LDAP client config GSSAPI

Thread Tools Search this Thread
Operating Systems Solaris LDAP client config GSSAPI
# 1  
Old 01-25-2011
LDAP client config GSSAPI

Configure ldap client:
I have configured my ldapclient with the AuthenticationMethod=simple and with the credentialLevel=proxy. However, as soon as i want to set the AuthenticationMethod=sasl/GSSAPI, and credentiallevel=self, then it fails to configure. Kerberos is already setup successfully. The ldapclient is also online with the svcs -a output

I would appreciate any suggestions to overcome this problem.
Henk Trumpie
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

LDAP Client not connecting to LDAP server

I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful. The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies

2. AIX

AIX 5.2 ldap client AD

I have been able to configure on an AIX 5.2 ldap.cfg so service starts correctly. but when I try to log on with a windows user after entering the password login hangs and get no response. I have set it up on Aix 5.3 with no problem but in Aix 5.2 I have not been able to log in. ldap.cfg... (1 Reply)
Discussion started by: laxtnog
1 Replies

3. HP-UX

Ldap sasl gssapi

I have installed all packages required(openldap,kerberos,cyrus-sasl) configured ldap.conf but when i did ldapsearch -Y gssapi return ldapsearch -Y gssapi -H ldap://ldapserver-d -1 cn=prova it did ldap_msgfree ldap_err2string ldap_sasl_interactive_bind_s: Unknown authentication method (-6)... (0 Replies)
Discussion started by: Linusolaradm1
0 Replies

4. HP-UX

Disable GSSAPI when using an FTP client?

We have two HP-UX machines, both are B.11.31. When I FTP from the HP-UX boxes to a remote IBM server,- HP-UX 1: Connected to xxxx. 220-FTPD1 IBM FTP CS V1R12 at R2, 12:24:39 on 2013-08-30. 220 Connection will close if idle for more than 15 minutes. Name (xxxx:user): HP-UX 2:... (2 Replies)
Discussion started by: CaptNemo
2 Replies

5. AIX

LDAP authentication client issue

Hi, I am trying to authenticate AIX server against a IDS LDAP instance. The AIX version is 6.1 and TDS client is 6.1. I configured the secldapclntd using ldap.cfg file and changed /etc/security/user to set SYSTEM=LDAP, registry=LDAP for one user. Below are the ldap.cfg configurations - ... (5 Replies)
Discussion started by: vs1
5 Replies

6. UNIX for Advanced & Expert Users

LDAP client issue

Hello, I'm new to Centos and to openldap. I am by trade a Solaris Admin. I'm experimenting with openldap and thought Linux would be easier to install and setup openldap on, so far this is true. The problem I'm having is that I can't get the client server to authenticate to the openldap server. I... (1 Reply)
Discussion started by: bitlord
1 Replies

7. Solaris

Empty LDAP client file

Hi All, I am getting one strange problem of empty LDAP_client_ file. There was one /var 100% overload issue few days back. After that we are observing this new issue. I got to know about similar issue SunSolve Bug ID 6495683 - “LDAP client files & cred files are deleted when /var is full”... (1 Reply)
Discussion started by: ailnilanjan
1 Replies

8. AIX

Where to download ldap.client lpp

Hello, I am trying to configure an AIX machina to authenticate against a Windows 2003 AD, and I am desesperately trying to find the ldap.client lpp in the internet. I am using AIX 5.3 and I don't have access to the DVD media, please help! Thankyou, Tiago (2 Replies)
Discussion started by: tiagoskid
2 Replies

9. Solaris

LDAP client config.

Hi Gurus I am a novice in LDAP and need to configure an LDAP client(Solaris 10). The client has to bind to an AD for LDAP queries. I have created a user called testbind in AD for binding purpose. I am planning to configure LDAP client manually(as the requirement is as such). This is the... (16 Replies)
Discussion started by: Renjesh
16 Replies

10. UNIX for Dummies Questions & Answers


Has anyone successfully authenticated unix users via Active Directory using LDAP client on AIX v5.2 or v5.3?? ldapsearch from our unix box retrieves info from AD but having trouble authenticating unix id when I logon - get a msg ': 3004-318 Error obtaining the user's password information'. Not... (0 Replies)
Discussion started by: DANNYC
0 Replies
Login or Register to Ask a Question
AUTOFS_LDAP_AUTH.CONF(5)					File Formats Manual					  AUTOFS_LDAP_AUTH.CONF(5)

autofs_ldap_auth.conf - autofs LDAP authentication configuration DESCRIPTION
LDAP authenticated binds, TLS encrypted connections and certification may be used by setting appropriate values in the autofs authentica- tion configuration file and configuring the LDAP client with appropriate settings. The default location of this file is /etc/autofs_ldap_auth.conf. If this file exists it will be used to establish whether TLS or authentication should be used. An example of this file is: <?xml version="1.0" ?> <autofs_ldap_sasl_conf usetls="yes" tlsrequired="no" authrequired="no" authtype="DIGEST-MD5" user="xyz" secret="abc" /> If TLS encryption is to be used the location of the Certificate Authority certificate must be set within the LDAP client configuration in order to validate the server certificate. If, in addition, a certified connection is to be used then the client certificate and private key file locations must also be configured within the LDAP client. OPTIONS
This files contains a single XML element, as shown in the example above, with several attributes. The possible attributes are: usetls="yes"|"no" Determines whether an encrypted connection to the ldap server should be attempted. tlsrequired="yes"|"no" This flag tells whether the ldap connection must be encrypted. If set to "yes", the automounter will fail to start if an encrypted connection cannot be established. authrequired="yes"|"no"|"autodetect"|"simple" This option tells whether an authenticated connection to the ldap server is required in order to perform ldap queries. If the flag is set to yes, only sasl authenticated connections will be allowed. If it is set to no then authentication is not needed for ldap server connections. If it is set to autodetect then the ldap server will be queried to establish a suitable sasl authentication mechanism. If no suitable mechanism can be found, connections to the ldap server are made without authentication. Finally, if it is set to simple, then simple authentication will be used instead of SASL. authtype="GSSAPI"|"LOGIN"|"PLAIN"|"ANONYMOUS"|"DIGEST-MD5|EXTERNAL" This attribute can be used to specify a preferred authentication mechanism. In normal operations, the automounter will attempt to authenticate to the ldap server using the list of supportedSASLmechanisms obtained from the directory server. Explicitly setting the authtype will bypass this selection and only try the mechanism specified. The EXTERNAL mechanism may be used to authenticate us- ing a client certificate and requires that authrequired set to "yes" if using SSL or usetls, tlsrequired and authrequired all set to "yes" if using TLS, in addition to authtype being set to EXTERNAL. If using authtype EXTERNAL two additional configuration entries are required: external_cert="<client certificate path>" This specifies the path of the file containing the client certificate. external_key="<client certificate key path>" This specifies the path of the file containing the client certificate key. These two configuration entries are mandatory when using the EXTERNAL method as the HOME environment variable cannot be assumed to be set or, if it is, to be set to the location we expect. user="<username>" This attribute holds the authentication identity used by authentication mechanisms that require it. Legal values for this attribute include any printable characters that can be used by the selected authentication mechanism. secret="<password>" This attribute holds the secret used by authentication mechanisms that require it. Legal values for this attribute include any printable characters that can be used by the selected authentication mechanism. encoded_secret="<base64 encoded password>" This attribute holds the base64 encoded secret used by authentication mechanisms that require it. If this entry is present as well as the secret entry this value will take precedence. clientprinc="<GSSAPI client principal>" When using GSSAPI authentication, this attribute is consulted to determine the principal name to use when authenticating to the di- rectory server. By default, this will be set to "autofsclient/<fqdn>@<REALM>. credentialcache="<external credential cache path>" When using GSSAPI authentication, this attribute can be used to specify an externally configured credential cache that is used dur- ing authentication. By default, autofs will setup a memory based credential cache. SEE ALSO
auto.master(5), AUTHOR
This manual page was written by Ian Kent <raven@themaw.net>. 19 Feb 2010 AUTOFS_LDAP_AUTH.CONF(5)

Featured Tech Videos