authenticating user with .ini file or LDAP on Linux server?

  • This topic is empty.
Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #883
    Avatarcaptron
    Member
    • Total Post: 7
    • Newbie

    Has anyone successfully had a user login using the .ini file from ftp or the ldap module?
    I have a Ubuntu server with vsftpd and directory for the ../wlx/ini files for each user and an OpenLDAP server using Wyse 5150SE, V50, and S50 Linux thin clients. The guest account won’t work and nothing happens with any user. My server logs shown NO HITS on ftp and no hits on the LDAP server. The thin client correctly reads in the wlx.ini config file. I am using the latest V6.3.1 system, have tried a manual setup of wlx.ini for pam auth and used ConfGen to check my syntax. I have reviewed all current Wyse docs, scoured the internet for info, sent email to Wyse; all to no avail. It would be nice to have a Wyse module for just plain Unix authentication. I get the feeling that not many people are using the Wyse Linux thin clients with Linux servers!
    Please help!
    Thanks

    #11473
    Avatarthinkthin
    Member
    • Total Post: 1707
    • Jacked into The Matrix
    • ★★★★★★

    Hi Captron,

    Yes you are most likely correct in that most use this with MS AD to connect via LDAP.

    You say there are no hits on the FTP or LDAP server yet the device reads the ini file. Are you sure it is in fact reading the .ini? I can not see how if you do not see it connect to the ftp server? If you set a desktop colour via the wlx.ini does this change get picked up?

    Also if you can use 6.3.2 build 52 as the latest firmware. You will also see much broader support for other LDAP directory’s soon,

    Cheers,
    -TT

    #11475
    ConfGenConfGen
    Keymaster
    • Total Post: 11109
    • Jedi Master
    • ★★★★★★★

    Please also post your wlx.ini file so we can do some troubleshooting here.

    CG

    #11493
    Avatarcaptron
    Member
    • Total Post: 7
    • Newbie

    Thank you for your fast replies! I need to clarify that there were no FTP hits on the user.ini files. Also, most of my thin clients are 64MB of flash so I can’t use the latest and greatest Linux image for the 50L versions (128 MB). This did get me thinking about a corrupted image so I went back and loaded an older version 6.3.0 and tested and then upgraded to 6.3.1 and tested. I’m just trying to get one of these methods of authentication to work but ultimately would like the LDAP version but will try auth_domain on a Samba server also.

    Here is what happened:
    1. If auth_ldap module not present, guest account and myuser.ini work if NO password is used. This must be a problem with encryption. The FTP logs show hits on guest.ini and myuser.ini

    2. If auth_ldap module present, nothing happens at login. There are no hits on the Linux FTP server and none on the Linux LDAP server.

    Here is my wlx.ini file:

    # wlx.ini file

    SignOn=yes

    # Authentication with pam stack and .ini files and LDAP
    #
    AUTH=glogin
    auth [default=ignore] /lib/security/pam_setpw.so
    auth [success=2 default=ignore] /lib/security/pam_guest.so
    auth [success=1 new_authtok_reqd=1 default=ignore] /lib/security/pam_inifile.so try_first_pass
    auth [success=ok new_authtok_reqd=ok default=die] /lib/security/pam_ldap.so use_first_pass
    auth [default=ok] /lib/security/pam_putregistry.so save_ini=/tmp/user.ini

    LDAP.conf=SERVER=my.svr.ip.adr DCBASE=dc=myserver,dc=mydomain

    #11502
    ConfGenConfGen
    Keymaster
    • Total Post: 11109
    • Jedi Master
    • ★★★★★★★

    try changing to this:

    AUTH= glogin
    auth [ default=ignore ] /lib/security/pam_setpw.so
    auth [ success=2 default=ignore ] /lib/security/pam_guest.so
    auth [ success=1 new_authtok_reqd=1 default=ignore ] /lib/security/inifile.so try_first_pass
    auth [ success=ok new_authtok_reqd=ok default=die ] /lib/security/pam_ldap.so use_first_pass
    auth [ default=ok ] /lib/security/pam_putregistry.so save_ini=/tmp/user.ini
    LDAP.conf=SERVER=my.svr.ip.adr DCBASE=mydom

    #11556
    Avatarcaptron
    Member
    • Total Post: 7
    • Newbie

    Thank you ConfGen for the speedy reply. Alas, that config file did not work either and there are no hits on my Linux LDAP server. My next step is to try the auth_domain module with a Linux Samba server. I’ll also try to get the source code for the thin client (Wyse has never replied about this). These Wyse Linux thin clients are a somewhat “closed” system. I see no docs for what other variables that could be set in the LDAP.conf file and there are ALOT! I’m starting to rethink about using these Wyse thin clients. I see there has been no recent upgrades for the S50 and V50. A more viable long term solution might be a Ubuntu Linux server with Linux Terminal Server Project (LTSP-5) and recycling of old computers as thin clients. I’ve got alot to study . . . !

Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.