Hi Cal, Does a kinit work from a terminal? Does it work if you use "kinit user" or just if you use "kinit user@REALM.suffix"
-- john 2015-12-20 15:09 GMT+01:00 Cal Sawyer <ca...@blue-bolt.com>: > Hi, all > > I'm attempting to set up LDAP auth (against IPA server 4.10) from a OSX > 10.10.5 (Yosemite) client > > Using the excellent instructions at > http://linsec.ca/Using_FreeIPA_for_User_Authentication#Mac_OS_X_10.7.2F10.8%20%22Linsec.ca%20tutorial%20for%20connecting%20Mac%20OS%2010.7%20to%20IPA%20Server, > I've populated the specified files, d/l'd the cert, am able to configure > Users and Groups objects/attribs and browse both from within OSX's > Directory Utility. ldapsearch similarly returns the expected results. > > In spite of this, i'm unable to authenticate as any IPA-LDAP user on this > system > > dirsrv log on the ipa master shows no apparent errors - remote auth > attempts exit with "RESULT err=0 tag=101 nentries=1 etime=0", but tell the > truth, there so much stuff there and being rather inexperienced with LDAP > diags i might easily be missing something in the details > > The linsec.ca instructions were written in the 10.7-10.8 era so something > may have changed since. Having said that, we've had no problems > authenticating against our existing OpenLDAP server (which IPA is slated to > replace) right up to 10.10.5 with no zero to our Directory Utility setup. > > Hoping someone here has some contemporary experience with OSX and IPA and > for whom this issue rings a bell? > > many thanks > > Cal Sawyer | Systems Engineer | BlueBolt Ltd > 15-16 Margaret Street | London W1W 8RW > +44 (0)20 7637 5575 | www.blue-bolt.com > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project