Fedora 14: GDM, sssd and LDAP authentication

Rick Stevens ricks at nerd.com
Wed Nov 10 20:08:42 UTC 2010


On 11/10/2010 11:14 AM, Stephen Gallagher wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 11/10/2010 10:18 AM, Bernd Nies wrote:
>>
>>
>>
>> Hi Stephen,
>>
>> Here's the log output of the various sssd logfiles.
> ...
>> (Wed Nov 10 16:46:03 2010) [sssd[be[LDAP]]] [simple_bind_done] (3): Bind
>> result: Invalid credentials(49), (null)
>
>
> This message says that the credentials presented by the client are being
> denied by the server. Usually, this means that you mistyped the password.

Actually, that means that the client isn't binding to the LDAP server.
Anonymous simple binds were disabled by default a while ago with LDAP
V3.

Check the slapd.conf for the LDAP server.  To permit classic anonymous
simple binds, you MUST have

	allow bind_v2 bind_anon_cred bind_anon_dn

in it or anonymous simple binds won't be allowed.

>
> I find it hard to believe that it's working on any other login
> mechanism, but not for GDM.
>
> - --
> Stephen Gallagher
> RHCE 804006346421761
>
> Delivering value year after year.
> Red Hat ranks #1 in value among software vendors.
> http://www.redhat.com/promo/vendor/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkza7wQACgkQeiVVYja6o6P68QCfd6b30S6UUZL4REX1u0ZmDqob
> eicAn2iT66dqr3n2NK+01v6MSDd3TTZd
> =HY0g
> -----END PGP SIGNATURE-----


-- 
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, C2 Hosting          ricks at nerd.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-  Jimmie crack corn and I don't care...what kind of lousy attitude  -
-                 is THAT to have, huh?   -- Dennis Miller           -
----------------------------------------------------------------------


More information about the users mailing list