[Freeipa-users] Aix client configuration

Sylvain Angers sylvainangers at gmail.com
Wed Jan 25 21:58:42 UTC 2012 

2012/1/25 Rob Crittenden <rcritten at redhat.com>

> Sylvain Angers wrote:
>
>> Hello
>> In our lab, we are testing latest ipa  on redhat  and we are now
>> configuring/testing  an IBM/AIX client 6.1
>>
>> Here is the ipa server command that we used
>> *ipa-server-install -a ipa123 --hostname=mtl-ipa01d.cnppd.**lab -n
>> cnppd.lab -p ldap123 -r CNPPD.LAB *
>>
>>
>> We are following your documentation for AIX client and have some issue
>> getting through the step
>>
>> we had to install  these fileset and we still fight modcrypt
>>
>> lslpp -L | grep idsldap
>>  idsldap.clt32bit61.rte    6.1.0.34    C     F    Directory Server - 32
>> bit
>>  idsldap.clt64bit61.rte    6.1.0.34    C     F    Directory Server - 64
>> bit
>>  idsldap.cltbase61.adt     6.1.0.34    C     F    Directory Server -
>> Base Client
>>  idsldap.cltbase61.rte     6.1.0.34    C     F    Directory Server -
>> Base Client
>>
>>
>> lslpp -L | grep krb
>>  krb5.client.rte            1.5.0.2    C     F    Network
>> Authentication Service
>>  krb5.client.samples        1.5.0.2    C     F    Network
>> Authentication Service
>>  krb5.doc.en_US.html        1.5.0.2    C     F    Network Auth Service
>> HTML
>>  krb5.doc.en_US.pdf         1.5.0.2    C     F    Network Auth Service PDF
>>  krb5.lic                   1.5.0.2    C     F    Network
>> Authentication Service
>>  krb5.msg.en_US.client.rte  1.5.0.2    C     F    Network Auth Service
>> Client
>>  krb5.server.rte            1.5.0.2    C     F    Network
>> Authentication Service
>>
>> ww did run the  mksecldap command, as follow
>>
>> *mksecldap -c -h mtl-ipa01d.cnppd.lab -d cn=accounts,dc=cnppd,dc=lab -a
>> uid=nss,cn=sysaccounts,cn=etc,**dc=cnppd,dc=lab -p abc123*
>>
>>
>> and we got : Invalid bind DN or bind passwd.  Client presetup check
>> failed.
>>
>> Do we need to customize further this command if so, what are we missing?
>> also as we have not yet succeed to make modcrypt works on our AIX 6.1,
>> we wonder if  we will need (temporary) to do some ldapmodify on the ipa
>> server to disable ssl?
>>
>> Thank you for your assistance!
>>
>
> Did you create the entry uid=nss,cn=sysaccounts,cn=etc,**... ?
>
> You can test that the password is correct independently with ldapsearch
> and the 389-ds access log may have additional information on the bind
> failure.
>
> rob
>
Hello Rob,

All I see at the moment is
uid=sudo,cn=sysaccounts,cn=etc,dc=cnppd,dc=lab
uid=kdc,cn=sysaccounts,cn=etc,dc=cnppd,dc=lab

whenever I create new users, it get under

uid=nss,cn=users,cn=accounts,dc=cnppd,dc=lab

How do we create uid=nss,cn=sysaccounts,cn=etc,**dc=cnppd,dc=lab ?

is this something we have to manually do via ldapadd?
about the nss password will the ldapadd be part of the command?

Thanks

-- 
Sylvain Angers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120125/ffaba753/attachment.htm>

More information about the Freeipa-users mailing list