Sylvain Angers wrote:
Hello
In our lab, we are testing latest ipa  on redhat  and we are now
configuring/testing  an IBM/AIX client 6.1

Here is the ipa server command that we used
*ipa-server-install -a ipa123 --hostname=mtl-ipa01d.cnppd.lab -n
cnppd.lab -p ldap123 -r CNPPD.LAB *

We are following your documentation for AIX client and have some issue
getting through the step

we had to install  these fileset and we still fight modcrypt

lslpp -L | grep idsldap
  idsldap.clt32bit61.rte    6.1.0.34    C     F    Directory Server - 32 bit
  idsldap.clt64bit61.rte    6.1.0.34    C     F    Directory Server - 64 bit
  idsldap.cltbase61.adt     6.1.0.34    C     F    Directory Server -
Base Client
  idsldap.cltbase61.rte     6.1.0.34    C     F    Directory Server -
Base Client


lslpp -L | grep krb
  krb5.client.rte            1.5.0.2    C     F    Network
Authentication Service
  krb5.client.samples        1.5.0.2    C     F    Network
Authentication Service
  krb5.doc.en_US.html        1.5.0.2    C     F    Network Auth Service HTML
  krb5.doc.en_US.pdf         1.5.0.2    C     F    Network Auth Service PDF
  krb5.lic                   1.5.0.2    C     F    Network
Authentication Service
  krb5.msg.en_US.client.rte  1.5.0.2    C     F    Network Auth Service
Client
  krb5.server.rte            1.5.0.2    C     F    Network
Authentication Service

ww did run the  mksecldap command, as follow

*mksecldap -c -h mtl-ipa01d.cnppd.lab -d cn=accounts,dc=cnppd,dc=lab -a
uid=nss,cn=sysaccounts,cn=etc,dc=cnppd,dc=lab -p abc123*

and we got : Invalid bind DN or bind passwd.  Client presetup check failed.

Do we need to customize further this command if so, what are we missing?
also as we have not yet succeed to make modcrypt works on our AIX 6.1,
we wonder if  we will need (temporary) to do some ldapmodify on the ipa
server to disable ssl?

Thank you for your assistance!

Did you create the entry uid=nss,cn=sysaccounts,cn=etc,... ?

You can test that the password is correct independently with ldapsearch and the 389-ds access log may have additional information on the bind failure.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to