[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Mac OS X client authentification fails against Linux LDAP Server

Subject: Mac OS X client authentification fails against Linux LDAP Server
From: Diane Corcelle <email@hidden>
Date: Fri, 26 Jan 2007 15:04:14 +0100 (CET)
Delivered-to: email@hidden
Delivered-to: email@hidden
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.fr; h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=EheOMd2lHztH9arTyGsued9FPEvi20zvfA5c+nhZlr1hdGvpM1O6XX2dTgqNbQGmTu+e85blhKtGPEqvEx4DyOTE9hKkWzGSTc8sln2rEUoBthQYKX916VzImKnCjbFF61Idp6MMa6d+VAOdwQ1ue9mfjGm+11iyFgxFxCJ/rD4=;

Hi everyone !
I am working on a LDAP server project supposed to centralize authentification for users on both Linux and Mac OS X machines. All was working well (login ok) until I change the structure of LDIF --I am not sure it is the reason why but it doesn't work anymore. The only thing I got in logs is on the side of the client Mac and says : "Authenticate failure". No firewalls. No active SE Linux. Login ldap user via root (no password required) works fine. Login ldap user on a linux host works too.
I have no idea of what happened and how to solve it.

Here are the ldap.conf and slapd.conf :

---------ldap.conf
base o=iutinfo.unice,c=fr
uri ldap://ldapserver.iutunice.fr :389/
ldap_version 3
port 389
scope sub

timelimit 10
bind_timelimit 10
nss_reconnect_tries 2
idle_timelimit 30
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute gidNumber

pam_password md5
pam_password exop
nss_base_passwd o=iutinfo.unice,c=fr?sub
nss_base_shadow o=iutinfo.unice,c=fr?sub
nss_base_group o=iutinfo.unice ,c=fr?one
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon
nss_map_attribute userPassword authPassword
tls_checkpeer no
ssl no

TLS_CACERTDIR /etc/openldap/cacerts
URI ldap://ldapserver.iutunice.fr :389/
BASE o=iut.unice,c=fr
------------------------------

---

--slapd.conf

include         /etc/openldap/schema/core .schema
include         /etc/openldap/schema/cosine .schema
include         /etc/openldap/schema/inetorgper son.schema
include         /etc/openldap/schema/nis.schema
allow bind_v2
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args
access to *
        by dn="cn=rootld,o=iutinfo.unice,c=fr" write
        by users write
        by anonymous read
        by * read

database        bdb
suffix          "o=iutinfo.unice, c=fr"
rootdn          "cn=rootld, o= iutinfo.unice, c=fr"
rootpw          {crypt}nW.mKx6vB1KHY

directory       /var/lib/ldap
index objectClass                        eq,pres
index ou,cn,mail,surname,givenname       eq,pres,sub
index uidNumber,gidNumber,loginShell     eq,pres
index uid,memberUid                      eq,pres,sub
index nisMapName,nisMapEntry             eq,pres,sub

------

Does anyone know how I can make it work ?

Warmy regards.
Diane

Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses.

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Client-management mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/client-management/email@hidden

This email sent to email@hidden

Prev by Date: Re: can't add Treasure Hunt application to groups
Next by Date: Re: Error Code -35 when using AFP
Previous by thread: Re: Error Code -35 when using AFP
Next by thread: MS Word 2004 and wireless ibooks
Index(es):
- Date
- Thread

Home