search for: supportedsaslmechanisms

On 2 srv centos 4.4, run slapd. On one, supportedSASLMechanisms order is : supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: CRAM-MD5 and on the other one is : supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: CRAM-MD5 i'd like to use GSSAPI on all srv ... How can i chan...

..., I authenticate by specifying the binddn and password in /etc/nslcd.conf and all works fine If I add the line: sasl_mech GSSAPI to /etc/nslcd.conf and restart nslcd, no one can connect to the database. Nothing works. ldapsearch and getent passwd draw a blank. ldapsearch -x -b '' -sbase supportedSASLMechanisms gives me: dn: supportedSASLMechanisms: GSS-SPNEGO supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: NTLM but ldapsearch -Y GSSAPI gives: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspec...

...the user entries in LDAP with these fields (in addition to other ones): objectClass: krb5Principal krb5PrincipalName: diego@SG.ORG.BR cn: Diego Lima userPassword: {KERBEROS}diego@SG.ORG.BR I could contact the server using: ldapsearch -H ldap://iceage.sg.org.br/ -x -b "" -s base -LLL supportedSASLMechanisms and it returned dn: supportedSASLMechanisms: GSSAPI However when I try to use the kerberos database I get this error: iceage:/etc/ldap# ldapsearch -H ldap:/// -I -b "" -s base -LLL supportedSASLMechanisms SASL/GSSAPI authentication started SASL Interaction Please enter your authoriz...

I've googled and I believe that SASL method DIGEST-MD5 is supported and I see it in the samba startup, but it doesn't work. ldapsearch -Y DIGEST-MD5 -h dc03.mediture.dom SASL/DIGEST-MD5 authentication started ldap_sasl_interactive_bind_s: Operations error (1) additional info: SASL:[DIGEST-MD5]: Failed to start authentication backend: NT_STATUS_INVALID_PARAMETER [root at dc03 ~]# samba

...ke "RPC server unavailable". And I have another problem with LDAP. I have to use ldapadmin to change users' password because ldappasswd gives me this error: ldappasswd -d4 -h 192.168.0.137 "cn=juan.lapuerta,ou=alisys.net ,dc=aliratiun,dc=tic" ldap_build_search_req ATTRS: supportedSASLMechanisms SASL/GSSAPI authentication started SASL username: Administrator at ALIRATIUN.TIC SASL SSF: 56 SASL data security layer installed. Result: Protocol error (2) Additional info: Extended Operation(1.3.6.1.4.1.4203.1.11.1) not supported But I think I read somewhere that that extended operation is sup...

...wireshark says: //client->server 0? X c? O x ? objectclass0? + subschemaSubentry dsServiceName namingContexts defaultNamingContext schemaNamingContext configurationNamingContext rootDomainNamingContext supportedControl supportedLDAPVersion supportedLDAPPolicies supportedSASLMechanisms dnsHostName ldapServiceName serverName supportedCapabilities //server ->client 0? t d? m 0? g0' namingContexts1 dc=arc-aachen,dc=de0?? supportedControl1?? 2.16.840.1.113730.3.4.18 2.16.840.1.113730.3.4.2 1.3.6.1.4.1.4203.1.10.1 1.2.840.113556.1.4.319 1.2.826.0.1.3344810.2.3...

...e it, except the # admin entry below # These access lines apply to database #1 only access to attribute=userPassword by dn="cn=admin,dc=alsace,dc=iufm,dc=fr" write by anonymous auth by self write by * none # Ensure read access to the base for things like # supportedSASLMechanisms. Without this you may # have problems with SASL not knowing what # mechanisms are available and the like. # Note that this is covered by the 'access to *' # ACL below too but if you change that as people # are wont to do you'll still need this if you # want SASL (and possible other thi...

I'm trying to set up an Idmap Backend LDAP server for winbind. I don't need a full blown SAMBA PDC; just a server to provide the SID to UID/GID mappings. We're using a Windows Active Directory server to authenticate against but we want the above mappings to be the same across multiple samba machines. Can we just stand up a simple ldap server and just add the mappings and that's

...ble to see it, except the # admin entry below # These access lines apply to database #1 only access to attrs=userPassword by dn="cn=admin,dc=mailan,dc=local" write by anonymous auth by self write by * none # Ensure read access to the base for things like # supportedSASLMechanisms. Without this you may # have problems with SASL not knowing what # mechanisms are available and the like. # Note that this is covered by the 'access to *' # ACL below too but if you change that as people # are wont to do you'll still need this if you # want SASL (and possible other thi...

...] SearchRequest: attrs: [schemaNamingContext] SearchRequest: attrs: [configurationNamingContext] SearchRequest: attrs: [rootDomainNamingContext] SearchRequest: attrs: [supportedControl] SearchRequest: attrs: [supportedLDAPVersion] SearchRequest: attrs: [supportedLDAPPolicies] SearchRequest: attrs: [supportedSASLMechanisms] SearchRequest: attrs: [dnsHostName] SearchRequest: attrs: [ldapServiceName] SearchRequest: attrs: [serverName] SearchRequest: attrs: [supportedCapabilities] ldb_request BASE dn= filter=(objectclass=*) SearchRequest: results: [1] Received cldap packet of length 156 from 10.0.0.2:55999 cldap netlogo...

...t, except the # admin entry below # These access lines apply to database #1 only access to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=mydomain,dc=ie" write by anonymous auth by self write by * none # Ensure read access to the base for things like # supportedSASLMechanisms. Without this you may # have problems with SASL not knowing what # mechanisms are available and the like. # Note that this is covered by the 'access to *' # ACL below too but if you change that as people # are wont to do you'll still need this if you # want SASL (and possible other thi...

...ee it, except the # admin entry below # These access lines apply to database #1 only access to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=mydomain,dc=ie" write by anonymous auth by self write by * none # Ensure read access to the base for things like # supportedSASLMechanisms. Without this you may # have problems with SASL not knowing what # mechanisms are available and the like. # Note that this is covered by the 'access to *' # ACL below too but if you change that as people # are wont to do you'll still need this if you # want SASL (and possible other thi...

...admin entry below # These access lines apply to database #1 only access to attrs=userPassword,sambaNTPassword,sambaLMPassword by dn="cn=Admin,dc=PDC,dc=COM" write by anonymous auth by self write by * none # Ensure read access to the base for things like # supportedSASLMechanisms. Without this you may # have problems with SASL not knowing what # mechanisms are available and the like. # Note that this is covered by the 'access to *' # ACL below too but if you change that as people # are wont to do you'll still need this if you # want SASL (and possible other thi...

...he # admin entry below # These access lines apply to database #1 only access to attrs=userPassword,sambaNTPassword,sambaLMPassword by dn="cn=Admin,dc=PDC,dc=COM" write by anonymous auth by self write by * none # Ensure read access to the base for things like # supportedSASLMechanisms. Without this you may # have problems with SASL not knowing what # mechanisms are available and the like. # Note that this is covered by the 'access to *' # ACL below too but if you change that as people # are wont to do you'll still need this if you # want SASL (and possible other thi...

...y below # These access lines apply to database #1 only access to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword by dn="cn=admin,dc=home" write by anonymous auth by self write by * none # Ensure read access to the base for things like # supportedSASLMechanisms. Without this you may # have problems with SASL not knowing what # mechanisms are available and the like. # Note that this is covered by the 'access to *' # ACL below too but if you change that as people # are wont to do you'll still need this if you # want SASL (and possible other thi...

samba-3.0.21c, heimdal-0.7.2 The heimdal documentation[1] talks about a samba integration when both samba and heimdal are using ldap as their backends. I quote: "Now you can proceed as in See Using LDAP to store the database. Heimdal will pick up the Samba LDAP entries if they are in the same search space as the Kerberos entries." There is absolutely no further documentation. I tried

...# These access lines apply to database #1 only access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword by dn="cn=admin,dc=test,dc=com" write by anonymous auth by self write by * none # Ensure read access to the base for things like # supportedSASLMechanisms. Without this you may # have problems with SASL not knowing what # mechanisms are available and the like. # Note that this is covered by the 'access to *' # ACL below too but if you change that as people # are wont to do you'll still need this if you # want SASL (and possible other thi...

...ry below # These access lines apply to database #1 only access to attrs=userPassword,sambaLMPassword,sambaNTPassword,shadowLastChange by dn="cn=admin,dc=mik" write by anonymous auth by self write by * none # Ensure read access to the base for things like # supportedSASLMechanisms. Without this you may # have problems with SASL not knowing what # mechanisms are available and the like. # Note that this is covered by the 'access to *' # ACL below too but if you change that as people # are wont to do you'll still need this if you # want SASL (and possible other thi...

Hello i've samba 3.022 with a ldap 2.2.26. I've no pb to join domain with my win2000, but when I reboot I'm reject (bad username ...). I find in debug that the first param sent by the client was the login and I think it must be the machines name. Any idee ? -- Denis Rohou Service Informatique ville de Lannion 22113 lannion 02-96-46-64-22

...except the # admin entry below # These access lines apply to database #1 only access to attrs=userPassword by dn="cn=admin,dc=internal,dc=yourdomain,dc=tld" write by anonymous auth by self write by * none # Ensure read access to the base for things like # supportedSASLMechanisms. Without this you may # have problems with SASL not knowing what # mechanisms are available and the like. # Note that this is covered by the 'access to *' # ACL below too but if you change that as people # are wont to do you'll still need this if you # want SASL (and possible other thi...