Re: Apple OS X 10.5 question | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
Mahalo nui loa (Thank you) John Call On Feb 28, 2008, at 6:00 AM, dandantheitman wrote:
On 28/02/2008, Jonathan Barber <j.barber@xxxxxxxxxxxx> wrote:On Wed, Feb 27, 2008 at 04:42:12PM -1000, John Call wrote:Aloha list, My university has been authenticating Mac OS X 10.4 clients to FDS1.04 for about a year now. Things have been working great, as long as we keep an eye on the external SASL mechanisms. However, now that ourstaff is deploying the new OS X 10.5 things aren't working. To the best of our knowledge we have maintained the same client LDAP configuration from 10.4 to 10.5, but the Apple clients refuse to authenticate. Has anybody else experienced this?Are you doing SSL to the ldap? If so, check the clientside SSLverification. I'm not big on the different Mac OS X versions, so can't say when it occured, but for one of the revisions we did see the default openldap SSL verification change from "never" to "demand" on the clients.I don't think we found a GUI widget to config this behaviour, but you can via /etc/openldap/ldap.conf like linux.Jonathon is 100% correct. Starting with OSX Leopard the ldap client was 'locked down' to make it more secure out of the box. The TLS_REQCERT = never was revised to TLS_REQCERT = demand. You either need to make the change on each client in /etc/openldap/ldap.conf to reset it back to its previous state or you shall need to do the following: (01) Copy the cert to the client /etc/openldap/certs (02) Add the following line to /etc/openldap/ldap.conf: TLS_CACERT /etc/openldap/certs/bright.newshinycert.com Dan -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Fedora Directory Devel] [Fedora Announce] [Fedora Legacy Announce] [Home] [Fedora Tools] [Kernel] [Fedora Legacy] [Share Photos] [Fedora Desktop] [PAM] [Red Hat Watch] [Red Hat Development] [Red Hat 9 Bible] [Red Hat 9] [Big List of Linux Books] [Gimp] [Yosemite News]