I've been tasked to get our directory services authenticating via a
biometric mechanism that only supports radius. In searching this
list, it seems using PAM as a bridge to the radius server is the
only option, which means utilizing SASL. After about 10 recompiles, i
found my problem with sasl (the /etc/sasldb file didn't exist), but i'm
still unable to get slapd to successfully authenticate with sasl.
using: ldapsearch -O none -D "cn=bougyman,dc=mycompany,dc=com"
i get
ldap_sasl_bind_s: Unknown error
additional info: unable to get users secret
using: ldapsearch -O none -D "cn=bougyman,dc=mycompany,dc=com" -Y plain
i just get
ldap_sasl_bind_s: Unknown error
I tried something from the mailing list in my ldif of:
userpassword: {SASL}tjvanderp
but that didn't seem to work, it just encrypted that string and that's
what looks to be stored in userpassword for uid bougyman.
I have created the user secret using saslpasswd for both tjvanderp and
bougyman, so even if radius auth weren't working, sasldb authentication
should work, no? What am I missing?
I"m lost on where to go from here, must've read 30 sasl threads on here
so far, none of them seem to be the howto I need. Any help or pointer
to good documentation would be appreciated.
TJ Vanderpoel, GCIA GCIH
tj@defendem.com