You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@directory.apache.org by 최규우 <ap...@paio.co.kr> on 2015/02/03 12:26:33 UTC

sasl authentication problem.

Hello apacheds users.

I'm getting "INVALID_CREDENTIALS : DIGEST-MD5: cannot acquire password for
uid=admin in realm : example.com" error when I try to authenticate by
DIGEST-MD5 (SASL).

steps I've done is here.

* ON SERVER
SASL Host : (server ip address)
SASL Principal : ldap/(server ip address)@EXAMPLE.COM
Search Base Dn : ou=users,dc=example,dc=com

AND

ads-enabled=FALSE,ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config

ads-enabled=FALSE,ads-interceptorId=passwordHashingInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config


THEN ON CLIENT

Authentication Method
DIGEST-MD5 (SASL)

Bind DN or user : uid=admin
Bind password ****

SASL Setting
SASL Realm : example.com
Quality of protection : authentication only
protection strength : high


for sure there is the user  "uid=admin,ou=users,dc=exmaple,dc=com".

what did I wrong? I have no problem logging in by simple authentication.
any suggestion?


-- 


KyuWoo Choi
PAIO co.,ltd.
www.paio.co.kr
apple@paio.co.kr
TEL : 070-8621-0707
MO : 010-2834-2335
FAX : 02-6919-9010
SNS : www.facebook.com/paiofarm

Re: sasl authentication problem.

Posted by Kiran Ayyagari <ka...@apache.org>.

On Tue, Feb 3, 2015 at 7:26 PM, 최규우 <ap...@paio.co.kr> wrote:

> Hello apacheds users.
>
> I'm getting "INVALID_CREDENTIALS : DIGEST-MD5: cannot acquire password for
> uid=admin in realm : example.com" error when I try to authenticate by
> DIGEST-MD5 (SASL).
>
> steps I've done is here.
>
> * ON SERVER
> SASL Host : (server ip address)
> SASL Principal : ldap/(server ip address)@EXAMPLE.COM
> Search Base Dn : ou=users,dc=example,dc=com
>
> AND
>
>
> ads-enabled=FALSE,ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
>
>
> ads-enabled=FALSE,ads-interceptorId=passwordHashingInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
>
>
> THEN ON CLIENT
>
> Authentication Method
> DIGEST-MD5 (SASL)
>
> Bind DN or user : uid=admin
> Bind password ****
>
> SASL Setting
> SASL Realm : example.com
> Quality of protection : authentication only
> protection strength : high
>
>
> for sure there is the user  "uid=admin,ou=users,dc=exmaple,dc=com".
>
> what did I wrong? I have no problem logging in by simple authentication.
> any suggestion?
>
make sure the password is stored in plain text and make sure the IP address
/ hostname
used in the client is same as the one in SAML principal

>
>
> --
>
>
> KyuWoo Choi
> PAIO co.,ltd.
> www.paio.co.kr
> apple@paio.co.kr
> TEL : 070-8621-0707
> MO : 010-2834-2335
> FAX : 02-6919-9010
> SNS : www.facebook.com/paiofarm
>



-- 
Kiran Ayyagari
http://keydap.com