2012/1/25 Rob Crittenden <[email protected]> > Sylvain Angers wrote: > >> Hello >> In our lab, we are testing latest ipa on redhat and we are now >> configuring/testing an IBM/AIX client 6.1 >> >> Here is the ipa server command that we used >> *ipa-server-install -a ipa123 --hostname=mtl-ipa01d.cnppd.**lab -n >> cnppd.lab -p ldap123 -r CNPPD.LAB * >> >> >> We are following your documentation for AIX client and have some issue >> getting through the step >> >> we had to install these fileset and we still fight modcrypt >> >> lslpp -L | grep idsldap >> idsldap.clt32bit61.rte 6.1.0.34 C F Directory Server - 32 >> bit >> idsldap.clt64bit61.rte 6.1.0.34 C F Directory Server - 64 >> bit >> idsldap.cltbase61.adt 6.1.0.34 C F Directory Server - >> Base Client >> idsldap.cltbase61.rte 6.1.0.34 C F Directory Server - >> Base Client >> >> >> lslpp -L | grep krb >> krb5.client.rte 1.5.0.2 C F Network >> Authentication Service >> krb5.client.samples 1.5.0.2 C F Network >> Authentication Service >> krb5.doc.en_US.html 1.5.0.2 C F Network Auth Service >> HTML >> krb5.doc.en_US.pdf 1.5.0.2 C F Network Auth Service PDF >> krb5.lic 1.5.0.2 C F Network >> Authentication Service >> krb5.msg.en_US.client.rte 1.5.0.2 C F Network Auth Service >> Client >> krb5.server.rte 1.5.0.2 C F Network >> Authentication Service >> >> ww did run the mksecldap command, as follow >> >> *mksecldap -c -h mtl-ipa01d.cnppd.lab -d cn=accounts,dc=cnppd,dc=lab -a >> uid=nss,cn=sysaccounts,cn=etc,**dc=cnppd,dc=lab -p abc123* >> >> >> and we got : Invalid bind DN or bind passwd. Client presetup check >> failed. >> >> Do we need to customize further this command if so, what are we missing? >> also as we have not yet succeed to make modcrypt works on our AIX 6.1, >> we wonder if we will need (temporary) to do some ldapmodify on the ipa >> server to disable ssl? >> >> Thank you for your assistance! >> > > Did you create the entry uid=nss,cn=sysaccounts,cn=etc,**... ? > > You can test that the password is correct independently with ldapsearch > and the 389-ds access log may have additional information on the bind > failure. > > rob > Hello Rob,
All I see at the moment is uid=sudo,cn=sysaccounts,cn=etc,dc=cnppd,dc=lab uid=kdc,cn=sysaccounts,cn=etc,dc=cnppd,dc=lab whenever I create new users, it get under uid=nss,cn=users,cn=accounts,dc=cnppd,dc=lab How do we create uid=nss,cn=sysaccounts,cn=etc,**dc=cnppd,dc=lab ? is this something we have to manually do via ldapadd? about the nss password will the ldapadd be part of the command? Thanks -- Sylvain Angers
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
