Hi!
We are running an OpenLDAP server on Debian Stable. It works very well so far, using more than 20 Linux clients. However, we now also have got a couple of Mac clients that are supposed to use the server. I have set the Mac clients (OS X 10.5.6) to use our LDAP server, using the Directory Utility. That utility is set to use a RFC 2307 server, with our LDAP's IP and the correct base name. After that I can "sudo su" to any LDAP user, also call "id" for any LDAP user, log in via SSH + key to LDAP user, but NOT authenticate via password. I.e. interactive logins or password based SSH logins are NOT possible. It seems the password authentication against LDAP is not working. What I find in /var/log/secure.log is the following:
May 6 17:46:38 mymac authorizationhost[70401]: Failed to authenticate user MyLDAPUser (tDirStatus: -14090).
Any ideas what might be going wrong here? Where should I look?
Cheers,
Arne
Am 06.05.2009 um 17:47 schrieb Arne Schmitz:
We are running an OpenLDAP server on Debian Stable. It works very well so far, using more than 20 Linux clients. However, we now also have got a couple of Mac clients that are supposed to use the server. I have set the Mac clients (OS X 10.5.6) to use our LDAP server, using the Directory Utility. That utility is set to use a RFC 2307 server, with our LDAP's IP and the correct base name. After that I can "sudo su" to any LDAP user, also call "id" for any LDAP user, log in via SSH + key to LDAP user, but NOT authenticate via password. I.e. interactive logins or password based SSH logins are NOT possible. It seems the password authentication against LDAP is not working. What I find in /var/log/secure.log is the following:
May 6 17:46:38 mymac authorizationhost[70401]: Failed to authenticate user MyLDAPUser (tDirStatus: -14090).
Is really noone here using OS X with an OpenLDAP server? Any hints are welcome...
Cheers,
Arne
On Mon, May 11, 2009 at 09:04:41AM +0200, Arne Schmitz wrote:
Is really noone here using OS X with an OpenLDAP server? Any hints are welcome...
Do you use SSL? SSL with CRL? In my experience, MacOS X clients will just not work with CRL is enabled.
Am 11.05.2009 um 11:20 schrieb Emmanuel Dreyfus:
On Mon, May 11, 2009 at 09:04:41AM +0200, Arne Schmitz wrote:
Is really noone here using OS X with an OpenLDAP server? Any hints are welcome...
Do you use SSL? SSL with CRL? In my experience, MacOS X clients will just not work with CRL is enabled.
No, we use no SSL at all, just a very basic setup.
Arne
openldap-technical@openldap.org
-
Arne Schmitz -
Emmanuel Dreyfus