[Freeipa-users] Aix client configuration
Rob Crittenden
rcritten at redhat.com
Wed Jan 25 18:30:10 UTC 2012
Sylvain Angers wrote:
> Hello
> In our lab, we are testing latest ipa on redhat and we are now
> configuring/testing an IBM/AIX client 6.1
>
> Here is the ipa server command that we used
> *ipa-server-install -a ipa123 --hostname=mtl-ipa01d.cnppd.lab -n
> cnppd.lab -p ldap123 -r CNPPD.LAB *
>
> We are following your documentation for AIX client and have some issue
> getting through the step
>
> we had to install these fileset and we still fight modcrypt
>
> lslpp -L | grep idsldap
> idsldap.clt32bit61.rte 6.1.0.34 C F Directory Server - 32 bit
> idsldap.clt64bit61.rte 6.1.0.34 C F Directory Server - 64 bit
> idsldap.cltbase61.adt 6.1.0.34 C F Directory Server -
> Base Client
> idsldap.cltbase61.rte 6.1.0.34 C F Directory Server -
> Base Client
>
>
> lslpp -L | grep krb
> krb5.client.rte 1.5.0.2 C F Network
> Authentication Service
> krb5.client.samples 1.5.0.2 C F Network
> Authentication Service
> krb5.doc.en_US.html 1.5.0.2 C F Network Auth Service HTML
> krb5.doc.en_US.pdf 1.5.0.2 C F Network Auth Service PDF
> krb5.lic 1.5.0.2 C F Network
> Authentication Service
> krb5.msg.en_US.client.rte 1.5.0.2 C F Network Auth Service
> Client
> krb5.server.rte 1.5.0.2 C F Network
> Authentication Service
>
> ww did run the mksecldap command, as follow
>
> *mksecldap -c -h mtl-ipa01d.cnppd.lab -d cn=accounts,dc=cnppd,dc=lab -a
> uid=nss,cn=sysaccounts,cn=etc,dc=cnppd,dc=lab -p abc123*
>
> and we got : Invalid bind DN or bind passwd. Client presetup check failed.
>
> Do we need to customize further this command if so, what are we missing?
> also as we have not yet succeed to make modcrypt works on our AIX 6.1,
> we wonder if we will need (temporary) to do some ldapmodify on the ipa
> server to disable ssl?
>
> Thank you for your assistance!
Did you create the entry uid=nss,cn=sysaccounts,cn=etc,... ?
You can test that the password is correct independently with ldapsearch
and the 389-ds access log may have additional information on the bind
failure.
rob
More information about the Freeipa-users
mailing list