=mydomain,dc=de setzen → was beim QNAP der Nutzer ist, der beim aktivieren von LDAP erstellt wird.

3. bindpw ADMINPASSWORd → das für den admin gewählte Passwort

Dann einfach die Datei speichern und neustarten → und es ging.

Danke dir!! ♥ Ohne den Gedankenanstoß und die Links wäre ich da nicht drauf gekommen.

Abschließend die Kurzfassung - falls jemand vor dem selben Problem steht:

1. install libnss-ldapd
(konfiguriert /etc/nslcd.conf)
uri: ldap://192.168.8.5/
base: dc=ldap,dc=mydomain,dc=com
(im nächsten Schritt wird /etc/nsswitch.conf konfiguriert)
markieren passwd, group and shadow

2. install pam-ldapd
(konfiguriert /etc/pam.d/common-* files)
falls schon installiert neu konfigurieren mit "pam-auth-update" oder "dpkg-reconfigure libpam-runtime"
5 Optionen, alle markieren, inkl. create homeDirectory

In meinem Fall kam dann noch dazu, das die Anmeldung nicht anonym möglich ist d.h. wie oben beschrieben habe ich in der Datei /etc/nslcd.conf noch binddn und bindpw eingefügt
3. Neustart
sudo service nslcd restart
sudo service nscd restart

-> login via gui oder Konsole (sudo -u LDAP-Benutzername)

Infos habe ich aus dem oben verlinkten Debian Wiki → besonders die Seiten LDAP/NSS und LDAP/PAM. Hilfreich war auch das Video: Djware - Install the LDAP client on Linux

Danke noch einmal an schragge für die Hilfe.

Antworten |