[Freeipa-users] OS X Yosemite unable to authenticate
John Obaterspok
john.obaterspok at gmail.com
Mon Dec 21 06:50:43 UTC 2015
Hi Cal,
Does a kinit work from a terminal? Does it work if you use "kinit user" or
just if you use "kinit user at REALM.suffix"
-- john
2015-12-20 15:09 GMT+01:00 Cal Sawyer <cal-s at blue-bolt.com>:
> Hi, all
>
> I'm attempting to set up LDAP auth (against IPA server 4.10) from a OSX
> 10.10.5 (Yosemite) client
>
> Using the excellent instructions at
> http://linsec.ca/Using_FreeIPA_for_User_Authentication#Mac_OS_X_10.7.2F10.8%20%22Linsec.ca%20tutorial%20for%20connecting%20Mac%20OS%2010.7%20to%20IPA%20Server,
> I've populated the specified files, d/l'd the cert, am able to configure
> Users and Groups objects/attribs and browse both from within OSX's
> Directory Utility. ldapsearch similarly returns the expected results.
>
> In spite of this, i'm unable to authenticate as any IPA-LDAP user on this
> system
>
> dirsrv log on the ipa master shows no apparent errors - remote auth
> attempts exit with "RESULT err=0 tag=101 nentries=1 etime=0", but tell the
> truth, there so much stuff there and being rather inexperienced with LDAP
> diags i might easily be missing something in the details
>
> The linsec.ca instructions were written in the 10.7-10.8 era so something
> may have changed since. Having said that, we've had no problems
> authenticating against our existing OpenLDAP server (which IPA is slated to
> replace) right up to 10.10.5 with no zero to our Directory Utility setup.
>
> Hoping someone here has some contemporary experience with OSX and IPA and
> for whom this issue rings a bell?
>
> many thanks
>
> Cal Sawyer | Systems Engineer | BlueBolt Ltd
> 15-16 Margaret Street | London W1W 8RW
> +44 (0)20 7637 5575 | www.blue-bolt.com
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151221/5378e6ad/attachment.htm>
More information about the Freeipa-users
mailing list