On 01/26/12 15:11 -0800, Chastity Blackwell wrote:
On Thu, 2012-01-26 at 17:38 -0500, Howard Chu wrote:
So what should the userPassword attribute be set to? I assumed it should
be {SASL}chas@KRBTEST -- is that correct? I just want to make sure I'm
on the right track there.
Try:
{SASL}chas
On
On Fri, 2012-01-27 at 10:30 -0500, Dan White wrote:
On 01/26/12 15:11 -0800, Chastity Blackwell wrote:
On Thu, 2012-01-26 at 17:38 -0500, Howard Chu wrote:
So what should the userPassword attribute be set to? I assumed it should
be {SASL}chas@KRBTEST -- is that correct? I just want to make
On 01/27/12 10:43 -0800, Chastity Blackwell wrote:
Huh...well, what do you know, that works. Why is that though? I thought
you had to specify a realm for it to work?
Whether or not you use a realm is up to you. If you have multiple kerberos
realms, then you're going to need to specify one.
On Fri, 2012-01-27 at 14:56 -0500, Dan White wrote:
On 01/27/12 10:43 -0800, Chastity Blackwell wrote:
Huh...well, what do you know, that works. Why is that though? I thought
you had to specify a realm for it to work?
Whether or not you use a realm is up to you. If you have multiple kerberos
On Wed, 2012-01-25 at 17:16 -0500, Dan White wrote:
Verify (with netstat) that saslauthd is listening on '/var/run/sasl2/mux',
and verify the user/group that slapd is running under has permissions to
access /var/run/sasl2.
The permissions on /var/run/saslauthd look fine to me -- when I run
On 01/26/12 11:43 -0800, Chastity Blackwell wrote:
On Wed, 2012-01-25 at 17:16 -0500, Dan White wrote:
Verify (with netstat) that saslauthd is listening on '/var/run/sasl2/mux',
and verify the user/group that slapd is running under has permissions to
access /var/run/sasl2.
The permissions on
On Thu, 2012-01-26 at 15:23 -0500, Dan White wrote:
That indicates a mistake in your /etc/sasl2/slapd.conf, which should have:
saslauthd_path: /var/run/saslauthd/mux
not /var/run/sasl2/mux
Well, now I just feel like an idiot. :) That did move things along a
bit, though now I'm getting this
On 26.01.2012 22:53, Chastity Blackwell wrote:
On Thu, 2012-01-26 at 15:23 -0500, Dan White wrote:
That indicates a mistake in your /etc/sasl2/slapd.conf, which should have:
saslauthd_path: /var/run/saslauthd/mux
not /var/run/sasl2/mux
Well, now I just feel like an idiot. :) That did move
Raffael Sahli wrote:
On 26.01.2012 22:53, Chastity Blackwell wrote:
On Thu, 2012-01-26 at 15:23 -0500, Dan White wrote:
That indicates a mistake in your /etc/sasl2/slapd.conf, which should have:
saslauthd_path: /var/run/saslauthd/mux
not /var/run/sasl2/mux
Well, now I just feel like an
On Thu, 2012-01-26 at 17:38 -0500, Howard Chu wrote:
Raffael Sahli wrote:
No, authz-regexp is to map a sasl dn to a real user account in your ldap
directory.
But your user is c...@test.com with a realm named test.com, your
userPassword should be {SASL}chas@KRBTEST
What the heck are
On 01/25/12 12:14 -0800, Chastity Blackwell wrote:
I've made a lot of progress, but I've run into a wall. Kerberos and LDAP
are working in my testbed, and I can kinit and do an ldapwhoami no
problem. testsaslauthd also gives me a success when I run it. However,
What does your testsaslauthd
Chastity Blackwell wrote:
On Thu, 2012-01-26 at 17:38 -0500, Howard Chu wrote:
Raffael Sahli wrote:
No, authz-regexp is to map a sasl dn to a real user account in your ldap
directory.
But your user is c...@test.com with a realm named test.com, your
userPassword should be {SASL}chas@KRBTEST
On Thu, 2012-01-26 at 18:40 -0500, Howard Chu wrote:
Does kinit work for your chas@KRBTEST user? Judging from what you've pasted
here, I don't think it should. Get your basic Kerberos installation working
first. Take things one step at a time.
It does:
[chas@ldapsandbox log]$ ldapwhoami
Woops. I should point out that this:
[domain_realm]
.agkn.net = KRBTEST
agkn.net = KRBTEST
should be this, to match my other examples:
[domain_realm]
.test.com = KRBTEST
test.com = KRBTEST
Bit of a sanitization fail there. :)
On Thu, 2012-01-26 at 18:17 -0500, Dan White wrote:
What does your testsaslauthd command look like? Are you passing a '-u
u...@example.com', or a '-r example.com', or both?
[chas@ldapsandbox ~]$ /usr/sbin/testsaslauthd -u chas -p test -s ldap
0: OK Success.
What is your default kerberos
Chastity Blackwell wrote:
On Thu, 2012-01-26 at 18:40 -0500, Howard Chu wrote:
Does kinit work for your chas@KRBTEST user? Judging from what you've pasted
here, I don't think it should. Get your basic Kerberos installation working
first. Take things one step at a time.
It does:
On Thu, 2012-01-26 at 19:27 -0500, Howard Chu wrote:
Seems like it's working for the wrong reasons, then. Your krb5.conf:
[realms]
AKTEST = {
kdc = ldapsandbox.test.com:88
admin_server = ldapsandbox.test.com:749
default_domain = test.com
You defined a kdc for an AKTEST realm;
For the last two weeks I have been on a sojourn through the wonderful
world of LDAP, Kerberos, and SASL, which has had me banging my head
against the desk more often than not. Today I'm finally crying uncle and
asking for some help.
We're running Centos 5.4, currently with OpenLDAP for user info
On 01/25/12 12:14 -0800, Chastity Blackwell wrote:
For the last two weeks I have been on a sojourn through the wonderful
world of LDAP, Kerberos, and SASL, which has had me banging my head
against the desk more often than not. Today I'm finally crying uncle and
asking for some help.
19 matches
Mail list logo
