DOVECOT & LDAP Mei 5, 2009
Posted by setijoagus in Linux.Tags: authentication failure, dovecot(pam_unix), logname= uid=0 euid=0 tty= ruser= rhost= user=
add a comment
Dengan memantau server menggunakan tail -f /var/log/messages, ternyata ada error sebagai berikut :
Apr 28 14:41:44 linux dovecot(pam_unix)[13395]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=SEAG
Apr 28 15:46:52 linux dovecot(pam_unix)[14785]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=iker
Apr 29 11:08:27 linux dovecot(pam_unix)[26859]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=INRA
hal ini terjadi karena user – user itu memang tidak didaftarkan pada authentification pam_unix, saya menggunakan SSO [single sign on] dengan LDAP
cara mengatasi error juga sangat simple [kalau sudah tahu], caranya sebagai berikut :
1. edit /etc/dovecot.conf
# mv /etc/dovecot.conf /etc/dovecot.conf.asli
# vi /etc/dovecot.conf
protocol managesieve {
sieve=~/.dovecot.sieve
sieve_storage=~/sieve
}
protocol lda {
postmaster_address = root@ubslinux.com
}
auth default {
mechanisms = plain
passdb ldap {
args = /etc/dovecot-ldap.conf
}
userdb ldap {
args = /etc/dovecot-ldap.conf
}
user = root
}
protocols = pop3 pop3s imap imaps
mail_location = maildir:~/Maildir
valid_chroot_dirs = /home
2. buat file /etc/dovecot-ldap.conf
vi /etc/dovecot-ldap.conf
hosts = localhost
dn = cn=Manager,dc=ubslinux,dc=com
dnpass = password
tls = no
ldap_version = 2
base = uid=%u,ou=people,dc=ubslinux,dc=com
scope = subtree
pass_attrs = uid=user,userPassword=password
default_pass_scheme = CRYPT
ERROR samba server Mei 5, 2009
Posted by setijoagus in Linux.Tags: call_nt_transact_ioctl(0x9009c): Currently not implemented., couldn't find service, lib/util_sock.c:read_data(534), read_data: read failure for 4 bytes to client, smbd/service.c:make_connection(1191)
add a comment
Pada saat setup service samba, walaupun service berjalan normal, serta dapat digunakan dengan baik.
Tetatpi ternyata jika diperiksa dengan tail /var/log /messages, akan dijumpai seperti berikut :
================
error :
================
1. Apr 30 10:57:43 linux smbd[8416]: call_nt_transact_ioctl(0×9009c): Currently not implemented.
2. Apr 30 11:00:57 linux smbd[7304]: nb03 (172.20.200.222) couldn’t find service cb_pp
3. Apr 30 14:50:48 linux smbd[16682]: [2009/04/30 14:50:48, 0] smbd/service.c:make_connection(1191)
4. Apr 30 14:50:48 linux smbd[16682]: kf99 (172.20.231.99) couldn’t find service gv_pp
5. Apr 30 14:54:16 linux smbd[15895]: [2009/04/30 14:54:16, 0] lib/util_sock.c:read_data(534)
6. Apr 30 14:54:16 linux smbd[15895]: read_data: read failure for 4 bytes to client 172.20.200.15. Error = No route to host
setelah “putar-putar”, ternyata jawaban simpel, ya karena konfigurasi sambanya kurang lengkap ?????
memang saya belum optimal untuk explorasi, mana saja yang nggak perlu ditulis di smb.conf yang baru
sebab sudah dikejar deadline……………server dibutuhkan segera
intinya setiapkali ganti versi samba, ternayata tidak serta merta konfigurasi dapat dipakai semua.
==========================
KONFIGURASI LAMA smb.conf
==========================
[global]
netbios name = linux
admin users = Administrator
workgroup = UBSLINUX.COM
server string = linux
encrypt passwords = yes
os level = 65
domain master = yes
preferred master = yes
domain logons = yes
passdb backend = ldapsam:ldap://localhost
ldap suffix = dc=ubslinux,dc=com
ldap admin dn = cn=Manager,dc=ubslinux,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap machine suffix = ou=Computers
ldap passwd sync = yes
logon path =
logon home =
logon drive =
log file = /var/log/samba/%m.log
max log size = 50
security = domain
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = yes
ldap passwd sync = yes
winbind use default domain = no
#================== EDP Share Definitions ===================
[edp_driver]
comment = directory edp driver
path = /s01/driver
valid users = @edp_driver
write list = @edp_driver
create mask = 0775
directory mask = 0775
==========================
KONFIGURASI BARU smb.conf
==========================
[global]
netbios name = LINUX
admin users = Administrator
workgroup = UBSLINUX.COM
server string = Samba Server
encrypt passwords = yes
os level = 33
domain master = yes
preferred master = yes
domain logons = yes
passdb backend = ldapsam:ldap://localhost
ldap suffix = dc=ubslinux,dc=com
ldap admin dn = cn=Manager,dc=ubslinux,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap machine suffix = ou=Computers
ldap passwd sync = yes
add machine script = /usr/local/sbin/smbldap-useradd.pl -w %u
add user script = /usr/local/sbin/smbldap-useradd -m “%u”
delete user script = /usr/local/sbin/smbldap-userdel “%u”
add machine script = /usr/local/sbin/smbldap-useradd -t 0 -w “%u”
add group script = /usr/local/sbin/smbldap-groupadd -p “%g”
delete group script = /usr/local/sbin/smbldap-groupdel “%g”
add user to group script = /usr/local/sbin/smbldap-groupmod -m “%u” “%g”
delete user from group script = /usr/local/sbin/smbldap-groupmod -x “%u” “%g”
set primary group script = /usr/local/sbin/smbldap-usermod -g ‘%g’ ‘%u’
load printers = yes
log file = /var/log/samba/%m.log
max log size = 50
security = domain
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
idmap uid = 15000-80000
idmap gid = 15000-80000
template shell = /bin/false
winbind use default domain = no
ldap passwd sync = yes
logon path =
logon drive =
logon home =
logon script =
passwd program = /usr/local/sbin/smbldap-passwd -u %u
passwd chat = “Changing password for*\nNew password*” %n\n “*Retype new password*” %n\n”
log level = 0
syslog = 0
time server = Yes
printer admin = @”Print Operators”
load printers = Yes
create mask = 0640
directory mask = 0750
nt acl support = No
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
show add printer wizard = yes
preserve case = yes
short preserve case = yes
case sensitive = no
#================== EDP Share Definitions ===================
[edp_driver]
comment = directory edp driver
path = /s01/driver
valid users = @edp_driver
write list = @edp_driver
create mask = 0775
directory mask = 0775
Migrasi LDAP dari database ldbm ke bdb Mei 5, 2009
Posted by setijoagus in Linux.Tags: bdb, ldap, ldbm, migrasi, slapadd, slapcat
add a comment
====================================
SERVER LAMA [LDAP database ldbm ]
====================================
1. jalankan slapcat
# slapcat -l /home/oracle/test01.txt
2. pindahkan ke server baru
====================================
SERVER BARU [LDAP database bdb ]
====================================
1. matikan Authentication LDAP SERVER
# authconfig –disableldap –enableshadow –disableldapauth –ldapserver=127.0.0.1 –ldapbasedn=dc=ubslinux,dc=com –update
2. matikan service ldap
# service ldap stop
3. lakukan konfigurasi
# rm /var/lib/ldap/* -f
# cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
# slapadd -l test01.txt -f /etc/openldap/slapd.conf
# chown ldap.ldap /var/lib/ldap/*
4. hidupkan service ldap
# service ldap start
5. aktifkan Authentication LDAP SERVER
# authconfig –enableldap –enableshadow –enableldapauth –ldapserver=127.0.0.1 –ldapbasedn=dc=ubslinux,dc=com –update
DEADLOCK LINUX akibat Authentication LDAP SERVER Mei 5, 2009
Posted by setijoagus in Linux.Tags: ldap, linux deadlock
add a comment
Adakalanya setelah kita setup, agar server memiliki Authentication ke LDAP dan kebetulan server LDAP ada pada mesin yang sama, maka setelah server reboot, maka server seolah – olah deadlock, mengapa hal ini terjadi ?
TEST
1. mengaktifkan ldap & agar ldap setiap kali mesin hidup
# service ldap start
# chkconfig ldap on
2. setup agar Authentication ke LDAP
# setup
âââââââââ⤠Choose a Tool âââââââââââ
â â
â Authentication configuration â
â Firewall configuration â
â Keyboard configuration â
â Network configuration â
â System services â
â Timezone configuration â
â X configuration â
â â
â ââââââââââââ ââââââââ â
â â Run Tool â â Quit â â
â ââââââââââââ ââââââââ â
â â
â â
ââââââââââââââââââââââââââââââââââââ
âââââââââââââââââ⤠Authentication Configuration âââââââââââââââââââ
â â
â User Information Authentication â
â [ ] Cache Information [ ] Use MD5 Passwords â
â [ ] Use Hesiod [*] Use Shadow Passwords â
â [*] Use LDAP [*] Use LDAP Authentication â
â [ ] Use NIS [ ] Use Kerberos â
â [ ] Use Winbind [ ] Use SMB Authentication â
â [ ] Use Winbind Authentication â
â [ ] Local authorization is sufficient â
â â
â ââââââââââ ââââââââ â
â â Cancel â â Next â â
â ââââââââââ ââââââââ â
â â
â â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
ââââââââââââââââââ⤠LDAP Settings âââââââââââââââââââ
â â
â [ ] Use TLS â
â Server: ldap://127.0.0.1/_______________________ â
â Base DN: dc=ubslinux,dc=com______________________ â
â â
â ââââââââ ââââââ â
â â Back â â Ok â â
â ââââââââ ââââââ â
â â
â â
âââââââââââââââââââââââââââââââââââââââââââââââââââââ
3. test untuk reboot
# reboot
4. maka akan terjadi deadlock, mengatasi deadlock dengan cara :
a. booting dengan pilihan linux single
b. lakukan setup seperti langkah no 2, tetapi dengan menghilangkan Authentication ke LDAP
c. reboot ulang atau ketik exit
5. agar tidak terjadi deadlock setiap kali booting, maka dapat diatasi dengan cara mengedit service ldap
# vi /etc/init.d/ldap
case “$1″ in
start)
start
/usr/bin/authconfig –enableldap –enableshadow –enableldapauth –ldapserver=127.0.0.1 –ldapbasedn=dc=ubslinux,dc=com –update
RETVAL=$?
;;
stop)
stop
/usr/bin/authconfig –disableldap –enableshadow –disableldapauth –ldapserver=127.0.0.1 –ldapbasedn=dc=ubslinux,dc=com –update
###################################################################
# untuk perintah authconfig yang tidak menegenal perintah update
# diganti dengan kickstart [FC 4, 2, centos 4]
###################################################################
# vi /etc/init.d/ldap
case “$1″ in
start)
start
/usr/bin/authconfig –enableldap –enableshadow –enableldapauth –ldapserver=127.0.0.1 –ldapbasedn=dc=ubslinux,dc=com –kickstart
RETVAL=$?
;;
stop)
stop
/usr/bin/authconfig –disableldap –enableshadow –disableldapauth –ldapserver=127.0.0.1 –ldapbasedn=dc=ubslinux,dc=com –kickstart
6. jika karena sesuatu hal mesin reboot tidak normal dan belum sempat service ldap stop, maka langkah yang harus dijalankan langkah no 4
atau
a. setelah booting linux singgle
b. jalankan perintah
/usr/bin/authconfig –disableldap –enableshadow –disableldapauth –ldapserver=127.0.0.1 –ldapbasedn=dc=ubslinux,dc=com –update
