0 Replies Latest reply on Jun 21, 2004 6:28 AM by 807573

    Simple Bind failed error  invalid credentials message

    807573
      I am trying to connect to a DS5.2 patch 2 on a Solaris 8 server but receive the simple bind failed invalid credentials error message. This is a strange message in that as I monitor the progress of the bind and authorization attempts via snoop and truss, I see all kinds of interaction between the DS server and the client.

      I have patched both the client and server as current as possible to include 108993-36.

      I've added the following to the ns_ldap_service_auth_method:

      pam_ldap:simple
      passwd_cmd:simple

      also:

      ns_ldap_auth = simple and ns_ldap_credential_level = proxy

      I haven't created any tls credential yet (could this be what the error message is referring to?)

      The actual message reads:

      login: libsldap: status: 49 Mesg: openConnection: Simple Bind failed - Invalid Credentials.

      When I run the login command, I am prompted for a password followed by another prompt for the LDAP password. After entering the LDAP password, login recycles and prompts me for a userid.

      another thing: from the output of the ldap_cachmgr -g command includes the following lines:

      server = none, status ERROR
      error message: can't connect to the LDAP server
      it lists the correct server ip adress, and status: up

      but again, if I look at the access log on the server, I see all kinds of interaction, including the login information and correct passwords of both the proxyagent and user I am trying to login as.

      As far as pam.conf, I have it configured as per page 268 of the Solaris 9 Naming administration guide for PAM_LDAP: (I used this as I am configuring for DS 5.2 and all other versions of Solaris documentation refers to 5.1)

      login auth required pam_authtok_get.so.1
      login auth required dhkeys.so.1
      login auth required dial_auth.so.1
      login auth sufficient pam_unix_auth.so.1 debug
      login auth required pam_ldap_get.so.1 try_first_pass debug

      ...

      other account requisite pam_roles.so.1
      other account required pam_projects.so.1
      other account binding pam_unix_account.so.1 server_policy
      other account optional pam_ldap_so.1 debug
      ...

      Any help would be greatly appreciated,
      Thanks in advance