Jim Summers
2006-Mar-31 21:48 UTC
[Fedora-directory-users] Mac OS X Client authenticating against Fedora Directory Server
Hello List,
I am following up on a thread that was initiated by David Schibeci a few weeks
back. He was trying to configure os/x machines to authenticate against fds.
I to will have to authenticate some os/x machines when I migrate over to fds.
So I thought I should test it out.
Unfortunately I was not able to get it to work. All I am seeing in the
system.log file are entries such as:
DSOpenNode(): dsOpenDirNode("/LDAPv3/ipaddress") == -14002
DSGetCurrentConfigInfo(): dsGetRecordEntry() == -14061
Not to informative.
Any ideas or suggestions will be greatly appreciated.
Thanks
--
Jim Summers
School of Computer Science-University of Oklahoma
-------------------------------------------------
David Schibeci
2006-Apr-03 01:17 UTC
Re: [Fedora-directory-users] Mac OS X Client authenticating against Fedora Directory Server
For the record, I could only get MacOS 10.4 to authenticate against FDS, but this could be because I am using a non-standard port (390 + 637 for LDAP and LDAPS respectively). The only trick I needed was when configuring your LDAP source, under the Security tab I needed to enable "Encrypt all packers (requires SSL or Kerberos). It seems DirectoryServices was trying to initiate a SASL connected over SSL which would fail, but this could be to due to a non-standard port. Cheers, David On 01/04/2006, at 5:48 AM, Jim Summers wrote:> Hello List, > > I am following up on a thread that was initiated by David Schibeci > a few weeks back. He was trying to configure os/x machines to > authenticate against fds. > > I to will have to authenticate some os/x machines when I migrate > over to fds. So I thought I should test it out. > > Unfortunately I was not able to get it to work. All I am seeing in > the system.log file are entries such as: > > DSOpenNode(): dsOpenDirNode("/LDAPv3/ipaddress") == -14002 > DSGetCurrentConfigInfo(): dsGetRecordEntry() == -14061 > > Not to informative. > > Any ideas or suggestions will be greatly appreciated. > > Thanks > -- > Jim Summers > School of Computer Science-University of Oklahoma > ------------------------------------------------- > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Jim Summers
2006-Apr-03 14:00 UTC
Re: [Fedora-directory-users] Mac OS X Client authenticating against Fedora Directory Server
David Schibeci wrote:> For the record, I could only get MacOS 10.4 to authenticate against FDS, > but this could be because I am using a non-standard port (390 + 637 for > LDAP and LDAPS respectively). >At least you got it going. I am using standard ports. Here is something I found in my logs on the fds server: [31/Mar/2006:13:56:42 -0600] conn=10197 fd=82 slot=82 SSL connection from 129.15.xx.xx to 129.15.xx.xx [31/Mar/2006:13:56:42 -0600] conn=10197 op=-1 fd=82 closed - Encountered end of file. This only shows up when I edit the entry in DirectoryServices and commit the changes. Then I try an id command, which fails and I see the above message. Any ideas what the eof means? My ssl works between fds and other linux machines.> The only trick I needed was when configuring your LDAP source, under the > Security tab I needed to enable "Encrypt all packers (requires SSL or > Kerberos).I will look for that. Thanks Will post results. Thanks again.> > It seems DirectoryServices was trying to initiate a SASL connected over > SSL which would fail, but this could be to due to a non-standard port. > > Cheers, > David > > On 01/04/2006, at 5:48 AM, Jim Summers wrote: > >> Hello List, >> >> I am following up on a thread that was initiated by David Schibeci a >> few weeks back. He was trying to configure os/x machines to >> authenticate against fds. >> >> I to will have to authenticate some os/x machines when I migrate over >> to fds. So I thought I should test it out. >> >> Unfortunately I was not able to get it to work. All I am seeing in >> the system.log file are entries such as: >> >> DSOpenNode(): dsOpenDirNode("/LDAPv3/ipaddress") == -14002 >> DSGetCurrentConfigInfo(): dsGetRecordEntry() == -14061 >> >> Not to informative. >> >> Any ideas or suggestions will be greatly appreciated. >> >> Thanks >> --Jim Summers >> School of Computer Science-University of Oklahoma >> ------------------------------------------------- >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users-- Jim Summers School of Computer Science-University of Oklahoma -------------------------------------------------
Jim Summers
2006-Apr-06 20:41 UTC
Re: [Fedora-directory-users] Mac OS X Client authenticating against Fedora Directory Server
Jim Summers wrote:> > > David Schibeci wrote: >> For the record, I could only get MacOS 10.4 to authenticate against >> FDS, but this could be because I am using a non-standard port (390 + >> 637 for LDAP and LDAPS respectively). >> > At least you got it going. I am using standard ports. Here is > something I found in my logs on the fds server: > > [31/Mar/2006:13:56:42 -0600] conn=10197 fd=82 slot=82 SSL connection > from 129.15.xx.xx to 129.15.xx.xx > [31/Mar/2006:13:56:42 -0600] conn=10197 op=-1 fd=82 closed - Encountered > end of file. > > This only shows up when I edit the entry in DirectoryServices and commit > the changes. Then I try an id command, which fails and I see the above > message. > > Any ideas what the eof means? > > My ssl works between fds and other linux machines. > >> The only trick I needed was when configuring your LDAP source, under >> the Security tab I needed to enable "Encrypt all packers (requires SSL >> or Kerberos). > > I will look for that. Thanks > > Will post results.Finally got back to this machine. By enabling the "Encrypt all packers", I was able to successfully authenticate against the FDS. Many Thanks!> > Thanks again. >> >> It seems DirectoryServices was trying to initiate a SASL connected >> over SSL which would fail, but this could be to due to a non-standard >> port. >> >> Cheers, >> David >> >> On 01/04/2006, at 5:48 AM, Jim Summers wrote: >> >>> Hello List, >>> >>> I am following up on a thread that was initiated by David Schibeci a >>> few weeks back. He was trying to configure os/x machines to >>> authenticate against fds. >>> >>> I to will have to authenticate some os/x machines when I migrate over >>> to fds. So I thought I should test it out. >>> >>> Unfortunately I was not able to get it to work. All I am seeing in >>> the system.log file are entries such as: >>> >>> DSOpenNode(): dsOpenDirNode("/LDAPv3/ipaddress") == -14002 >>> DSGetCurrentConfigInfo(): dsGetRecordEntry() == -14061 >>> >>> Not to informative. >>> >>> Any ideas or suggestions will be greatly appreciated. >>> >>> Thanks >>> --Jim Summers >>> School of Computer Science-University of Oklahoma >>> ------------------------------------------------- >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >-- Jim Summers School of Computer Science-University of Oklahoma -------------------------------------------------