0

I have installed "389 directory server" on a CentOS6.5 server, with the setup-ds-admin.pl script. Then added 2 users from the '389-console', to "People" (setting their password from the GUI).

Now I'm trying to set another CentOS6.5 server as client. su <user> gets me in the new users' account. However, ssh user@machine request a password, but it doesn't accept the passwords I've set in the GUI.

How can I debug this?

Maybe it's related to the fact that I don't use TLS or LDAPS address?

I have tried running ldapwhoami, but it failed:

# ldapwhoami 
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
    additional info: SASL(-4): no mechanism available:

Is it normal?

Zvika
  • 233
  • 5
  • 10

1 Answers1

1

sssd doesn't support sending authentication information (ie passwords) in clear text - it expects ssl/tls or kerberos. There is a hack config to make it work - see http://www.linuxquestions.org/questions/linux-enterprise-47/rhel-6-ldap-now-requires-tls-843917/

Assuming you've set up /etc/openldap/ldap.conf correctly, adding a "-x" to the ldapwhoami command should work.

Andy
  • 1,111
  • 1
  • 7
  • 10