[Fedora-directory-users] solaris8 simple auth
Doug Chapman
prjctgeek at gmail.com
Fri Aug 10 23:50:06 UTC 2007
Thanks !
Removing the special characters from my password caused it to start
working- I guess using dollar signs for your proxy account isn't
supported (bug in solaris client?)
On 8/10/07, George Holbert <gholbert at broadcom.com> wrote:
> >
> > How do I verify that the NS1 crypt is correct outside of the solaris
> > client (or ldap_gen_profile)?
>
> Don't know... I've only ever seen {NS1} with Solaris' LDAP client.
> Anyone know more about this hash, and what other tools can work with it?
>
> > The password in FDS for the above proxy user is stored in CRYPT format
> > in FDS- is this mismatch really supported ?
>
> Yes. The NS1 hash is really just to obscure the password in the
> ldap_client_cred file. When doing a simple bind, it is reversed and
> transmitted as clear text.
>
>
> > suggestions?
>
> Try putting the password cleartext directly in your ldap_client_cred
> file. Maybe there was a typo when generating the NS1 hash?
>
> e.g.:
>
> NS_LDAP_BINDPASSWD= the-password
>
>
> Then restart Solaris' ldapclient.
>
>
>
>
> Doug Chapman wrote:
> > I'm looking for troubleshooting advice- hope someone has some insight
> > I can borrow.
> >
> > Trying to get a Solaris8 client (with the latest ldap patchcluster) to
> > do simple authentication against FDS.
> > When setup for anonymous auth, I'm able to do ldap list just fine:
> >
> > # ldaplist -l passwd tester
> > dn: cn=test user,ou=People,dc=corp,dc=example,dc=com
> > givenName: test
> > sn: user
> > loginShell: /bin/bash
> > gidNumber: 1024
> > uidNumber: 5351
> > mail: tester at example.com
> > objectClass: person
> > objectClass: organizationalPerson
> > objectClass: inetOrgPerson
> > objectClass: posixAccount
> > objectClass: top
> > uid: tester
> > gecos: test user
> > cn: test user
> > homeDirectory: /nethome/tester
> >
> >
> > When setup for simple auth (and that's all I've changed), I'm seeing
> > error 49 (invalid credentials) in the FDS logs:
> >
> > [10/Aug/2007:14:45:02 -0700] conn=25532 fd=65 slot=65 connection from
> > 172.20.100.85 to 172.20.200.125
> > [10/Aug/2007:14:45:02 -0700] conn=25532 op=0 BIND
> > dn="cn=sunldap,ou=profile,dc=corp,dc=example,dc=com" method=128
> > version=3
> > [10/Aug/2007:14:45:02 -0700] conn=25532 op=0 RESULT err=49 tag=97
> > nentries=0 etime=0
> > [10/Aug/2007:14:45:02 -0700] conn=25532 op=1 UNBIND
> > [10/Aug/2007:14:45:02 -0700] conn=25532 op=1 fd=65 closed - U1
> >
> > Here's my /var/ldap/ldap_client_cred file
> > NS_LDAP_BINDDN= cn=sunldap,ou=profile,dc=corp,dc=example,dc=com
> > NS_LDAP_BINDPASSWD= {NS1}8cf5886bf25241a5a5045e
> >
> > How do I verify that the NS1 crypt is correct outside of the solaris
> > client (or ldap_gen_profile)?
> >
> > The password in FDS for the above proxy user is stored in CRYPT format
> > in FDS- is this mismatch really supported ?
> >
> > I can bind with the 'sunldap' user just fine from my linux hosts using
> > ldapsearch.
> >
> > suggestions?
> >
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
More information about the Fedora-directory-users
mailing list