Howard Wilkinson wrote:
I presume you've seen http://directory.fedoraproject.org/wiki/Howto:Kerberos and http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1083165Richard,I am implementing the Fedora DS to provide data from other domains than my AD. So I have other roots in the Directory Store already. I also will be storing additional information for users in the DS to support RADIUS and other applications. However our primary authentication store is on Windows 2003 using the KDC. I have users who have Kerberos tickets granted and can do GSSAPI exchanges with the AD to retrieve LDAP results. The DS has a map which I believe should take a Kerberos/GSSAPI identity and map it to a LDAP lookup. I have arranged for users to be synchronised using the Windows Sync and am trying to match on uid=<samAccountName>,OU=People,DC=example,DC=com for the user.>From the debug logs I am not sure that the DS is doing the GSSAPI look or executing the maps but I get permission denied response with 'ldap_sasl_interactive_bind_s: Invalid credentials (49)' as the primary message.I am not sure where to look next unless what I need to do is to add some acl's for the users currently I just want to get LDAPSEARCH working with Kerberos.
If it's still not working, then perhaps it's some sort of cross domain trust issue.
Howard. -- Howard Wilkinson Phone: +44(20)76907075 Coherent Technology Limited Fax:23 Northampton Square, Mobile: +44(7980)639379 United Kingdom, EC1V 0HL Email: howard@xxxxxxxxxxx------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
