Problem with sasl authentification from SuSE Clients to AD

help-gsasl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Problem with sasl authentification from SuSE Clients to AD

From:	Andreas Bauer
Subject:	Problem with sasl authentification from SuSE Clients to AD
Date:	Thu, 29 Dec 2005 01:23:16 -0000

Hello NG,
hope, I'm right in this NG and get help.
I have a well acting LDAP network with AD/2003 LDAP Server,
SuSE 9.3 Fileserver for Shares and SuSE Homes, and Xp  and SuSE 10.0
clients. If I switch in the /etc/ldap.conf to SASL, there is no sign-on
possible against the AD of the SuSE clients. I have installed Cyrus-SASL and
gssapi as rpm packages from SuSE 10.0 distribution. I thought it is no more
SASL configuration and maintenance necessary as a few lines in
/etc/ldap.conf, but..........
My logs from the SuSE client after executing "getent passwd" on the
commandline:
Dec 29 01:50:25 amd10 getent: GSSAPI Error: An invalid name was supplied
(Cannot determine realm for numeric host address)
Dec 29 01:50:25 amd10 getent: nss_ldap: ldap_sasl_interactive_bind_s
returned -2 (Local error)
Dec 29 01:51:00 amd10 nscd: GSSAPI Error: An invalid name was supplied
(Cannot determine realm for numeric host address)

And the /etc/ldap.conf for sasl-configuration:
host    Ip of the LDAP Server
base    dc=ldap,dc=smb
binddn  cn=dirsearch,cn=Users,dc=ldap,dc=smb
bindpw  password
scope   sub
use_sasl  on
sasl_authcid  sample/address@hidden     
nss_base_passwd cn=Users,dc=ldap,dc=smb?sub
nss_base_shadow cn=Users,dc=ldap,dc=smb?sub
nss_base_group  cn=Users,dc=ldap,dc=smb?sub
nss_map_objectclass     posixAccount user
nss_map_objectclass     shadowAccount user
nss_map_attribute       uid sAMAccountName
nss_map_attribute       uidNumber msSFU30UidNumber
nss_map_attribute       gidNumber msSFU30GidNumber
nss_map_attribute       loginShell msSFU30LoginShell
nss_map_attribute       gecos name
nss_map_attribute       userPassword msSFU30Password
nss_map_attribute       homeDirectory msSFU30HomeDirectory
nss_map_objectclass     posixGroup Group
nss_map_attribute       uniqueMember msSFU30PosixMember
nss_map_attribute       cn cn
pam_login_attribute     sAMAccountName
pam_filter      objectclass=user
ldap_version    3
pam_password    crypt
pam_filter      objectclass=posixAccount
pam_member_attribute    msSFU30PosixMember
pam_groupdn cn=unixusergroup,dc=ldap,dc=smb
pam_password    AD
ssl=start_tls

[Prev in Thread]

Current Thread

[Next in Thread]

Problem with sasl authentification from SuSE Clients to AD, Andreas Bauer <=
- Re: Problem with sasl authentification from SuSE Clients to AD, Simon Josefsson, 2006/03/25

Prev by Date: GSASL 0.2.12
Next by Date: Re: Problem with sasl authentification from SuSE Clients to AD
Previous by thread: GSASL 0.2.12
Next by thread: Re: Problem with sasl authentification from SuSE Clients to AD
Index(es):
- Date
- Thread