- This topic is empty.
26. January 2008 at 5:28 #883
Has anyone successfully had a user login using the .ini file from ftp or the ldap module?
I have a Ubuntu server with vsftpd and directory for the ../wlx/ini files for each user and an OpenLDAP server using Wyse 5150SE, V50, and S50 Linux thin clients. The guest account won’t work and nothing happens with any user. My server logs shown NO HITS on ftp and no hits on the LDAP server. The thin client correctly reads in the wlx.ini config file. I am using the latest V6.3.1 system, have tried a manual setup of wlx.ini for pam auth and used ConfGen to check my syntax. I have reviewed all current Wyse docs, scoured the internet for info, sent email to Wyse; all to no avail. It would be nice to have a Wyse module for just plain Unix authentication. I get the feeling that not many people are using the Wyse Linux thin clients with Linux servers!
Thanks26. January 2008 at 10:16 #11473thinkthinMember
- Total Post: 1707
- Jacked into The Matrix
Yes you are most likely correct in that most use this with MS AD to connect via LDAP.
You say there are no hits on the FTP or LDAP server yet the device reads the ini file. Are you sure it is in fact reading the .ini? I can not see how if you do not see it connect to the ftp server? If you set a desktop colour via the wlx.ini does this change get picked up?
Also if you can use 6.3.2 build 52 as the latest firmware. You will also see much broader support for other LDAP directory’s soon,
-TT26. January 2008 at 14:01 #11475ConfGenKeymaster
- Total Post: 11109
- Jedi Master
Please also post your wlx.ini file so we can do some troubleshooting here.
CG29. January 2008 at 6:12 #11493
Thank you for your fast replies! I need to clarify that there were no FTP hits on the user.ini files. Also, most of my thin clients are 64MB of flash so I can’t use the latest and greatest Linux image for the 50L versions (128 MB). This did get me thinking about a corrupted image so I went back and loaded an older version 6.3.0 and tested and then upgraded to 6.3.1 and tested. I’m just trying to get one of these methods of authentication to work but ultimately would like the LDAP version but will try auth_domain on a Samba server also.
Here is what happened:
1. If auth_ldap module not present, guest account and myuser.ini work if NO password is used. This must be a problem with encryption. The FTP logs show hits on guest.ini and myuser.ini
2. If auth_ldap module present, nothing happens at login. There are no hits on the Linux FTP server and none on the Linux LDAP server.
Here is my wlx.ini file:
# wlx.ini file
# Authentication with pam stack and .ini files and LDAP
auth [default=ignore] /lib/security/pam_setpw.so
auth [success=2 default=ignore] /lib/security/pam_guest.so
auth [success=1 new_authtok_reqd=1 default=ignore] /lib/security/pam_inifile.so try_first_pass
auth [success=ok new_authtok_reqd=ok default=die] /lib/security/pam_ldap.so use_first_pass
auth [default=ok] /lib/security/pam_putregistry.so save_ini=/tmp/user.ini
LDAP.conf=SERVER=my.svr.ip.adr DCBASE=dc=myserver,dc=mydomain29. January 2008 at 13:14 #11502ConfGenKeymaster
- Total Post: 11109
- Jedi Master
try changing to this:
auth [ default=ignore ] /lib/security/pam_setpw.so
auth [ success=2 default=ignore ] /lib/security/pam_guest.so
auth [ success=1 new_authtok_reqd=1 default=ignore ] /lib/security/inifile.so try_first_pass
auth [ success=ok new_authtok_reqd=ok default=die ] /lib/security/pam_ldap.so use_first_pass
auth [ default=ok ] /lib/security/pam_putregistry.so save_ini=/tmp/user.ini
LDAP.conf=SERVER=my.svr.ip.adr DCBASE=mydom31. January 2008 at 5:11 #11556
Thank you ConfGen for the speedy reply. Alas, that config file did not work either and there are no hits on my Linux LDAP server. My next step is to try the auth_domain module with a Linux Samba server. I’ll also try to get the source code for the thin client (Wyse has never replied about this). These Wyse Linux thin clients are a somewhat “closed” system. I see no docs for what other variables that could be set in the LDAP.conf file and there are ALOT! I’m starting to rethink about using these Wyse thin clients. I see there has been no recent upgrades for the S50 and V50. A more viable long term solution might be a Ubuntu Linux server with Linux Terminal Server Project (LTSP-5) and recycling of old computers as thin clients. I’ve got alot to study . . . !
- You must be logged in to reply to this topic.