Binding 10.7 Lion client to 3rd Party LDAP

[lotusshaney]

Hi All,

I have been using an Oracle Directory Server and extreme-zip on windows to host Mac OSX home folders for years. It has always worked fine, all the way from 102 unto 10.6

However 10.7 has broken it. I have the latest 10.7 friendly version of extreme-zip installed but when I log in with a 10.7 client the normal guest connection to the home folder server does not get dropped and the client fails to reconnect as the authenticated user.

If I try an 10.7 openldap server that has a user setup so that there home folder is on the same file server then it works fine ?!?!?!

I have replicated the users recored from Open Directory into the Oracle server and it fails to work. Lg files on the client just show it is unable to read from the home folder as it does not have permissions due to the mount sill being mounted as guest

Any Ideas ?

Dan

[zero]

We are seeing similar issues.
Some helpful info for basic Kerb auth was found at http://linsec.ca/blog/2011/07/26/kerberos-on-os-x-10-7-lion/
However third party LDAP does not seem to work right.

We played with the /etc/pam.d/authorization setting “auth optional pam_krb5.so use_first_pass default_principal”

From logs it looks like the user is getting a TGT but then it ends with “OpenDirectory – The authtok is incorrect”.
Command line kinit works.

[Author]

Posts