help-gsasl
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problem with sasl authentification from SuSE Clients to AD

From: Simon Josefsson
Subject: Re: Problem with sasl authentification from SuSE Clients to AD
Date: Sun, 26 Mar 2006 01:39:40 +0100
User-agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux) 
"Andreas Bauer" <address@hidden> writes:

> Hello NG,
> hope, I'm right in this NG and get help.

I am sorry for the slow response, your e-mail got stuck in the
moderators queue for a long time.

> I have a well acting LDAP network with AD/2003 LDAP Server,
> SuSE 9.3 Fileserver for Shares and SuSE Homes, and Xp  and SuSE 10.0
> clients. If I switch in the /etc/ldap.conf to SASL, there is no sign-on
> possible against the AD of the SuSE clients. I have installed Cyrus-SASL and

This list is about GNU SASL, and if you are using Cyrus SASL you
should try to ask on their mailing list.

Good luck,
Simon

> gssapi as rpm packages from SuSE 10.0 distribution. I thought it is no more
> SASL configuration and maintenance necessary as a few lines in
> /etc/ldap.conf, but..........
> My logs from the SuSE client after executing "getent passwd" on the
> commandline:
> Dec 29 01:50:25 amd10 getent: GSSAPI Error: An invalid name was supplied
> (Cannot determine realm for numeric host address)
> Dec 29 01:50:25 amd10 getent: nss_ldap: ldap_sasl_interactive_bind_s
> returned -2 (Local error)
> Dec 29 01:51:00 amd10 nscd: GSSAPI Error: An invalid name was supplied
> (Cannot determine realm for numeric host address)
>
> And the /etc/ldap.conf for sasl-configuration:
> host  Ip of the LDAP Server
> base  dc=ldap,dc=smb
> binddn        cn=dirsearch,cn=Users,dc=ldap,dc=smb
> bindpw        password
> scope sub
> use_sasl  on
> sasl_authcid  sample/address@hidden   
> nss_base_passwd       cn=Users,dc=ldap,dc=smb?sub
> nss_base_shadow       cn=Users,dc=ldap,dc=smb?sub
> nss_base_group        cn=Users,dc=ldap,dc=smb?sub
> nss_map_objectclass   posixAccount user
> nss_map_objectclass   shadowAccount user
> nss_map_attribute     uid sAMAccountName
> nss_map_attribute     uidNumber msSFU30UidNumber
> nss_map_attribute     gidNumber msSFU30GidNumber
> nss_map_attribute     loginShell msSFU30LoginShell
> nss_map_attribute     gecos name
> nss_map_attribute     userPassword msSFU30Password
> nss_map_attribute     homeDirectory msSFU30HomeDirectory
> nss_map_objectclass   posixGroup Group
> nss_map_attribute     uniqueMember msSFU30PosixMember
> nss_map_attribute     cn cn
> pam_login_attribute   sAMAccountName
> pam_filter    objectclass=user
> ldap_version  3
> pam_password  crypt
> pam_filter    objectclass=posixAccount
> pam_member_attribute  msSFU30PosixMember
> pam_groupdn cn=unixusergroup,dc=ldap,dc=smb
> pam_password  AD
> ssl=start_tls
reply via email to
[Prev in Thread] Current Thread [Next in Thread]