[Freeipa-users] OS X Yosemite unable to authenticate

[Cal Sawyer]

Hi, all

I'm attempting to set up LDAP auth (against IPA server 4.10) from a OSX 
10.10.5 (Yosemite) client

Using the excellent instructions at 
http://linsec.ca/Using_FreeIPA_for_User_Authentication#Mac_OS_X_10.7.2F10.8%20%22Linsec.ca%20tutorial%20for%20connecting%20Mac%20OS%2010.7%20to%20IPA%20Server, 
I've populated the specified files, d/l'd the cert, am able to configure 
Users and Groups objects/attribs and browse both from within OSX's 
Directory Utility.    ldapsearch similarly returns the expected results.

In spite of this, i'm unable to authenticate as any IPA-LDAP user on 
this system

dirsrv log on the ipa master shows no apparent errors - remote auth 
attempts exit with "RESULT err=0 tag=101 nentries=1 etime=0", but tell 
the truth, there so much stuff there and being rather inexperienced with 
LDAP diags i might easily be missing something in the details

The linsec.ca instructions were written in the 10.7-10.8 era so 
something may have changed since.  Having said that, we've had no 
problems authenticating against our existing OpenLDAP server (which IPA 
is slated to replace) right up to 10.10.5 with no zero to our Directory 
Utility setup.

Hoping someone here has some contemporary experience with OSX and IPA 
and for whom this issue rings a bell?

many thanks

Cal Sawyer | Systems Engineer | BlueBolt Ltd
15-16 Margaret Street | London W1W 8RW
+44 (0)20 7637 5575 | www.blue-bolt.com