FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

LinkBack Thread Tools
Old 05-19-2010, 10:45 AM
Roland Schwingel
Default SASL auth problem on bind with Mac OS X 10.4


With Mac OS X 10.4 I got a problem when
user wants to log in into an account hosted in 389ds.

I presumably tracked the problem down
to a SASL auth problem.

Using wireshark I recorded the traffic
between my mac os x 10.4 machine and my 389ds server.

On logon the mac tries a bind without
binddn but with SASL auth (mechanism CRAM-MD5).

Mac -> 389DS: *bindrequest with
CRAM-MD5 to get credentials

389DS -> Mac: bindresponse with md5
credentials (eg. "<3051212195.15971967@host.domain>")

Mac -> 389DS: bindrequest CRAM-MD5
with user and hashed password (eg. "roland b98c....")

389DS -> MAC: bindresponse invalidcredentials
("SASL(-13): user not found: no secret in database")

Mac says sorry no logon...

With Mac OS X 10.5/10.6 it works. It
also tries the CRAM-MD5 SASL auth. But when it failes it alternatively
tries a bind with a binddn (eg. "uid=roland,ou=people,dc=domain")
which is successful. Unfortunately I have a bigger amount of mac os x 10.4
machines which I cannot migrate to 10.5 oder later so I need to support
this. I yet did not find a way to convince mac os x 10.4 to use a binddn
for auth.

Any clue what is wrong here? Is this
a SASL uid mapping problem or is it because the user passwords are stored
SSHA hashed? I already tried to change the stored password from SSHA to
MD5, but it does not help SASL auth fails with the same error message.
Or is this a hash comparison problem?

Thanks in advance,


389 users mailing list

Thread Tools

All times are GMT. The time now is 05:48 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org