Re: [Freeipa-users] Disabling anonymous binds breaks OS X (10.8.5 and 10.9.1) UI logins.

[Dmitri Pal]

On 01/28/2014 03:33 PM, Guillermo Fuentes wrote:

 Hello,

  

 We are deploying FreeIPA (which it's a great project BTW) as our
 Identity Management System. As we don't want any info from the
 directory to be publically available, we tried disabling anonymous
 binds but it breaks UI logins on Macs (10.8.5 and 10.9.1)

  

 FreeIPA logs show that OS X retrieves attributes using anonymous bind
 and when it's disabled it logs:

 ... authzid=(null), anonymous search not allowed

  

 Has anyone been able to get this setup working properly?


You need to look on the Mac side.
It seems that in the configuration you used Mac tries to do a lookup
after anonymous bind. It might be that you need to configure a special
account on Mac to be able to work around this issue.

  

 Thanks in advance,

 Guillermo



 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

[Freeipa-users] Disabling anonymous binds breaks OS X (10.8.5 and 10.9.1) UI logins.

[Guillermo Fuentes]

Hello,



We are deploying FreeIPA (which it's a great project BTW) as our Identity
Management System. As we don't want any info from the directory to be
publically available, we tried disabling anonymous binds but it breaks UI
logins on Macs (10.8.5 and 10.9.1)



FreeIPA logs show that OS X retrieves attributes using anonymous bind and
when it's disabled it logs:

... authzid=(null), anonymous search not allowed



Has anyone been able to get this setup working properly?



Thanks in advance,

Guillermo
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users