Sorry, I missed adding the mailing list, added now. Ah, I'll bear that in mind about authentication prior to 4.4. I have 4.3.1 on Fedora 24 right now. I'm using anonymous authentication for now, for my various situations such as Jira/etc, and it seems to work, and I'll try again in 4.4 with various GUI apps.
Thanks again for all the help! -Harry On 29 August 2016 at 01:59, Alexander Bokovoy <[email protected]> wrote: > Again, don't answer to me directly, use freeipa-users@ mailing list. > > On Mon, 29 Aug 2016, Harry Kashouli wrote: > >> Fixed it, and now it looks like I actually get a successful result, and it >> gives me info on the account. Thanks, I should've guessed that I needed to >> replace $REALM. >> >> Now, even though this works, if I try to connect via a GUI such as LDAP >> Admin, I can only connect to the database if I use "Simple >> Authentication", >> and anonymous. If I switch it to GSS-API and add the admin user, I get an >> error as follows: >> "LDAP error! Invalid credentials: SASL(-13): authentication failure: >> GSSAPI Failure: gss_accept_sec_context" >> >> I've tried using the following two options as base, but still no sucess: >> - dc=outland,dc=zsazouli,dc=com >> - cn=users,cn=accounts,dc=outland,dc=zsazouli,dc=com >> > I don't think it is related to the choice of the base here. You need to > look into details of your GUI application. 'LDAP Admin' app is running > on Windows and I don't think it is going to use IPA's credentials -- it > is rather using Active Directory user's ones. However, we do not support > GSSAPI authentication as an AD user to LDAP in versions before FreeIPA 4.4. > > -- > / Alexander Bokovoy >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
