Tom Ryan wrote:
It happens to all of us...I am still having a couple of issues though (for everyone else listening :)I changed pamMapMethod to Entry I then set pamIDAttr to aliasedObjectName (out of laziness for now) When I start the slapd with this, I get this..pam_passthru-plugin - Warning: The following suffixes listed in pamExcludeSuffix or pamIncludeSuffix are not present in this server: o=NetscapeRoot
The warning is just for your information, for debugging the set up, if you accidentally set an incorrect suffix. If you don't have the o=NetscapeRoot suffix on this server, or if you don't want to do pam passthru on that suffix, you can either omit it from the include/exclude list, or set the attribute pamMissingSuffix in the pam plugin entry to "IGNORE".But, the admin server will still start just fine..
Any errors in the errors log? Does it work any better if your krbprinc name is all lower case and the realm is all upper case e.g. krbprinc@xxxxxxxxx?Regardless, the system does not appear to try to use the aliasedobjectname for the user to pass to pam.. (I have KRBPRINC@xxxxxxxxx in aliasedobjectname)..
Any ideas? TomPs.. If I leave it as RDN, I get no error on startup about suffix and as long as my bind dn matches my krb princ in the default realm, it works.. So I’m halfway there?On 7/26/06 9:18 AM, "Paul Engle" <pengle@xxxxxxxx> wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 *Blush* Okay, that's just plain embarrassing. That ended up being caused by having the 'auth' part in the pam configuratoin but no 'account' line for pam_krb5.so. -paul - --On Tuesday, July 25, 2006 05:49:51 PM -0400 Tom Ryan <tomryan@xxxxxxxxxxxxxxxxxx> wrote: > > > > On 7/25/06 5:47 PM, "Paul Engle" <pengle@xxxxxxxx> wrote: > > > > I'm not familiar with that message. I don't recall having any issues. I > wasn't trying do add it to a live server, though. I was working on a > development machine and was able to yank the DS up and down with impunity. > > > In this message, > > http://www.redhat.com/archives/fedora-directory-users/2006-May/msg00081.h > tml > > You noted you had the same error (reset required) when simple binding at > first.. > > Tom - -- Paul D. Engle | Rice University Sr. Systems Administrator | Information Technology - MS119 (713) 348-4702 | P.O. Box 1892 pengle@xxxxxxxx | Houston, TX 77251-1892 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFEx2vHCpkISWtyHNsRAkdYAKD9mCDZCSGoG+PDcteXOttgyBZYywCfXjmM g1p3GL9gbu4Ja5M880MwZX0= =JFVj -----END PGP SIGNATURE----- -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users ------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
