[Date Prev][Date Next] [Chronological] [Thread] [Top]


I've been tasked to get our directory services authenticating via a
biometric mechanism that only supports radius.  In searching this
list, it seems using PAM as a bridge to the radius server is the
only option, which means utilizing SASL.  After about 10 recompiles, i
found my problem with sasl (the /etc/sasldb file didn't exist), but i'm
still unable to get slapd to successfully authenticate with sasl.
using: ldapsearch -O none -D "cn=bougyman,dc=mycompany,dc=com"
i get
ldap_sasl_bind_s: Unknown error
  additional info: unable to get users secret
using: ldapsearch -O none -D "cn=bougyman,dc=mycompany,dc=com" -Y plain
i just get
ldap_sasl_bind_s: Unknown error
I tried something from the mailing list in my ldif of:
userpassword: {SASL}tjvanderp
but that didn't seem to work, it just encrypted that string and that's
what looks to be stored in userpassword for uid bougyman.
I have created the user secret using saslpasswd for both tjvanderp and
bougyman, so even if radius auth weren't working, sasldb authentication
should work, no?  What am I missing?
I"m lost on where to go from here, must've read 30 sasl threads on here
so far, none of them seem to be the howto I need.  Any help or pointer
to good documentation would be appreciated.

TJ Vanderpoel, GCIA GCIH