Thanks for all the hard work on this, I've been enjoying an almost functional setup for the last week but have been tearing my hair out with making GSSAPI behave.
What I have found so far using the config instructions - may be error prone now as the number of combinations tried! Anonymous bind enabled on freeipa: all works fine as you would expect. RootDSE only enabled on freeipa : Works If you also specify a real user in the Directory Utility auth section (not a service account) No anonymous binds : Will not play at all. Now the thing that is really throwing me, is that GSSAPI ldapsearch works just fine from the command line (using -Y GSSAPI) but directiory utility seems unable to use these credentials. I'm totally unsure if this is an OS limitation (as the login screen wouldn't have any creds until a user has typed them) or if I've managed to screw something up. I'd like to be in a position where I can either have a very reduced access LDAP user enabled on all Mac clients, or that they can harness the host or user keytab in order to require no special LDAP credentials of their own. Hope this makes sense, and thanks in advance, David p.s. I've attempted to and failed to join this list, so subject to moderation, and I might require an explicit reply to in order to get responses!
_______________________________________________ FreeIPA-users mailing list -- email@example.com To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org