<quote who="Phillip Bennett"> > Hi everyone, > > I've finally got my LDAP directory set up and almost working! I can see it > using two different LDAP browsers that I have installed, and I can use > ldapsearch from the command line with the '-x' option (Simple > Authentication). I can even use ldapsearch -x -D "<my username>" etc.. > > What gets me though, is that I can't run other commands on it like > 'ldapwhoami', and I can't logon using LDAP either.. When I do, I get the > following message: > > ~]$ ldapwhoami > SASL/DIGEST-MD5 authentication started > Please enter your password: > ldap_sasl_interactive_bind_s: Internal (implementation specific) error > (80) > additional info: SASL(-13): user not found: no secret in database
You still need -x on ldapwhoami > > > I've been reading up on SASL for the past two days and have been directed > to > kerberos from a few pages. I now have a working kerberos KDC as well. > However, I was hoping not to have to do this, as it means setting up the > clients for kerberos as well. > > So far, what I have is an LDAP database that works with autofs. However, > it > doesn't allow me to logon to workstations. When I do, I get the following > error: > > [EMAIL PROTECTED] ~]# su - phillip > id: cannot find name for group ID 2066 > id: cannot find name for user ID 2066 > [EMAIL PROTECTED] ~]$ ssh localhost > You don't exist, go away! > > Now, I know what the 'go away' error is all about. What I don't know is > why > it happens. > > My setup is as follows: > > Redhat ES4 - all software at latest redhat versions > ldap 2.2.13 > autofs 4.1.3-199.3 > kernel 2.6.9-55 > cyrus-sasl 2.1.19 (inc. md5, ntlm, sql, gssapi) > kerberos 1.3.4-47 > > Does anyone have any helpful information for getting these final bits > setup? > I have read in a few places that Redhat puts the SASL stuff in by default > and it can't be turned off. The same people usually say that it's best to > recompile from source and leave the SASL support out. Would anyone agree > with that? I feel that I've come so far and I'm understanding so much > more, > but I am still just so far away from getting anything to actually WORK! > It's just so frustrating... On the plus side, I have now discovered > strace. > It has helped me fix a few errors these past few days. :) > > Any help you can give is greatly appreciated! Check your permissions on /etc/nsswitch.conf /etc/ldap.conf, that's usually the prob with "getent passwd" and su > > Thanks in advance, > Phil. > > > _______________________________________________ > Scottish mailing list > [email protected] > https://mailman.lug.org.uk/mailman/listinfo/scottish > _______________________________________________ Scottish mailing list [email protected] https://mailman.lug.org.uk/mailman/listinfo/scottish
