FC5 LDAP to OS X 10.4 OD server, password issues?

[dmc]

I’m in the process of setting up a Linux RAID 5 file server running FC5 and having it authenticate to a 10.4 OD server for the purpose of mounting volumes via netatalk.

I’ve been pulling my hair out for the last several hours trying to figure out what might be a glaring oversight, so I turn to you folks for help.

Network is as follows:

– G5 w/ 10.4 Server, running as OD Master
– Linux box w/ FC5, LDAP authentication to OD Master for the purpose
– Other G4, G5 clients to mount home directories on Linux box share via afp/netatalk

In its current state, users can authenticate and connect to the Linux file server when their password in the OD Workgroup Manager/Advanced/User Password Type is set to “Crypt Password”. When it is set to “Open Directory”, authentication no longer works.

Authentication on the Linux box (using authconf) is set tup use MD5 passwords, shadow passwords, and LDAP authentication. I haven’t tried Kerberos, even though it is running on the OD Master. (I thought Kerberos wasn’t a necessity. An added complxity.)

/var/log/messages on the Linux box, upon an attempted netatalk authentication shows:
————————-
Sep 25 22:48:22 nogaro afpd[8477]: ASIP session:548(4) from 10.0.1.201:60131(7)
Sep 25 22:48:22 nogaro afpd[8477]: dhx login: foo
Sep 25 22:48:22 nogaro afpd[8477]: uams_dhx_pam.c :PAM: PAM Success
Sep 25 22:48:24 nogaro afpd[8477]: uams_dhx_pam.c :PAM: PAM_Error: Authentication failure
Sep 25 22:48:24 nogaro afpd[8477]: 0.18KB read, 0.12KB written
Sep 25 22:48:24 nogaro afpd[6859]: server_child[1] 8477 done
————————-

/var/log/secure on the Linux box, upon an attempted netatalk authentication shows:
————————-
Sep 25 22:48:22 nogaro afpd[8477]: pam_unix(netatalk:auth): authentication failure; logname= uid=0 euid=0 tty=afpd ruser= rhost=dynamite.tech.edu user=foo
————————-

Again, when the user’s password is set to crypt in the Workgroup Manager on the OD Master, everything works as expected. UIDs, groups, etc. all check out.

Running the following on the Linux server,
[code]getent shadow foo[/code]
shows
[code]foo:*:::::::0[/code]
when the user foo is set to an OD password. Clients with a crypt password actually return something on the Linux box,
[code]foo:Ol.Zn0AyTfXyo:::::::0[/code]

Am I missing something completely obvious?

Any help or insight into the matter would be deeply appreciated. I can put more logs, config files, settings at your request.

Thanks in advance.

Dave

[pgreer]

did you ever get this worked out? I have the same problem…..

[Drizzt]

In /etc/pam.d/netatalk

Change pam_unix.so for pam_krb5.so if you use Kerberos, ou pam_ldap.so if you use LDAP.

[Author]

Posts