From: Wong, G. MR EECS (Gaylen dot Wong at usma dot edu)
Date: Mon Mar 22 2004 - 16:33:51 EST
We are trying to use "saslauthd -a ldap" to autheticate to a Microsoft
Active Directory Domain controller as
authentication piece for a Cyrus IMAP server. Our platform is Redhat
Enterprise AS 3.0.
We are just trying to get saslauthd -a ldap to work for right now.
We start saslauthd with: "saslauthd -a ldap -O
/usr/local/etc/saslauthd.conf"
Here is our saslauthd.conf:
------------------------------------------------------------------------
--------------------------------
ldap_servers: ldap://129.29.72.130
ldap_bind_dn:
cn=imapservice,ou=users,ou=eecs,ou=dean,dc=usma,dc=ds,dc=army,dc=edu
ldap_password: Jig0Haj|DY
ldap_version: 3
ldap_filter: %u
ldap_auth_method: fastbind
------------------------------------------------------------------------
--------------------------------
Does the bind user have to be a special AD account? (Anonymous binding
is not allowed for our Microsoft AD domain
Controller)
We test with "testsaslauthd -u dg7108 -p ******* -r USMA.DS.ARMY.EDU"
The authentication fails. Contents of auth.log file:
------------------------------------------------------------------------
--------------------------------
Mar 22 13:57:01 freedom saslauthd[704]: ipc_init : listening on
socket: /var/state/saslauthd/mux
Mar 22 14:00:54 freedom saslauthd[722]: detach_tty : master pid is:
722
Mar 22 14:00:54 freedom saslauthd[722]: ipc_init : listening on
socket: /var/state/saslauthd/mux
Mar 22 14:01:03 freedom saslauthd[723]: Authentication failed for
dg7108/USMA.DS.ARMY.EDU: Bind to ldap server failed (invalid
user/password or insufficient access) (-7)
Mar 22 14:01:03 freedom saslauthd[723]: do_auth : auth failure:
[user=dg7108] [service=imap] [realm=USMA.DS.ARMY.EDU] [mech=ldap]
[reason=Unknown]
------------------------------------------------------------------------
--------------------------------
We are using Cyrus SASL 2.1.18. We have tried version 2.1.17 but with
the same result.
HELP!!!
|
|
|