Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora Directory (http://www.linux-archive.org/fedora-directory/)
-   -   "no mechanism available" from CLI (http://www.linux-archive.org/fedora-directory/532510-no-mechanism-available-cli.html)

Andreas-Johann Ulvestad 05-30-2011 02:44 PM

"no mechanism available" from CLI
 
Short story:
After setting up 389 and adding users I attempt to run ldappasswd on a
test user. The error message I get is:
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:


Long story:
I installed Fedora 15 and then 389 via yum. All packages were downloaded
without any problems and setup-ds-admin.pl had no problems either. I
then launched the admin console and added two test users with POSIX
accounts.

After this, I launched authconfig-tui and configured it as so:
User Information: Cache, use LDAP
Authentication: shadow passwords, LDAP auth, local auth sufficient
No TLS
Server ldap://localhost
Base DN: dc=k,dc=unicornis,dc=no

As said earlier, ldappasswd doesn't work (I use ldappasswrd -h
localhost). However, ldapsearch works (see attached output).

I appreciate any feedback on how to start debugging this :-).

[root@cnc ~]# /usr/bin/ldapsearch -x -h localhost -s base -b "" "objectclass=*"
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: objectclass=*
# requesting: ALL
#

#
dn:
objectClass: top
namingContexts: o=netscaperoot
namingContexts: dc=k,dc=unicornis,dc=no
supportedExtension: 2.16.840.1.113730.3.5.7
supportedExtension: 2.16.840.1.113730.3.5.8
supportedExtension: 2.16.840.1.113730.3.5.10
supportedExtension: 2.16.840.1.113730.3.5.3
supportedExtension: 2.16.840.1.113730.3.5.12
supportedExtension: 2.16.840.1.113730.3.5.5
supportedExtension: 2.16.840.1.113730.3.5.6
supportedExtension: 2.16.840.1.113730.3.5.9
supportedExtension: 2.16.840.1.113730.3.5.4
supportedExtension: 1.3.6.1.4.1.4203.1.11.1
supportedControl: 2.16.840.1.113730.3.4.2
supportedControl: 2.16.840.1.113730.3.4.3
supportedControl: 2.16.840.1.113730.3.4.4
supportedControl: 2.16.840.1.113730.3.4.5
supportedControl: 1.2.840.113556.1.4.473
supportedControl: 2.16.840.1.113730.3.4.9
supportedControl: 2.16.840.1.113730.3.4.16
supportedControl: 2.16.840.1.113730.3.4.15
supportedControl: 2.16.840.1.113730.3.4.17
supportedControl: 2.16.840.1.113730.3.4.19
supportedControl: 1.3.6.1.4.1.42.2.27.8.5.1
supportedControl: 1.3.6.1.4.1.42.2.27.9.5.2
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.3.6.1.4.1.4203.666.5.16
supportedControl: 2.16.840.1.113730.3.4.14
supportedControl: 2.16.840.1.113730.3.4.20
supportedControl: 1.3.6.1.4.1.1466.29539.12
supportedControl: 2.16.840.1.113730.3.4.12
supportedControl: 2.16.840.1.113730.3.4.18
supportedControl: 2.16.840.1.113730.3.4.13
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: ANONYMOUS
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: DIGEST-MD5
supportedLDAPVersion: 2
supportedLDAPVersion: 3
vendorName: 389 Project
vendorVersion: 389-Directory/1.2.8.3 B2011.122.1634
dataversion: 020110530094121
netscapemdsuffix: cn=ldap://dc=cnc,dc=k,dc=unicornis,dc=no:389

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Angel Bosch Mora 05-30-2011 10:23 PM

"no mechanism available" from CLI
 
for certain operations you must configure a certificate on server and client.

there's a couple of howtos on the wiki about that.


----- Missatge original -----
> Short story:
> After setting up 389 and adding users I attempt to run ldappasswd on a
> test user. The error message I get is:
> SASL/EXTERNAL authentication started
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
> additional info: SASL(-4): no mechanism available:
>
>
> Long story:
> I installed Fedora 15 and then 389 via yum. All packages were
> downloaded without any problems and setup-ds-admin.pl had no problems
> either. I
> then launched the admin console and added two test users with POSIX
> accounts.
>
> After this, I launched authconfig-tui and configured it as so:
> User Information: Cache, use LDAP
> Authentication: shadow passwords, LDAP auth, local auth sufficient
> No TLS
> Server ldap://localhost
> Base DN: dc=k,dc=unicornis,dc=no
>
> As said earlier, ldappasswd doesn't work (I use ldappasswrd -h
> localhost). However, ldapsearch works (see attached output).
>
> I appreciate any feedback on how to start debugging this :-).
>
>
> -- 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Rich Megginson 05-31-2011 02:00 PM

"no mechanism available" from CLI
 
On 05/30/2011 08:44 AM, Andreas-Johann Ulvestad wrote:

Short story:
After setting up 389 and adding users I attempt to run ldappasswd on a
test user. The error message I get is:
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:


Long story:
I installed Fedora 15 and then 389 via yum. All packages were downloaded
without any problems and setup-ds-admin.pl had no problems either. I
then launched the admin console and added two test users with POSIX
accounts.

After this, I launched authconfig-tui and configured it as so:
User Information: Cache, use LDAP
Authentication: shadow passwords, LDAP auth, local auth sufficient
No TLS
Server ldap://localhost
Base DN: dc=k,dc=unicornis,dc=no

As said earlier, ldappasswd doesn't work (I use ldappasswrd -h
localhost). However, ldapsearch works (see attached output).

I appreciate any feedback on how to start debugging this :-).


When using the /usr/bin/ldap* commands, you must pass the -x
argument to disable SASL and use simple bind.






--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users





--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


All times are GMT. The time now is 09:49 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.