[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: New york city high school needs help with macs that won't play with linux server



I am trying the same thing using solaris backend.
I do not think the macos x ldap v3 plugin will do sasl gssapi (has not worked for me).
Instead I am approaching it using saslauthd with kerberos 5 method over ssl.
openldap is very picky about mechanisms so be sure you set your sasl-secprops none in slapd.conf and SASL_SECPROPS none in your client's /etc/openldap/ldap.conf
If you are not worried about anonymous binds (running only ldaps should not be a problem) then you should be ok. I can share my config files for what they are worth if you like.
My problem is getting the access rules right so users can login but not read other users directory entries.



P. Robert Marino wrote:

I need help
I have a SuSE 8.2 Linux server with openldap 2.1.12, Heimdal kerberos 0.4e, Cyrus SASL2, and openldap.
I created an LDAP 3 server it works flawlessly.
I connected my Linux lab to it and all of my Linux boxes are connecting fine with tls encryption and kerberos 5 via gssapi.
here is the problem I have 180 Mac OS X 10.2.x Ibooks and they just wont connect or give me useable error logs. I will have to get them connected in the next two weeks before we start handing them out to students to use them in their classes.
I can get kerberos tickets on the ibooks from the heimdal server using kinit. I just cant get them to connect to my ldap server

-- Everette Gray Allen Systems Programmer II ITD Computing Services Macintosh Support Specialist 2620 Hillsborough St, Campus Box 7109 Raleigh, NC 27695-7109 919-515-4558 Everette_Allen@ncsu.edu