Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    DBus not working with Kerberos-LDAP user accounts

    Hi. I have some boxes running PCLinuxOS 2007, authenticating against a Kerberos-LDAP server (Windows 2003 with SFU) that stores user and group info (UID, GID, home dir, group membership, and shell). These users have UID's starting from 10000.
    My problem is that, when i log in with local accounts (that is, those stored in /etc/passwd on each computer), DBus works perfectly for all users, with no need of making them members of any group. typing "lshal" at the console gives me a list of the system devices. But when I log in with a domain user (those stored in the LDAP server), DBus seems not to work. "lshal" gives me the following error:

    error: dbus_bus_get: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. 
    Possible causes include: the remote application did not send a reply, the message bus security
    policy blocked the reply, the reply timeout expired, or the network connection was broken.
    Any ideas on what could be the problem, and how to fix it?
    Thank you very much in advance!

  2. #2
    At a console type check the attributes of local users to LDAP users.

    #id localuser will give a list of groups the user has.

    #id remoteuser and compare the group memberships.

    #getent group will show you a list of local and remote groups. Check to see if the remote groups list any members.



  3. #3
    Thank you very much.
    My problem is that, no matter how I configure HAL policies, it behaves as if the user had denied access to USB devices. Even if I allow, by default, access to USB for all users, it still doesn't work for Kerberos-authenticated users.
    I think it has to be a bug. Actually, I have tried setting up NIS authentication, with the same remote users and groups, and HAL works perfectly. The problem is only when users are authenticated via Kerberos.

    So far, I have found a workaround: make my network authenticate with NIS, instead of Kerberos. Since I havent' yet finished configuring this network, it is not a problem to make it as I want. I think NIS will avoid me more problems in the future.

    Thanks again. Cheers.

  4. $spacer_open

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts