Dear people, I try to follow the IBM redpaper about " Securing Linux with a Central z/OS LDAP Server (RACF)". But after about some days trying/reading/websurfing I am not succesfull with it.
On the z/OS RACF part I can see some (re)action by tracing the startedtask LDAPSRV. I can see a user binds to the ldapserver, does a search filter for a specific user, the one who wants to log in the linux system and at the end returns the message: "backend routine NOT successful, rc=53". The user who wants to log into the Linux system has an OMVS segment, which should be checked for access to a LINUX guest. At first the Linux message log reported: pam_ldap: ldap_search_s Internal (implementation specific) error. And does not make a connection to z/OS racf. Tracing the started task LDAPSRV has no result. Nothing appears in trace log. After installation of the nss_ldap module at the linux site. Messages appear in the trace log of the started task. But a succesfull login was not possible. This time the Linux message log reported: nss_ldap:could not search LDAP serverv - Server is unwilling to perform. Our configuration is a SuSe Linux 8 (64 bit) server under VM and a z/OS 1.4 RACF implementation. The LDAP server is running under z/OS 1.4 and when i do a ldapsearch from the Linux server or e.g a windows machine I am allowed to retrieve information from the RACF database: ldapsearch -h 10.10.120.1 -D racfid=p02864,profiletype=user,sysplex=mvs1,o=kasbank -W -s base -b "racfid=p00900,profiletype=user,sysplex=mvs1,o=kasbank" -d -v -x An important option, I think, in above syntax is -x with stands for simple authentication (no SASL). I tried to translate this option in the ldap.conf configuration file with "sasl_secprops none". Is anyone familliar with these problems and knows how to solve them or has anyone a more specific installation procedure for this implementation? Kind regards, Arjen Neij email: [EMAIL PROTECTED] ********************************************************************** Disclaimer The information contained in this message is intended only for the person or entity to whom it is addressed and may contain confidential and/or privacy sensitive information. If you are not the addressee of this message, you may not use, distribute or disclose this information in any way. If you have received this message mistakenly, please notify us immediately and destroy this message forthwith. KAS BANK N.V. does not guarantee that the information contained in this message will be correctly or entirely received by the recipient. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
