Hi List After having installed Directory Server with no problems and created a test user account I then go ahead to configure a client to test the authentication to my new directory server, sadly after a reboot I can''t login with my new user account that I created, I have spent a few days reading up about what the problem may be but until now I have had very little joy. If I try ldapsearch -v then I get error message: SASL/EXTERNAL authentication started Ldap_sasl_interactive_bind_s:unknown authentication method (-6) additional info: SASL(-4): no mechanism available: If i use ldapsearch -x then I get the output of a ldif file with all groups, users and domains available so there is apparently nothing rong with the communication, I truly belive that this is a security problem that sits somewhere but I have no idea. Could anyone give me some pointers to how I could fix this problem? Regards Per Qvindesland
Per Qvindesland
2009-Jan-28 14:58 UTC
Re: [Fedora-directory-users] Authentication problems
Hello again list I am coming a bit to my wits end on this one, let me rather top post my own post :) After having configured the client machine to authenticate and to look for users on the directory server and then try to login into a user that sits on the directory server then I get a error message saying that there is no such user, is there any special configuration that needs to be done to get the directory server to authenticate on a standard install on both the directory server and the client? Regards Per On 1/28/09 10:53 AM, "Per Qvindesland" <per@norhex.com> wrote:> Hi List > > After having installed Directory Server with no problems and created a test > user account I then go ahead to configure a client to test the > authentication to my new directory server, sadly after a reboot I can''t > login with my new user account that I created, I have spent a few days > reading up about what the problem may be but until now I have had very > little joy. > > If I try ldapsearch -v then I get error message: > SASL/EXTERNAL authentication started > Ldap_sasl_interactive_bind_s:unknown authentication method (-6) > additional info: SASL(-4): no mechanism available: > If i use ldapsearch -x then I get the output of a ldif file with all groups, > users and domains available so there is apparently nothing rong with the > communication, I truly belive that this is a security problem that sits > somewhere but I have no idea. > > Could anyone give me some pointers to how I could fix this problem? > > Regards > Per Qvindesland > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Per Qvindesland wrote:> Hi List > > After having installed Directory Server with no problems and created a test > user account I then go ahead to configure a client to test the > authentication to my new directory server, sadly after a reboot I can''t > login with my new user account that I created, I have spent a few days > reading up about what the problem may be but until now I have had very > little joy. > > If I try ldapsearch -v then I get error message: > SASL/EXTERNAL authentication started > Ldap_sasl_interactive_bind_s:unknown authentication method (-6) > additional info: SASL(-4): no mechanism available: >This is because the openldap ldapsearch client attempts SASL authentication by default. You have to specify -x to make it use simple (username/password or anonymous) authentication.> If i use ldapsearch -x then I get the output of a ldif file with all groups, > users and domains available so there is apparently nothing rong with the > communication, I truly belive that this is a security problem that sits > somewhere but I have no idea. >I don''t think this is a security problem.> Could anyone give me some pointers to how I could fix this problem? > > Regards > Per Qvindesland > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Per Qvindesland
2009-Jan-29 12:31 UTC
Re: [Fedora-directory-users] Authentication problems
Hi Thanks so much for responding to my post. I managed to find out this but from what I don''t get is why after having installed and configured clients to authenticate towards the server correctly they still don''t do it, I have looked for any log files that could give me some clue of what I have done rong but no luck the error log in the admin interface says nothing that is of use, I have also read the manual from one side to the other but I can not find anything that tells me what steps that I have been forgetting. Is there any error logs that it generats that it generates that can give me some more clues? Regards Per Qvindesland On 1/28/09 4:37 PM, "Rich Megginson" <rmeggins@redhat.com> wrote:> Per Qvindesland wrote: >> Hi List >> >> After having installed Directory Server with no problems and created a test >> user account I then go ahead to configure a client to test the >> authentication to my new directory server, sadly after a reboot I can''t >> login with my new user account that I created, I have spent a few days >> reading up about what the problem may be but until now I have had very >> little joy. >> >> If I try ldapsearch -v then I get error message: >> SASL/EXTERNAL authentication started >> Ldap_sasl_interactive_bind_s:unknown authentication method (-6) >> additional info: SASL(-4): no mechanism available: >> > This is because the openldap ldapsearch client attempts SASL > authentication by default. You have to specify -x to make it use simple > (username/password or anonymous) authentication. >> If i use ldapsearch -x then I get the output of a ldif file with all groups, >> users and domains available so there is apparently nothing rong with the >> communication, I truly belive that this is a security problem that sits >> somewhere but I have no idea. >> > I don''t think this is a security problem. >> Could anyone give me some pointers to how I could fix this problem? >> >> Regards >> Per Qvindesland >> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Per Qvindesland wrote:> Hi > > Thanks so much for responding to my post. > > I managed to find out this but from what I don''t get is why after having > installed and configured clients to authenticate towards the server > correctly they still don''t do it, I have looked for any log files that could > give me some clue of what I have done rong but no luck the error log in the > admin interface says nothing that is of use, I have also read the manual > from one side to the other but I can not find anything that tells me what > steps that I have been forgetting. > > Is there any error logs that it generats that it generates that can give me > some more clues? >I''m not sure where pam and nss log - possibly /var/log/secure You can see what searches are being performed against the directory server by looking at /var/log/dirsrv/slapd-yourinstance/access> Regards > Per Qvindesland > > > On 1/28/09 4:37 PM, "Rich Megginson" <rmeggins@redhat.com> wrote: > > >> Per Qvindesland wrote: >> >>> Hi List >>> >>> After having installed Directory Server with no problems and created a test >>> user account I then go ahead to configure a client to test the >>> authentication to my new directory server, sadly after a reboot I can''t >>> login with my new user account that I created, I have spent a few days >>> reading up about what the problem may be but until now I have had very >>> little joy. >>> >>> If I try ldapsearch -v then I get error message: >>> SASL/EXTERNAL authentication started >>> Ldap_sasl_interactive_bind_s:unknown authentication method (-6) >>> additional info: SASL(-4): no mechanism available: >>> >>> >> This is because the openldap ldapsearch client attempts SASL >> authentication by default. You have to specify -x to make it use simple >> (username/password or anonymous) authentication. >> >>> If i use ldapsearch -x then I get the output of a ldif file with all groups, >>> users and domains available so there is apparently nothing rong with the >>> communication, I truly belive that this is a security problem that sits >>> somewhere but I have no idea. >>> >>> >> I don''t think this is a security problem. >> >>> Could anyone give me some pointers to how I could fix this problem? >>> >>> Regards >>> Per Qvindesland >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Per Qvindesland
2009-Jan-30 15:31 UTC
Re: [Fedora-directory-users] Authentication problems
Hi Thanks again for the response. I have managed to find some logs now that to Rich''s message but I am unsure of what they mean: [30/Jan/2009:10:28:49 -0500] conn=46 fd=66 slot=66 connection from 83.140.187.52 to 83.140.187.43 [30/Jan/2009:10:28:49 -0500] conn=46 op=0 BIND dn="" method=128 version=3 [30/Jan/2009:10:28:49 -0500] conn=46 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [30/Jan/2009:10:28:49 -0500] conn=46 op=1 SRCH base="dc=sms,dc=mycompany,dc=com" scope=2 filter="(&(objectClass=posixAccount)(uid=pq))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass" [30/Jan/2009:10:28:49 -0500] conn=46 op=1 RESULT err=0 tag=101 nentries=0 etime=0 [30/Jan/2009:10:28:49 -0500] conn=46 op=-1 fd=66 closed - B1 Does any one have any idea? Regards Per Qvindesland On 1/29/09 4:18 PM, "Rich Megginson" <rmeggins@redhat.com> wrote:> Per Qvindesland wrote: >> Hi >> >> Thanks so much for responding to my post. >> >> I managed to find out this but from what I don''t get is why after having >> installed and configured clients to authenticate towards the server >> correctly they still don''t do it, I have looked for any log files that could >> give me some clue of what I have done rong but no luck the error log in the >> admin interface says nothing that is of use, I have also read the manual >> from one side to the other but I can not find anything that tells me what >> steps that I have been forgetting. >> >> Is there any error logs that it generats that it generates that can give me >> some more clues? >> > I''m not sure where pam and nss log - possibly /var/log/secure > You can see what searches are being performed against the directory > server by looking at /var/log/dirsrv/slapd-yourinstance/access >> Regards >> Per Qvindesland >> >> >> On 1/28/09 4:37 PM, "Rich Megginson" <rmeggins@redhat.com> wrote: >> >> >>> Per Qvindesland wrote: >>> >>>> Hi List >>>> >>>> After having installed Directory Server with no problems and created a test >>>> user account I then go ahead to configure a client to test the >>>> authentication to my new directory server, sadly after a reboot I can''t >>>> login with my new user account that I created, I have spent a few days >>>> reading up about what the problem may be but until now I have had very >>>> little joy. >>>> >>>> If I try ldapsearch -v then I get error message: >>>> SASL/EXTERNAL authentication started >>>> Ldap_sasl_interactive_bind_s:unknown authentication method (-6) >>>> additional info: SASL(-4): no mechanism available: >>>> >>>> >>> This is because the openldap ldapsearch client attempts SASL >>> authentication by default. You have to specify -x to make it use simple >>> (username/password or anonymous) authentication. >>> >>>> If i use ldapsearch -x then I get the output of a ldif file with all >>>> groups, >>>> users and domains available so there is apparently nothing rong with the >>>> communication, I truly belive that this is a security problem that sits >>>> somewhere but I have no idea. >>>> >>>> >>> I don''t think this is a security problem. >>> >>>> Could anyone give me some pointers to how I could fix this problem? >>>> >>>> Regards >>>> Per Qvindesland >>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users@redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Per Qvindesland wrote:> Hi > > Thanks again for the response. > > > I have managed to find some logs now that to Rich''s message but I am unsure > of what they mean: > [30/Jan/2009:10:28:49 -0500] conn=46 fd=66 slot=66 connection from > 83.140.187.52 to 83.140.187.43 > [30/Jan/2009:10:28:49 -0500] conn=46 op=0 BIND dn="" method=128 version=3 >Bind as anonymous (dn="")> [30/Jan/2009:10:28:49 -0500] conn=46 op=0 RESULT err=0 tag=97 nentries=0 > etime=0 dn="" >Result is good (err=0)> [30/Jan/2009:10:28:49 -0500] conn=46 op=1 SRCH > base="dc=sms,dc=mycompany,dc=com" scope=2 > filter="(&(objectClass=posixAccount)(uid=pq))" attrs="uid userPassword > uidNumber gidNumber cn homeDirectory loginShell gecos description > objectClass" >Search for user uid=pq with objectClass=posixAccount anywhere under dc=sms,dc=mycompany,dc=com and return the attributes uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass> [30/Jan/2009:10:28:49 -0500] conn=46 op=1 RESULT err=0 tag=101 nentries=0 > etime=0 >There were no errors (err=0), but no entries were found that matched.> [30/Jan/2009:10:28:49 -0500] conn=46 op=-1 fd=66 closed - B1 > > Does any one have any idea? > > Regards > Per Qvindesland > > On 1/29/09 4:18 PM, "Rich Megginson" <rmeggins@redhat.com> wrote: > > >> Per Qvindesland wrote: >> >>> Hi >>> >>> Thanks so much for responding to my post. >>> >>> I managed to find out this but from what I don''t get is why after having >>> installed and configured clients to authenticate towards the server >>> correctly they still don''t do it, I have looked for any log files that could >>> give me some clue of what I have done rong but no luck the error log in the >>> admin interface says nothing that is of use, I have also read the manual >>> from one side to the other but I can not find anything that tells me what >>> steps that I have been forgetting. >>> >>> Is there any error logs that it generats that it generates that can give me >>> some more clues? >>> >>> >> I''m not sure where pam and nss log - possibly /var/log/secure >> You can see what searches are being performed against the directory >> server by looking at /var/log/dirsrv/slapd-yourinstance/access >> >>> Regards >>> Per Qvindesland >>> >>> >>> On 1/28/09 4:37 PM, "Rich Megginson" <rmeggins@redhat.com> wrote: >>> >>> >>> >>>> Per Qvindesland wrote: >>>> >>>> >>>>> Hi List >>>>> >>>>> After having installed Directory Server with no problems and created a test >>>>> user account I then go ahead to configure a client to test the >>>>> authentication to my new directory server, sadly after a reboot I can''t >>>>> login with my new user account that I created, I have spent a few days >>>>> reading up about what the problem may be but until now I have had very >>>>> little joy. >>>>> >>>>> If I try ldapsearch -v then I get error message: >>>>> SASL/EXTERNAL authentication started >>>>> Ldap_sasl_interactive_bind_s:unknown authentication method (-6) >>>>> additional info: SASL(-4): no mechanism available: >>>>> >>>>> >>>>> >>>> This is because the openldap ldapsearch client attempts SASL >>>> authentication by default. You have to specify -x to make it use simple >>>> (username/password or anonymous) authentication. >>>> >>>> >>>>> If i use ldapsearch -x then I get the output of a ldif file with all >>>>> groups, >>>>> users and domains available so there is apparently nothing rong with the >>>>> communication, I truly belive that this is a security problem that sits >>>>> somewhere but I have no idea. >>>>> >>>>> >>>>> >>>> I don''t think this is a security problem. >>>> >>>> >>>>> Could anyone give me some pointers to how I could fix this problem? >>>>> >>>>> Regards >>>>> Per Qvindesland >>>>> >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users@redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users@redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >