Hi Cal,

Does a kinit work from a terminal? Does it work if you use "kinit user" or
just if you use "kinit user@REALM.suffix"

-- john


2015-12-20 15:09 GMT+01:00 Cal Sawyer <ca...@blue-bolt.com>:

> Hi, all
>
> I'm attempting to set up LDAP auth (against IPA server 4.10) from a OSX
> 10.10.5 (Yosemite) client
>
> Using the excellent instructions at
> http://linsec.ca/Using_FreeIPA_for_User_Authentication#Mac_OS_X_10.7.2F10.8%20%22Linsec.ca%20tutorial%20for%20connecting%20Mac%20OS%2010.7%20to%20IPA%20Server,
> I've populated the specified files, d/l'd the cert, am able to configure
> Users and Groups objects/attribs and browse both from within OSX's
> Directory Utility.    ldapsearch similarly returns the expected results.
>
> In spite of this, i'm unable to authenticate as any IPA-LDAP user on this
> system
>
> dirsrv log on the ipa master shows no apparent errors - remote auth
> attempts exit with "RESULT err=0 tag=101 nentries=1 etime=0", but tell the
> truth, there so much stuff there and being rather inexperienced with LDAP
> diags i might easily be missing something in the details
>
> The linsec.ca instructions were written in the 10.7-10.8 era so something
> may have changed since.  Having said that, we've had no problems
> authenticating against our existing OpenLDAP server (which IPA is slated to
> replace) right up to 10.10.5 with no zero to our Directory Utility setup.
>
> Hoping someone here has some contemporary experience with OSX and IPA and
> for whom this issue rings a bell?
>
> many thanks
>
> Cal Sawyer | Systems Engineer | BlueBolt Ltd
> 15-16 Margaret Street | London W1W 8RW
> +44 (0)20 7637 5575 | www.blue-bolt.com
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to