Hello List,
I am following up on a thread that was initiated by David Schibeci a few weeks back. He was trying to configure os/x machines to authenticate against fds.
I to will have to authenticate some os/x machines when I migrate over to fds. So I thought I should test it out.
Unfortunately I was not able to get it to work. All I am seeing in the system.log file are entries such as:
DSOpenNode(): dsOpenDirNode("/LDAPv3/ipaddress") == -14002 DSGetCurrentConfigInfo(): dsGetRecordEntry() == -14061
Not to informative.
Any ideas or suggestions will be greatly appreciated.
Thanks
For the record, I could only get MacOS 10.4 to authenticate against FDS, but this could be because I am using a non-standard port (390 + 637 for LDAP and LDAPS respectively).
The only trick I needed was when configuring your LDAP source, under the Security tab I needed to enable "Encrypt all packers (requires SSL or Kerberos).
It seems DirectoryServices was trying to initiate a SASL connected over SSL which would fail, but this could be to due to a non-standard port.
Cheers, David
On 01/04/2006, at 5:48 AM, Jim Summers wrote:
Hello List,
I am following up on a thread that was initiated by David Schibeci a few weeks back. He was trying to configure os/x machines to authenticate against fds.
I to will have to authenticate some os/x machines when I migrate over to fds. So I thought I should test it out.
Unfortunately I was not able to get it to work. All I am seeing in the system.log file are entries such as:
DSOpenNode(): dsOpenDirNode("/LDAPv3/ipaddress") == -14002 DSGetCurrentConfigInfo(): dsGetRecordEntry() == -14061
Not to informative.
Any ideas or suggestions will be greatly appreciated.
Thanks
Jim Summers School of Computer Science-University of Oklahoma
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
David Schibeci wrote:
For the record, I could only get MacOS 10.4 to authenticate against FDS, but this could be because I am using a non-standard port (390 + 637 for LDAP and LDAPS respectively).
At least you got it going. I am using standard ports. Here is something I found in my logs on the fds server:
[31/Mar/2006:13:56:42 -0600] conn=10197 fd=82 slot=82 SSL connection from 129.15.xx.xx to 129.15.xx.xx [31/Mar/2006:13:56:42 -0600] conn=10197 op=-1 fd=82 closed - Encountered end of file.
This only shows up when I edit the entry in DirectoryServices and commit the changes. Then I try an id command, which fails and I see the above message.
Any ideas what the eof means?
My ssl works between fds and other linux machines.
The only trick I needed was when configuring your LDAP source, under the Security tab I needed to enable "Encrypt all packers (requires SSL or Kerberos).
I will look for that. Thanks
Will post results.
Thanks again.
It seems DirectoryServices was trying to initiate a SASL connected over SSL which would fail, but this could be to due to a non-standard port.
Cheers, David
On 01/04/2006, at 5:48 AM, Jim Summers wrote:
Hello List,
I am following up on a thread that was initiated by David Schibeci a few weeks back. He was trying to configure os/x machines to authenticate against fds.
I to will have to authenticate some os/x machines when I migrate over to fds. So I thought I should test it out.
Unfortunately I was not able to get it to work. All I am seeing in the system.log file are entries such as:
DSOpenNode(): dsOpenDirNode("/LDAPv3/ipaddress") == -14002 DSGetCurrentConfigInfo(): dsGetRecordEntry() == -14061
Not to informative.
Any ideas or suggestions will be greatly appreciated.
Thanks --Jim Summers School of Computer Science-University of Oklahoma
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Jim Summers wrote:
David Schibeci wrote:
For the record, I could only get MacOS 10.4 to authenticate against FDS, but this could be because I am using a non-standard port (390 + 637 for LDAP and LDAPS respectively).
At least you got it going. I am using standard ports. Here is something I found in my logs on the fds server:
[31/Mar/2006:13:56:42 -0600] conn=10197 fd=82 slot=82 SSL connection from 129.15.xx.xx to 129.15.xx.xx [31/Mar/2006:13:56:42 -0600] conn=10197 op=-1 fd=82 closed - Encountered end of file.
This only shows up when I edit the entry in DirectoryServices and commit the changes. Then I try an id command, which fails and I see the above message.
Any ideas what the eof means?
My ssl works between fds and other linux machines.
The only trick I needed was when configuring your LDAP source, under the Security tab I needed to enable "Encrypt all packers (requires SSL or Kerberos).
I will look for that. Thanks
Will post results.
Finally got back to this machine. By enabling the "Encrypt all packers", I was able to successfully authenticate against the FDS.
Many Thanks!
Thanks again.
It seems DirectoryServices was trying to initiate a SASL connected over SSL which would fail, but this could be to due to a non-standard port.
Cheers, David
On 01/04/2006, at 5:48 AM, Jim Summers wrote:
Hello List,
I am following up on a thread that was initiated by David Schibeci a few weeks back. He was trying to configure os/x machines to authenticate against fds.
I to will have to authenticate some os/x machines when I migrate over to fds. So I thought I should test it out.
Unfortunately I was not able to get it to work. All I am seeing in the system.log file are entries such as:
DSOpenNode(): dsOpenDirNode("/LDAPv3/ipaddress") == -14002 DSGetCurrentConfigInfo(): dsGetRecordEntry() == -14061
Not to informative.
Any ideas or suggestions will be greatly appreciated.
Thanks --Jim Summers School of Computer Science-University of Oklahoma
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
389-users@lists.fedoraproject.org