anyone can help me out test:~# testsaslauthd -u swioshim -p Test2010 0: NO "authentication failed"
why authentication failed? On Jul 19, 2010, at 12:57 AM, Dan White wrote: > On 18/07/10 23:52 +0600, OSHIM wrote: >> What we want to achieve is user using services like OpenVPN, webproxy, >> emails, file sharing, etc will only need to remember their MS AD password >> and they will be able to login to the corresponding services they are >> entitle to used. In order to do so, we will need to configure OpenLDAP on >> Linux to authenticate with MS AD server. OpenLDAP will contain the user >> information but authentication will come from MS AD. > > You've presented a list of software that just aren't going to work the same > way. There's no consistent approach to how software uses LDAP to > authenticate users. > > You're going to need to do some research and find out how each package > performs authentication: > > 1. Does the software directly bind to the LDAP server using the provided > user credentials, and use the result as a yes/no determination of whether > the user is authenticated. > > 2. If so, does it bind using SASL? > > 3. If not, does it bind to the server using a privileged account to > retrieve the user's DN. Does it then perform a second bind to the LDAP > server? > > 4. If not, does it simply use LDAP as a password database, retrieving the > user's credentials via a privileged account and then acting on the > retrieved password? > > 5. Something else? If it can't use LDAP, can it use PAM? > > -- > Dan White
