solaris8 simple auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>
> How do I verify that the NS1 crypt is correct outside of the solaris
> client (or ldap_gen_profile)?

Don't know... I've only ever seen {NS1} with Solaris' LDAP client.  
Anyone know more about this hash, and what other tools can work with it?

> The password in FDS for the above proxy user is stored in CRYPT format
> in FDS- is this  mismatch really supported ?

Yes.  The NS1 hash is really just to obscure the password in the 
ldap_client_cred file.  When doing a simple bind, it is reversed and 
transmitted as clear text.


> suggestions?

Try putting the password cleartext directly in your ldap_client_cred 
file.  Maybe there was a typo when generating the NS1 hash?

e.g.:

NS_LDAP_BINDPASSWD= the-password


Then restart Solaris' ldapclient.




Doug Chapman wrote:
> I'm looking for troubleshooting advice- hope someone has some insight
> I can borrow.
>
> Trying to get a Solaris8 client (with the latest ldap patchcluster) to
> do simple authentication against FDS.
> When setup for anonymous auth, I'm able to do ldap list just fine:
>
> # ldaplist -l passwd tester
> dn: cn=test user,ou=People,dc=corp,dc=example,dc=com
>         givenName: test
>         sn: user
>         loginShell: /bin/bash
>         gidNumber: 1024
>         uidNumber: 5351
>         mail: tester at example.com
>         objectClass: person
>         objectClass: organizationalPerson
>         objectClass: inetOrgPerson
>         objectClass: posixAccount
>         objectClass: top
>         uid: tester
>         gecos: test user
>         cn: test user
>         homeDirectory: /nethome/tester
>
>
> When setup for simple auth (and that's all I've changed), I'm seeing
> error 49 (invalid credentials) in the FDS logs:
>
> [10/Aug/2007:14:45:02 -0700] conn=25532 fd=65 slot=65 connection from
> 172.20.100.85 to 172.20.200.125
> [10/Aug/2007:14:45:02 -0700] conn=25532 op=0 BIND
> dn="cn=sunldap,ou=profile,dc=corp,dc=example,dc=com" method=128
> version=3
> [10/Aug/2007:14:45:02 -0700] conn=25532 op=0 RESULT err=49 tag=97
> nentries=0 etime=0
> [10/Aug/2007:14:45:02 -0700] conn=25532 op=1 UNBIND
> [10/Aug/2007:14:45:02 -0700] conn=25532 op=1 fd=65 closed - U1
>
> Here's my /var/ldap/ldap_client_cred file
> NS_LDAP_BINDDN= cn=sunldap,ou=profile,dc=corp,dc=example,dc=com
> NS_LDAP_BINDPASSWD= {NS1}8cf5886bf25241a5a5045e
>
> How do I verify that the NS1 crypt is correct outside of the solaris
> client (or ldap_gen_profile)?
>
> The password in FDS for the above proxy user is stored in CRYPT format
> in FDS- is this  mismatch really supported ?
>
> I can bind with the 'sunldap' user just fine from my linux hosts using
> ldapsearch.
>
> suggestions?
>
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux