Hi List
After having installed Directory Server with no problems and created a test user account I then go ahead to configure a client to test the authentication to my new directory server, sadly after a reboot I can't login with my new user account that I created, I have spent a few days reading up about what the problem may be but until now I have had very little joy.
If I try ldapsearch -v then I get error message: SASL/EXTERNAL authentication started Ldap_sasl_interactive_bind_s:unknown authentication method (-6) additional info: SASL(-4): no mechanism available: If i use ldapsearch -x then I get the output of a ldif file with all groups, users and domains available so there is apparently nothing rong with the communication, I truly belive that this is a security problem that sits somewhere but I have no idea.
Could anyone give me some pointers to how I could fix this problem?
Regards Per Qvindesland
Hello again list
I am coming a bit to my wits end on this one, let me rather top post my own post :)
After having configured the client machine to authenticate and to look for users on the directory server and then try to login into a user that sits on the directory server then I get a error message saying that there is no such user, is there any special configuration that needs to be done to get the directory server to authenticate on a standard install on both the directory server and the client?
Regards Per
On 1/28/09 10:53 AM, "Per Qvindesland" per@norhex.com wrote:
Hi List
After having installed Directory Server with no problems and created a test user account I then go ahead to configure a client to test the authentication to my new directory server, sadly after a reboot I can't login with my new user account that I created, I have spent a few days reading up about what the problem may be but until now I have had very little joy.
If I try ldapsearch -v then I get error message: SASL/EXTERNAL authentication started Ldap_sasl_interactive_bind_s:unknown authentication method (-6) additional info: SASL(-4): no mechanism available: If i use ldapsearch -x then I get the output of a ldif file with all groups, users and domains available so there is apparently nothing rong with the communication, I truly belive that this is a security problem that sits somewhere but I have no idea.
Could anyone give me some pointers to how I could fix this problem?
Regards Per Qvindesland
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Per Qvindesland wrote:
Hi List
After having installed Directory Server with no problems and created a test user account I then go ahead to configure a client to test the authentication to my new directory server, sadly after a reboot I can't login with my new user account that I created, I have spent a few days reading up about what the problem may be but until now I have had very little joy.
If I try ldapsearch -v then I get error message: SASL/EXTERNAL authentication started Ldap_sasl_interactive_bind_s:unknown authentication method (-6) additional info: SASL(-4): no mechanism available:
This is because the openldap ldapsearch client attempts SASL authentication by default. You have to specify -x to make it use simple (username/password or anonymous) authentication.
If i use ldapsearch -x then I get the output of a ldif file with all groups, users and domains available so there is apparently nothing rong with the communication, I truly belive that this is a security problem that sits somewhere but I have no idea.
I don't think this is a security problem.
Could anyone give me some pointers to how I could fix this problem?
Regards Per Qvindesland
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Hi
Thanks so much for responding to my post.
I managed to find out this but from what I don't get is why after having installed and configured clients to authenticate towards the server correctly they still don't do it, I have looked for any log files that could give me some clue of what I have done rong but no luck the error log in the admin interface says nothing that is of use, I have also read the manual from one side to the other but I can not find anything that tells me what steps that I have been forgetting.
Is there any error logs that it generats that it generates that can give me some more clues?
Regards Per Qvindesland
On 1/28/09 4:37 PM, "Rich Megginson" rmeggins@redhat.com wrote:
Per Qvindesland wrote:
Hi List
After having installed Directory Server with no problems and created a test user account I then go ahead to configure a client to test the authentication to my new directory server, sadly after a reboot I can't login with my new user account that I created, I have spent a few days reading up about what the problem may be but until now I have had very little joy.
If I try ldapsearch -v then I get error message: SASL/EXTERNAL authentication started Ldap_sasl_interactive_bind_s:unknown authentication method (-6) additional info: SASL(-4): no mechanism available:
This is because the openldap ldapsearch client attempts SASL authentication by default. You have to specify -x to make it use simple (username/password or anonymous) authentication.
If i use ldapsearch -x then I get the output of a ldif file with all groups, users and domains available so there is apparently nothing rong with the communication, I truly belive that this is a security problem that sits somewhere but I have no idea.
I don't think this is a security problem.
Could anyone give me some pointers to how I could fix this problem?
Regards Per Qvindesland
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Per Qvindesland wrote:
Hi
Thanks so much for responding to my post.
I managed to find out this but from what I don't get is why after having installed and configured clients to authenticate towards the server correctly they still don't do it, I have looked for any log files that could give me some clue of what I have done rong but no luck the error log in the admin interface says nothing that is of use, I have also read the manual from one side to the other but I can not find anything that tells me what steps that I have been forgetting.
Is there any error logs that it generats that it generates that can give me some more clues?
I'm not sure where pam and nss log - possibly /var/log/secure You can see what searches are being performed against the directory server by looking at /var/log/dirsrv/slapd-yourinstance/access
Regards Per Qvindesland
On 1/28/09 4:37 PM, "Rich Megginson" rmeggins@redhat.com wrote:
Per Qvindesland wrote:
Hi List
After having installed Directory Server with no problems and created a test user account I then go ahead to configure a client to test the authentication to my new directory server, sadly after a reboot I can't login with my new user account that I created, I have spent a few days reading up about what the problem may be but until now I have had very little joy.
If I try ldapsearch -v then I get error message: SASL/EXTERNAL authentication started Ldap_sasl_interactive_bind_s:unknown authentication method (-6) additional info: SASL(-4): no mechanism available:
This is because the openldap ldapsearch client attempts SASL authentication by default. You have to specify -x to make it use simple (username/password or anonymous) authentication.
If i use ldapsearch -x then I get the output of a ldif file with all groups, users and domains available so there is apparently nothing rong with the communication, I truly belive that this is a security problem that sits somewhere but I have no idea.
I don't think this is a security problem.
Could anyone give me some pointers to how I could fix this problem?
Regards Per Qvindesland
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Hi
Thanks again for the response.
I have managed to find some logs now that to Rich's message but I am unsure of what they mean: [30/Jan/2009:10:28:49 -0500] conn=46 fd=66 slot=66 connection from 83.140.187.52 to 83.140.187.43 [30/Jan/2009:10:28:49 -0500] conn=46 op=0 BIND dn="" method=128 version=3 [30/Jan/2009:10:28:49 -0500] conn=46 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [30/Jan/2009:10:28:49 -0500] conn=46 op=1 SRCH base="dc=sms,dc=mycompany,dc=com" scope=2 filter="(&(objectClass=posixAccount)(uid=pq))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [30/Jan/2009:10:28:49 -0500] conn=46 op=1 RESULT err=0 tag=101 nentries=0 etime=0 [30/Jan/2009:10:28:49 -0500] conn=46 op=-1 fd=66 closed - B1
Does any one have any idea?
Regards Per Qvindesland
On 1/29/09 4:18 PM, "Rich Megginson" rmeggins@redhat.com wrote:
Per Qvindesland wrote:
Hi
Thanks so much for responding to my post.
I managed to find out this but from what I don't get is why after having installed and configured clients to authenticate towards the server correctly they still don't do it, I have looked for any log files that could give me some clue of what I have done rong but no luck the error log in the admin interface says nothing that is of use, I have also read the manual from one side to the other but I can not find anything that tells me what steps that I have been forgetting.
Is there any error logs that it generats that it generates that can give me some more clues?
I'm not sure where pam and nss log - possibly /var/log/secure You can see what searches are being performed against the directory server by looking at /var/log/dirsrv/slapd-yourinstance/access
Regards Per Qvindesland
On 1/28/09 4:37 PM, "Rich Megginson" rmeggins@redhat.com wrote:
Per Qvindesland wrote:
Hi List
After having installed Directory Server with no problems and created a test user account I then go ahead to configure a client to test the authentication to my new directory server, sadly after a reboot I can't login with my new user account that I created, I have spent a few days reading up about what the problem may be but until now I have had very little joy.
If I try ldapsearch -v then I get error message: SASL/EXTERNAL authentication started Ldap_sasl_interactive_bind_s:unknown authentication method (-6) additional info: SASL(-4): no mechanism available:
This is because the openldap ldapsearch client attempts SASL authentication by default. You have to specify -x to make it use simple (username/password or anonymous) authentication.
If i use ldapsearch -x then I get the output of a ldif file with all groups, users and domains available so there is apparently nothing rong with the communication, I truly belive that this is a security problem that sits somewhere but I have no idea.
I don't think this is a security problem.
Could anyone give me some pointers to how I could fix this problem?
Regards Per Qvindesland
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Per Qvindesland wrote:
Hi
Thanks again for the response.
I have managed to find some logs now that to Rich's message but I am unsure of what they mean: [30/Jan/2009:10:28:49 -0500] conn=46 fd=66 slot=66 connection from 83.140.187.52 to 83.140.187.43 [30/Jan/2009:10:28:49 -0500] conn=46 op=0 BIND dn="" method=128 version=3
Bind as anonymous (dn="")
[30/Jan/2009:10:28:49 -0500] conn=46 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
Result is good (err=0)
[30/Jan/2009:10:28:49 -0500] conn=46 op=1 SRCH base="dc=sms,dc=mycompany,dc=com" scope=2 filter="(&(objectClass=posixAccount)(uid=pq))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass"
Search for user uid=pq with objectClass=posixAccount anywhere under dc=sms,dc=mycompany,dc=com and return the attributes uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
[30/Jan/2009:10:28:49 -0500] conn=46 op=1 RESULT err=0 tag=101 nentries=0 etime=0
There were no errors (err=0), but no entries were found that matched.
[30/Jan/2009:10:28:49 -0500] conn=46 op=-1 fd=66 closed - B1
Does any one have any idea?
Regards Per Qvindesland
On 1/29/09 4:18 PM, "Rich Megginson" rmeggins@redhat.com wrote:
Per Qvindesland wrote:
Hi
Thanks so much for responding to my post.
I managed to find out this but from what I don't get is why after having installed and configured clients to authenticate towards the server correctly they still don't do it, I have looked for any log files that could give me some clue of what I have done rong but no luck the error log in the admin interface says nothing that is of use, I have also read the manual from one side to the other but I can not find anything that tells me what steps that I have been forgetting.
Is there any error logs that it generats that it generates that can give me some more clues?
I'm not sure where pam and nss log - possibly /var/log/secure You can see what searches are being performed against the directory server by looking at /var/log/dirsrv/slapd-yourinstance/access
Regards Per Qvindesland
On 1/28/09 4:37 PM, "Rich Megginson" rmeggins@redhat.com wrote:
Per Qvindesland wrote:
Hi List
After having installed Directory Server with no problems and created a test user account I then go ahead to configure a client to test the authentication to my new directory server, sadly after a reboot I can't login with my new user account that I created, I have spent a few days reading up about what the problem may be but until now I have had very little joy.
If I try ldapsearch -v then I get error message: SASL/EXTERNAL authentication started Ldap_sasl_interactive_bind_s:unknown authentication method (-6) additional info: SASL(-4): no mechanism available:
This is because the openldap ldapsearch client attempts SASL authentication by default. You have to specify -x to make it use simple (username/password or anonymous) authentication.
If i use ldapsearch -x then I get the output of a ldif file with all groups, users and domains available so there is apparently nothing rong with the communication, I truly belive that this is a security problem that sits somewhere but I have no idea.
I don't think this is a security problem.
Could anyone give me some pointers to how I could fix this problem?
Regards Per Qvindesland
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
389-users@lists.fedoraproject.org
-
Per Qvindesland -
Rich Megginson