Does a kinit work from a terminal? Does it work if you use "kinit user" or
just if you use "kinit user@REALM.suffix"
2015-12-20 15:09 GMT+01:00 Cal Sawyer <ca...@blue-bolt.com>:
> Hi, all
> I'm attempting to set up LDAP auth (against IPA server 4.10) from a OSX
> 10.10.5 (Yosemite) client
> Using the excellent instructions at
> I've populated the specified files, d/l'd the cert, am able to configure
> Users and Groups objects/attribs and browse both from within OSX's
> Directory Utility. ldapsearch similarly returns the expected results.
> In spite of this, i'm unable to authenticate as any IPA-LDAP user on this
> dirsrv log on the ipa master shows no apparent errors - remote auth
> attempts exit with "RESULT err=0 tag=101 nentries=1 etime=0", but tell the
> truth, there so much stuff there and being rather inexperienced with LDAP
> diags i might easily be missing something in the details
> The linsec.ca instructions were written in the 10.7-10.8 era so something
> may have changed since. Having said that, we've had no problems
> authenticating against our existing OpenLDAP server (which IPA is slated to
> replace) right up to 10.10.5 with no zero to our Directory Utility setup.
> Hoping someone here has some contemporary experience with OSX and IPA and
> for whom this issue rings a bell?
> many thanks
> Cal Sawyer | Systems Engineer | BlueBolt Ltd
> 15-16 Margaret Street | London W1W 8RW
> +44 (0)20 7637 5575 | www.blue-bolt.com
> Manage your subscription for the Freeipa-users mailing list:
> Go to http://freeipa.org for more info on the project
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project