SASL auth problem on bind with Mac OS X 10.4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi

Is the ldap server configured for sasl? it would seem that the osx
client tries with sasl and only sasl when that does not work it unbinds
and does not try simple bind, it may see that the ldap server is showing
sasl as a available authentication method but it is not really
available, can you exec login into it? also did you reboot the mac box
after configuring the ldap login?

Per
On Wed, 2010-05-19 at 12:45 +0200, Roland Schwingel wrote:
> 
> Hi... 
> 
> With Mac OS X 10.4 I got a problem when user wants to log in into an
> account hosted in 389ds. 
> I presumably tracked the problem down to a SASL auth problem. 
> 
> Using wireshark I recorded the traffic between my mac os x 10.4
> machine and my 389ds server. 
> On logon the mac tries a bind without binddn but with SASL auth
> (mechanism CRAM-MD5). 
> 
> Mac -> 389DS:  bindrequest with CRAM-MD5 to get credentials 
> 389DS -> Mac: bindresponse with md5 credentials (eg.
> "<3051212195.15971967 at host.domain>") 
> Mac -> 389DS: bindrequest CRAM-MD5 with user and hashed password (eg.
> "roland b98c....") 
> 389DS -> MAC: bindresponse invalidcredentials ("SASL(-13): user not
> found: no secret in database") 
> Mac says sorry no logon... 
> 
> With Mac OS X 10.5/10.6 it works. It also tries the CRAM-MD5 SASL
> auth. But when it failes it alternatively tries a bind with a binddn
> (eg. "uid=roland,ou=people,dc=domain") which is successful.
> Unfortunately I have a bigger amount of mac os x 10.4 machines which I
> cannot migrate to 10.5 oder later so I need to support this. I yet did
> not find a way to convince mac os x 10.4 to use a binddn for auth. 
> 
> Any clue what is wrong here? Is this a SASL uid mapping problem or is
> it because the user passwords are stored SSHA hashed? I already tried
> to change the stored password from SSHA to MD5, but it does not help
> SASL auth fails with the same error message. Or is this a hash
> comparison problem? 
> 
> Thanks in advance, 
> 
> Roland 
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux