saslauthd won't work
Hi!
Just a little problem about saslauthd with 389. When I try to execute: ldapsearch -d 1 -D "cn=Directory Manager" -h dirsrv01.dominio -w secret -ZZ '(uid=u01209)' it returns ldap_sasl_interactive_bind_s: server supports: EXTERNAL GSSAPI PLAIN LOGIN CRAM-MD5 ANONYMOUS DIGEST-MD5 ldap_int_sasl_bind: EXTERNAL GSSAPI PLAIN LOGIN CRAM-MD5 ANONYMOUS DIGEST-MD5 ldap_int_sasl_open: host=dirsrv01.dominio SASL/EXTERNAL authentication started ldap_perror ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available: I configured /etc/sysconfig/saslauthd in this way ------------------------- # Directory in which to place saslauthd's listening socket, pid file, and so # on. This directory must already exist. SOCKETDIR=/var/run/saslauthd # Mechanism to use when checking passwords. Run "saslauthd -v" to get a list # of which mechanism your installation was compiled with the ablity to use. # MECH=pam MECH=ldap START=yes # Additional flags to pass to saslauthd on the command line. See saslauthd(8) # for the list of accepted flags. FLAGS= --------------------------------------------------- What it's wrong?? This is the configuration of /etc/openldap/ldap.conf ------------------------------------------ #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never URI ldap://dirsrv01.dominio/ BASE dc=dominio TLS_CACERTDIR /etc/openldap/cacerts TLS_REQCERT allow ssl tls_start --------------------------------------------------------- Any Idea? Regards -- ------------------------------------------- Gioachino Bartolotta ICQ #: 9103167 MSN Messenger: astraroth@email.it Yahoo & Skype: gioachino_bartolotta -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
saslauthd won't work
On 06/15/2011 07:02 AM, Gioachino Bartolotta wrote:
> Hi! > > Just a little problem about saslauthd with 389. > When I try to execute: > > ldapsearch -d 1 -D "cn=Directory Manager" -h dirsrv01.dominio -w > secret -ZZ '(uid=u01209)' > > it returns > > ldap_sasl_interactive_bind_s: server supports: EXTERNAL GSSAPI PLAIN > LOGIN CRAM-MD5 ANONYMOUS DIGEST-MD5 > ldap_int_sasl_bind: EXTERNAL GSSAPI PLAIN LOGIN CRAM-MD5 ANONYMOUS DIGEST-MD5 > ldap_int_sasl_open: host=dirsrv01.dominio > SASL/EXTERNAL authentication started > ldap_perror > ldap_sasl_interactive_bind_s: Unknown authentication method (-6) > additional info: SASL(-4): no mechanism available: > > > I configured /etc/sysconfig/saslauthd in this way > ------------------------- > # Directory in which to place saslauthd's listening socket, pid file, and so > # on. This directory must already exist. > SOCKETDIR=/var/run/saslauthd > > # Mechanism to use when checking passwords. Run "saslauthd -v" to get a list > # of which mechanism your installation was compiled with the ablity to use. > # MECH=pam > MECH=ldap > START=yes > # Additional flags to pass to saslauthd on the command line. See saslauthd(8) > # for the list of accepted flags. > FLAGS= > --------------------------------------------------- > > What it's wrong?? I'm not sure. What are you using saslauthd for? Are you trying to allow clients to use simple bind with their Kerberos passwords, rather than use the password in the LDAP server? If so, then you should use 389 with the PAM Pass-Through Auth plugin, and setup pam_krb5. > This is the configuration of /etc/openldap/ldap.conf > ------------------------------------------ > #SIZELIMIT 12 > #TIMELIMIT 15 > #DEREF never > URI ldap://dirsrv01.dominio/ > BASE dc=dominio > TLS_CACERTDIR /etc/openldap/cacerts > TLS_REQCERT allow > ssl tls_start > --------------------------------------------------------- > > Any Idea? > > Regards -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
saslauthd won't work
On 06/15/2011 09:45 AM, Gioachino Bartolotta wrote:
> Hi, > > no, I don't wanna use saslauthd with kerberos, but just authenticate > users against ldap using tls or ssl ... > Tried to configure samba using ldaps --- and it didn't work. > > smbd[10001]: Failed to issue the StartTLS instruction: Operations error > > Any Idea?? > > Thank you! > > 2011/6/15 Rich Megginson<rmeggins@redhat.com>: >> On 06/15/2011 07:02 AM, Gioachino Bartolotta wrote: >>> Hi! >>> >>> Just a little problem about saslauthd with 389. >>> When I try to execute: >>> >>> ldapsearch -d 1 -D "cn=Directory Manager" -h dirsrv01.dominio -w >>> secret -ZZ '(uid=u01209)' >>> >>> it returns >>> >>> ldap_sasl_interactive_bind_s: server supports: EXTERNAL GSSAPI PLAIN >>> LOGIN CRAM-MD5 ANONYMOUS DIGEST-MD5 >>> ldap_int_sasl_bind: EXTERNAL GSSAPI PLAIN LOGIN CRAM-MD5 ANONYMOUS >>> DIGEST-MD5 >>> ldap_int_sasl_open: host=dirsrv01.dominio >>> SASL/EXTERNAL authentication started >>> ldap_perror >>> ldap_sasl_interactive_bind_s: Unknown authentication method (-6) >>> additional info: SASL(-4): no mechanism available: You did not specify the -x option - are you trying to use some form of SASL auth, or are you trying to use simple (i.e userDN/password) auth? If the latter, you have to specify the -x option. >>> >>> I configured /etc/sysconfig/saslauthd in this way >>> ------------------------- >>> # Directory in which to place saslauthd's listening socket, pid file, and >>> so >>> # on. This directory must already exist. >>> SOCKETDIR=/var/run/saslauthd >>> >>> # Mechanism to use when checking passwords. Run "saslauthd -v" to get a >>> list >>> # of which mechanism your installation was compiled with the ablity to >>> use. >>> # MECH=pam >>> MECH=ldap >>> START=yes >>> # Additional flags to pass to saslauthd on the command line. See >>> saslauthd(8) >>> # for the list of accepted flags. >>> FLAGS= >>> --------------------------------------------------- >>> >>> What it's wrong?? >> I'm not sure. What are you using saslauthd for? Are you trying to allow >> clients to use simple bind with their Kerberos passwords, rather than use >> the password in the LDAP server? If so, then you should use 389 with the >> PAM Pass-Through Auth plugin, and setup pam_krb5. >>> This is the configuration of /etc/openldap/ldap.conf >>> ------------------------------------------ >>> #SIZELIMIT 12 >>> #TIMELIMIT 15 >>> #DEREF never >>> URI ldap://dirsrv01.dominio/ >>> BASE dc=dominio >>> TLS_CACERTDIR /etc/openldap/cacerts >>> TLS_REQCERT allow >>> ssl tls_start >>> --------------------------------------------------------- >>> >>> Any Idea? >>> >>> Regards >> > > -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
saslauthd won't work
On 06/15/2011 08:02 AM, Gioachino Bartolotta wrote:
> ldapsearch -d 1 -D "cn=Directory Manager" -h dirsrv01.dominio -w > secret -ZZ '(uid=u01209)' If you are using the OpenLDAP ldapsearch, you might need to try: ldapsearch -Y GSSAPI (then the rest of your search) -- Anthony - http://messinet.com - http://messinet.com/~amessina/gallery 8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
| All times are GMT. The time now is 07:21 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.