Sylvain Angers wrote:
Hello
In our lab, we are testing latest ipa on redhat and we are now
configuring/testing an IBM/AIX client 6.1
Here is the ipa server command that we used
*ipa-server-install -a ipa123 --hostname=mtl-ipa01d.cnppd.lab -n
cnppd.lab -p ldap123 -r CNPPD.LAB *
We are following your documentation for AIX client and have some issue
getting through the step
we had to install these fileset and we still fight modcrypt
lslpp -L | grep idsldap
idsldap.clt32bit61.rte 6.1.0.34 C F Directory Server - 32 bit
idsldap.clt64bit61.rte 6.1.0.34 C F Directory Server - 64 bit
idsldap.cltbase61.adt 6.1.0.34 C F Directory Server -
Base Client
idsldap.cltbase61.rte 6.1.0.34 C F Directory Server -
Base Client
lslpp -L | grep krb
krb5.client.rte 1.5.0.2 C F Network
Authentication Service
krb5.client.samples 1.5.0.2 C F Network
Authentication Service
krb5.doc.en_US.html 1.5.0.2 C F Network Auth Service HTML
krb5.doc.en_US.pdf 1.5.0.2 C F Network Auth Service PDF
krb5.lic 1.5.0.2 C F Network
Authentication Service
krb5.msg.en_US.client.rte 1.5.0.2 C F Network Auth Service
Client
krb5.server.rte 1.5.0.2 C F Network
Authentication Service
ww did run the mksecldap command, as follow
*mksecldap -c -h mtl-ipa01d.cnppd.lab -d cn=accounts,dc=cnppd,dc=lab -a
uid=nss,cn=sysaccounts,cn=etc,dc=cnppd,dc=lab -p abc123*
and we got : Invalid bind DN or bind passwd. Client presetup check failed.
Do we need to customize further this command if so, what are we missing?
also as we have not yet succeed to make modcrypt works on our AIX 6.1,
we wonder if we will need (temporary) to do some ldapmodify on the ipa
server to disable ssl?
Thank you for your assistance!
Did you create the entry uid=nss,cn=sysaccounts,cn=etc,... ?
You can test that the password is correct independently with ldapsearch
and the 389-ds access log may have additional information on the bind
failure.
rob
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
