Re: solaris8 simple auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


How do I verify that the NS1 crypt is correct outside of the solaris
client (or ldap_gen_profile)?
Don't know... I've only ever seen {NS1} with Solaris' LDAP client. Anyone know more about this hash, and what other tools can work with it? 


The password in FDS for the above proxy user is stored in CRYPT format
in FDS- is this  mismatch really supported ?
Yes. The NS1 hash is really just to obscure the password in the ldap_client_cred file. When doing a simple bind, it is reversed and transmitted as clear text. 



suggestions?
Try putting the password cleartext directly in your ldap_client_cred file. Maybe there was a typo when generating the NS1 hash? 

e.g.:

NS_LDAP_BINDPASSWD= the-password


Then restart Solaris' ldapclient.




Doug Chapman wrote:

I'm looking for troubleshooting advice- hope someone has some insight
I can borrow.

Trying to get a Solaris8 client (with the latest ldap patchcluster) to
do simple authentication against FDS.
When setup for anonymous auth, I'm able to do ldap list just fine:

# ldaplist -l passwd tester
dn: cn=test user,ou=People,dc=corp,dc=example,dc=com
        givenName: test
        sn: user
        loginShell: /bin/bash
        gidNumber: 1024
        uidNumber: 5351
        mail: tester@xxxxxxxxxxx
        objectClass: person
        objectClass: organizationalPerson
        objectClass: inetOrgPerson
        objectClass: posixAccount
        objectClass: top
        uid: tester
        gecos: test user
        cn: test user
        homeDirectory: /nethome/tester


When setup for simple auth (and that's all I've changed), I'm seeing
error 49 (invalid credentials) in the FDS logs:

[10/Aug/2007:14:45:02 -0700] conn=25532 fd=65 slot=65 connection from
172.20.100.85 to 172.20.200.125
[10/Aug/2007:14:45:02 -0700] conn=25532 op=0 BIND
dn="cn=sunldap,ou=profile,dc=corp,dc=example,dc=com" method=128
version=3
[10/Aug/2007:14:45:02 -0700] conn=25532 op=0 RESULT err=49 tag=97
nentries=0 etime=0
[10/Aug/2007:14:45:02 -0700] conn=25532 op=1 UNBIND
[10/Aug/2007:14:45:02 -0700] conn=25532 op=1 fd=65 closed - U1

Here's my /var/ldap/ldap_client_cred file
NS_LDAP_BINDDN= cn=sunldap,ou=profile,dc=corp,dc=example,dc=com
NS_LDAP_BINDPASSWD= {NS1}8cf5886bf25241a5a5045e

How do I verify that the NS1 crypt is correct outside of the solaris
client (or ldap_gen_profile)?

The password in FDS for the above proxy user is stored in CRYPT format
in FDS- is this  mismatch really supported ?

I can bind with the 'sunldap' user just fine from my linux hosts using
ldapsearch.

suggestions?



--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux