Re: [Fedora-directory-users] solaris8 simple auth

Fri, 10 Aug 2007 15:31:12 -0700 


How do I verify that the NS1 crypt is correct outside of the solaris
client (or ldap_gen_profile)?



Don't know... I've only ever seen {NS1} with Solaris' LDAP client.  
Anyone know more about this hash, and what other tools can work with it?



The password in FDS for the above proxy user is stored in CRYPT format
in FDS- is this  mismatch really supported ?



Yes.  The NS1 hash is really just to obscure the password in the 
ldap_client_cred file.  When doing a simple bind, it is reversed and 
transmitted as clear text.




suggestions?



Try putting the password cleartext directly in your ldap_client_cred 
file.  Maybe there was a typo when generating the NS1 hash?


e.g.:

NS_LDAP_BINDPASSWD= the-password


Then restart Solaris' ldapclient.




Doug Chapman wrote:

I'm looking for troubleshooting advice- hope someone has some insight
I can borrow.

Trying to get a Solaris8 client (with the latest ldap patchcluster) to
do simple authentication against FDS.
When setup for anonymous auth, I'm able to do ldap list just fine:

# ldaplist -l passwd tester
dn: cn=test user,ou=People,dc=corp,dc=example,dc=com
        givenName: test
        sn: user
        loginShell: /bin/bash
        gidNumber: 1024
        uidNumber: 5351
        mail: [EMAIL PROTECTED]
        objectClass: person
        objectClass: organizationalPerson
        objectClass: inetOrgPerson
        objectClass: posixAccount
        objectClass: top
        uid: tester
        gecos: test user
        cn: test user
        homeDirectory: /nethome/tester


When setup for simple auth (and that's all I've changed), I'm seeing
error 49 (invalid credentials) in the FDS logs:

[10/Aug/2007:14:45:02 -0700] conn=25532 fd=65 slot=65 connection from
172.20.100.85 to 172.20.200.125
[10/Aug/2007:14:45:02 -0700] conn=25532 op=0 BIND
dn="cn=sunldap,ou=profile,dc=corp,dc=example,dc=com" method=128
version=3
[10/Aug/2007:14:45:02 -0700] conn=25532 op=0 RESULT err=49 tag=97
nentries=0 etime=0
[10/Aug/2007:14:45:02 -0700] conn=25532 op=1 UNBIND
[10/Aug/2007:14:45:02 -0700] conn=25532 op=1 fd=65 closed - U1

Here's my /var/ldap/ldap_client_cred file
NS_LDAP_BINDDN= cn=sunldap,ou=profile,dc=corp,dc=example,dc=com
NS_LDAP_BINDPASSWD= {NS1}8cf5886bf25241a5a5045e

How do I verify that the NS1 crypt is correct outside of the solaris
client (or ldap_gen_profile)?

The password in FDS for the above proxy user is stored in CRYPT format
in FDS- is this  mismatch really supported ?

I can bind with the 'sunldap' user just fine from my linux hosts using
ldapsearch.

suggestions?

  



--
Fedora-directory-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/fedora-directory-users






















					Reply via email to