[Freeipa-users] Aix client configuration

Rob Crittenden rcritten at redhat.com
Wed Jan 25 18:30:10 UTC 2012 

Sylvain Angers wrote:
> Hello
> In our lab, we are testing latest ipa  on redhat  and we are now
> configuring/testing  an IBM/AIX client 6.1
>
> Here is the ipa server command that we used
> *ipa-server-install -a ipa123 --hostname=mtl-ipa01d.cnppd.lab -n
> cnppd.lab -p ldap123 -r CNPPD.LAB *
>
> We are following your documentation for AIX client and have some issue
> getting through the step
>
> we had to install  these fileset and we still fight modcrypt
>
> lslpp -L | grep idsldap
>   idsldap.clt32bit61.rte    6.1.0.34    C     F    Directory Server - 32 bit
>   idsldap.clt64bit61.rte    6.1.0.34    C     F    Directory Server - 64 bit
>   idsldap.cltbase61.adt     6.1.0.34    C     F    Directory Server -
> Base Client
>   idsldap.cltbase61.rte     6.1.0.34    C     F    Directory Server -
> Base Client
>
>
> lslpp -L | grep krb
>   krb5.client.rte            1.5.0.2    C     F    Network
> Authentication Service
>   krb5.client.samples        1.5.0.2    C     F    Network
> Authentication Service
>   krb5.doc.en_US.html        1.5.0.2    C     F    Network Auth Service HTML
>   krb5.doc.en_US.pdf         1.5.0.2    C     F    Network Auth Service PDF
>   krb5.lic                   1.5.0.2    C     F    Network
> Authentication Service
>   krb5.msg.en_US.client.rte  1.5.0.2    C     F    Network Auth Service
> Client
>   krb5.server.rte            1.5.0.2    C     F    Network
> Authentication Service
>
> ww did run the  mksecldap command, as follow
>
> *mksecldap -c -h mtl-ipa01d.cnppd.lab -d cn=accounts,dc=cnppd,dc=lab -a
> uid=nss,cn=sysaccounts,cn=etc,dc=cnppd,dc=lab -p abc123*
>
> and we got : Invalid bind DN or bind passwd.  Client presetup check failed.
>
> Do we need to customize further this command if so, what are we missing?
> also as we have not yet succeed to make modcrypt works on our AIX 6.1,
> we wonder if  we will need (temporary) to do some ldapmodify on the ipa
> server to disable ssl?
>
> Thank you for your assistance!

Did you create the entry uid=nss,cn=sysaccounts,cn=etc,... ?

You can test that the password is correct independently with ldapsearch 
and the 389-ds access log may have additional information on the bind 
failure.

rob

More information about the Freeipa-users mailing list