Mount homedir autofs with openldap server
I'm having trouble mounting home directories on mac clients running leopard from a linux openldap server. The login/password auth works fine, but somehow the autofs is not working correctly with the openldap server.
I need some help in troubleshooting. From what I've read on the web, autofs is now suppose to work in leopard.
Thanks,
Yasi
Sounds like something you should be posting to the server or linux forums.
Similar Messages
-
Mounting external SharePoint with OSX Server
Hi,
I know that the default location for a mounted SharePoint is the /Volumes directory. Is there a way, some command line command, to mount a SharePoint at a different location, say, at root?
Would there be security implications for allowing the www user (Apache) dr-x access to a SharePoint mounted at root?
Thanks,
TedThanks, Brent. I used the mount_afp command successfully to create a mounted SharePoint within the Webserver Documents directory.
But! When, using a browser, I try to access a webpage that's saved within the SharePoint's file system, one of the Xservers (web server or the other Xserve, an X Raid host) tells me that "I" (the www user) doesn't have "permission to access the file on this server."
We don't have Open Directory set up right now, so the www user is local to the Xserve that's the web server. Do I need to come up with a way to authenticate the web server's' "www user" on the X Raid host?
Thanks for your thoughts,
Ted -
OpenLDAP Server have Problems with the automounter of Mac OSX 10.5.5 client
Hi,
we are using OpenLDAP Server on a Debian OS base. I had connect the LDAP Server with the MACMini with Mac OSX 10.5.5. The LDAP Server is based on OpenLDAP running on Debian Linux.
The Users can login on the Mac Computers and they do have the right goups. I have a problem with the autompunterMaps because the homes and volumes are not mounted in the Mac environment. So the users have a different home directory at each computer and no volumes to work with.
The LDIF I use for the automounter is following:
dn: ou=automaster_directlinx86, ou=autofs, ou=ai,
dc=TechFak,dc=Uni-Bielefe
ld,dc=DE
ou: automaster_directlinx86
objectClass: top
objectClass: automountMap
dn: cn=\/homes, ou=automaster_directlinx86, ou=autofs, ou=ai,
dc=TechFak,dc
=Uni-Bielefeld,dc=DE
objectClass: automount
automountInformation:
ldap:ldap.TechFak.Uni-Bielefeld.DE:ou=auto_homes,ou=aut
ofs,ou=ai,dc=TechFak,dc=Uni-Bielefeld,dc=DE -nosuid,nobrowse
cn: /homes
dn: cn=\/vol, ou=automaster_directlinx86, ou=autofs, ou=ai,
dc=TechFak,dc=U
ni-Bielefeld,dc=DE
objectClass: automount
automountInformation:
ldap:ldap.TechFak.Uni-Bielefeld.DE:ou=autovollinx86,o
u=autofs,ou=ai,dc=TechFak,dc=Uni-Bielefeld,dc=DE
cn: /vol
dn: ou=autovollinx86, ou=autofs, ou=ai, dc=TechFak,dc=Uni-Bielefeld,dc=DE
ou: autovollinx86
objectClass: automountMap
dn: cn=ai, ou=autovollinx86, ou=autofs, ou=ai,
dc=TechFak,dc=Uni-Bielefeld,
dc=DE
objectClass: automount
automountInformation: -rw,intr,nolock thor:/export/ai/external/vol/&
cn: ai
dn: cn=airobots, ou=autovollinx86, ou=autofs, ou=ai,
dc=TechFak,dc=Uni-Biel
efeld,dc=DE
objectClass: automount
automountInformation: -rw,intr,nolock thor:/export/ai/external/vol/&
cn: airobots
dn: cn=mobirob, ou=autovollinx86, ou=autofs, ou=ai,
dc=TechFak,dc=Uni-Biele
feld,dc=DE
objectClass: automount
automountInformation: -rw,intr,nolock thor:/export/ai/external/vol/&
cn: mobirob
dn: ou=auto_homes, ou=autofs, ou=ai, dc=TechFak,dc=Uni-Bielefeld,dc=DE
ou: auto_homes
objectClass: automountMap
dn: cn=efrese, ou=auto_homes, ou=autofs, ou=ai,
dc=TechFak,dc=Uni-Bielefeld,d
c=DE
objectClass: automount
automountInformation: thor:/export/ai/external/homes/staff/&
cn: efrese
dn: cn=fsiepman, ou=auto_homes, ou=autofs, ou=ai,
dc=TechFak,dc=Uni-Bielefeld
,dc=DE
objectClass: automount
automountInformation: thor:/export/ai/external/homes/staff/&
cn: fsiepman
dn: cn=fyuan, ou=auto_homes, ou=autofs, ou=ai,
dc=TechFak,dc=Uni-Bielefeld,dc
=DE
objectClass: automount
automountInformation: thor:/export/ai/external/homes/staff/&
cn: fyuan
In the /etc/auto_master I added the line
SRC base="ou=ai, dc=TechFak,dc=Uni-Bielefeld,dc=DE" scope=ALL
filter="(&(|(objectClass=automount))"
to mount the /volumes but just the volume /vol and /homes are mounted to the Mac OS System.
Thanks.Hi.
Have a look at http://www.afp548.com/article.php?story=20061126220622764
and there is very good information in Apple's training texts for 10.5 server.
You can buy the print book or purchase an account with Safari Books in order to read it online,
see
http://my.safaribooksonline.com/9780321591067
Chpt 3 is on working with 3rd-party OpenLDAP servers -
Messaging server with openldap
Hi all,
Is anybody here has an experience in handling sun java messaging server 7u2 with open ldap?
I tried to connect the messaging server with open ldap but still got error "Could not connect to LDAP server".
Isn't possible for them to communicate?
Pls advise.Hi, Shane,
I seem to be half way with the external LDAP stuff but run into problems. I added a set of objectclasses and attribute types to OpenLDAP. Next I changed the option.dat (and ran a cnbuild):
ALIAS_URL0=extldap:///$V?*?sub?$R
REVERSE_URL=extldap:///$V?$N?sub?$R
LDAP_EXT_HOST=10.20.30.40
LDAP_EXT_USERNAME=cn=Manager,dc=domain,dc=nl
LDAP_EXT_PASSWORD=secret
LDAP_EXT_BASEDN=dc=domain,dc=nl
LDAP_EXT_MAX_CONNECTIONS=10
LDAP_EXT_INITIAL_CONNECTIONS=0
DOMAIN_MATCH_URL=extldap:///dc=domain,dc=nl?objectclass?sub?(&(objectClass=sunManagedOrganization)(|(associatedDomain=$D)(sunPreferredDomain=$D)))
Would this constitue a valid configuration?
The good news is that I see LDAP connections arriving at the OpenLDAP server. The bad news is that:
1. I get errors on the ALIAS_URL0 and REVERSE_URL LDAP queries (see below for the log)
2. the $D in the DOMAIN_MATCH_URL is not replaced by the domainname before the LDAP query is started, so in the output of imsimta test -rewrite -debug and in the log file of OpenLDAP the $D characters show up instead of the domainname they should represent
Ad 1. error log in OpenLDAP:
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: read active on 12
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Aug 28 15:18:50 ws22763 slapd[7535]: connection_get(12)
Aug 28 15:18:50 ws22763 slapd[7535]: connection_get(12): got connid=10
Aug 28 15:18:50 ws22763 slapd[7535]: connection_read(12): checking for input on id=10
Aug 28 15:18:50 ws22763 slapd[7535]: conn=10 op=0 do_bind
Aug 28 15:18:50 ws22763 slapd[7535]: >>> dnPrettyNormal: <cn=Manager,dc=domain,dc=nl>
Aug 28 15:18:50 ws22763 slapd[7535]: <<< dnPrettyNormal: <cn=Manager,dc=domain,dc=nl>, <cn=manager,dc=domain,dc=nl>
Aug 28 15:18:50 ws22763 slapd[7535]: conn=10 op=0 BIND dn="cn=Manager,dc=domain,dc=nl" method=128
Aug 28 15:18:50 ws22763 slapd[7535]: do_bind: version=3 dn="cn=Manager,dc=domain,dc=nl" method=128
Aug 28 15:18:50 ws22763 slapd[7535]: ==> bdb_bind: dn: cn=Manager,dc=domain,dc=nl
Aug 28 15:18:50 ws22763 slapd[7535]: conn=10 op=0 BIND dn="cn=Manager,dc=domain,dc=nl" mech=SIMPLE ssf=0
Aug 28 15:18:50 ws22763 slapd[7535]: do_bind: v3 bind: "cn=Manager,dc=domain,dc=nl" to "cn=Manager,dc=domain,dc=nl"
Aug 28 15:18:50 ws22763 slapd[7535]: send_ldap_result: conn=10 op=0 p=3
Aug 28 15:18:50 ws22763 slapd[7535]: send_ldap_result: err=0 matched="" text=""
Aug 28 15:18:50 ws22763 slapd[7535]: send_ldap_response: msgid=1 tag=97 err=0
Aug 28 15:18:50 ws22763 slapd[7535]: conn=10 op=0 RESULT tag=97 err=0 text=
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: activity on 1 descriptor
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: activity on:
Aug 28 15:18:50 ws22763 slapd[7535]:
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: activity on 1 descriptor
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: activity on:
Aug 28 15:18:50 ws22763 slapd[7535]: 12r
Aug 28 15:18:50 ws22763 slapd[7535]:
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: read active on 12
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Aug 28 15:18:50 ws22763 slapd[7535]: connection_get(12)
Aug 28 15:18:50 ws22763 slapd[7535]: connection_get(12): got connid=10
Aug 28 15:18:50 ws22763 slapd[7535]: connection_read(12): checking for input on id=10
Aug 28 15:18:50 ws22763 slapd[7535]: ber_get_next on fd 12 failed errno=0 (Success)
Aug 28 15:18:50 ws22763 slapd[7535]: connection_read(12): input error=-2 id=10, closing.
Aug 28 15:18:50 ws22763 slapd[7535]: connection_closing: readying conn=10 sd=12 for close
Aug 28 15:18:50 ws22763 slapd[7535]: connection_close: conn=10 sd=12
Aug 28 15:18:50 ws22763 slapd[7535]: daemon: removing 12
Aug 28 15:18:50 ws22763 slapd[7535]: conn=10 fd=12 closed (connection lost)
and in the output of imsimta test -rewrite -debug:
15:15:10.38: Looking up host "host.domain.nl".
15:15:10.38: - found on channel l
15:15:10.38: Routelocal flag set; scanning for % and !
15:15:10.38: Checking reverse URL cache for: [email protected]
15:15:10.38: Applying reverse URL pattern extldap:///$V?$N?sub?$R to: [email protected]
15:15:10.38: Resulting URL: extldap:///$V?$N?sub?$R
15:15:10.38: mmc_open_url_reason called to open extldap:///$V?$N?sub?$R, flags = 384
15:15:10.38: URL with quotes stripped: extldap:///$V?$N?sub?$R
15:15:10.38: LDAP URL identified
15:15:10.38: URL context #1 will be used
15:15:10.38: Performing URL search on: extldap:///$V?$N?sub?$R
15:15:10.39: URL open result -2: Search failed: Bad search filter (87)
15:15:10.39: URL resolution failed, status = -2
15:15:10.39: Override postmaster:
15:15:10.39: Mapped return address: [email protected]
15:15:10.39: from_access mapping check: ||MAIL|l|[email protected]|
Ad 2: the imsimta test -rewrite output:
*** Debug output from rewriting a forward envelope address:
15:10:59.48: Rewriting: Mbox = "user", host = "domain.nl", domain = "$*", literal = "", tag = ""
15:10:59.48: Rewrite: "$*", position 0, hash table -
15:10:59.48: Found: "$A$E$F$U%[email protected]"
15:10:59.48: Match, pattern = "domain.nl", current = "(*domaincheck*)"
15:10:59.48: old state = not checked.
15:10:59.48: Domain check on domain.nl.
15:10:59.49: mmc_open_url_reason called to open extldap:///dc=domain,dc=nl?objectclass?sub?(&(objectClass=sunManagedOrganization)(|(associatedDomain=$D)(sunPreferredDomain=$D))), flags = 0
15:10:59.49: URL with quotes stripped: extldap:///dc=domain,dc=nl?objectclass?sub?(&(objectClass=sunManagedOrganization)(|(associatedDomain=$D)(sunPreferredDomain=$D)))
15:10:59.49: LDAP URL identified
15:10:59.49: URL context #1 will be used
15:10:59.49: Performing URL search on: extldap:///dc=domain,dc=nl?objectclass?sub?(&(objectClass=sunManagedOrganization)(|(associatedDomain=$D)(sunPreferredDomain=$D)))
15:10:59.50: URL open result 0: Search succeeded but result set was empty
15:10:59.50: Added domain result 0 to cache for domain.nl.
15:10:59.50: new state = fail pending.
15:10:59.50: Rewrite failed due to prechannel mismatch.
and in OpenLDAP:
Aug 28 15:14:39 ws22763 slapd[7535]: conn=9 op=1 SRCH base="dc=domain,dc=nl" scope=2 deref=3 filter="(&(objectClass=sunManagedOrganization)(|(associatedDomain=$d)(?sunPreferredDomain=$D)))"
Some questions:
1. are the settings in option.dat correct
2. if so, why is the $D not expanded before the LDAP lookup is performed?
3. it seems OpenLDAP doesn't like the search filter; where can I find the meaning of the $R
Your help greatly appreciated.
/rolf -
We have a requirement where in we have multiple solaris servers and each solaris server has a directory with the same name.
The files in these directories will be different.
These same name directories on multiple severs has to be mounted to a single directory on another sever.
We are planning to use NFS, but it seems we can not mount multiple directories with same name on different severs to a single mount point using NFS, and we need to create multiple mount points.
Is there any way we can achieve this so that all the directories can be mounted to a single mount point?You can try to mount all these mount points via NFS in one additional server and then export this new tree again via NFS to all your servers.
No sure if this works. If this works, then you will have in this case just an additional level in the tree. -
Native ldap client doesn't work with an openldap Server : No root DSE data
Hello!
My configuration :
- an openldap 2.2.23 server (linux debian) (server name = serv_annu)
- a ldap client (solaris 10) (server name = client_annu)
I want to configure my client by using Solaris Native ldap and I follow the excellent doc of gary tay (http://web.singnet.com.sg/~garyttt)
I use TLS and I had generated a certificate by using Mozilla . TLS works because ldapsearch from my solaris client works:
FROM CLIENT_ANNU:
+# ldapsearch -h server_annu -p 636 -b"dc=mydomain,dc=fr" -s base -Z -P /var/ldap/cert8.db "objectclass=*"+
version: 1
dn: dc=mydomain,dc=fr
dc: mydomain
objectClass: top
objectClass: dcObject
objectClass: organization
objectClass: nisDomainObject
nisDomain: mydomain.fr
o: mydomain
LOG FROM SERVER_ANNU:
Apr 2 09:52:40 server_annu slapd[17068]: conn=267 fd=10 ACCEPT from IP=172.30.69.216:36020 (IP=0.0.0.0:636)
Apr 2 09:52:40 server_annu slapd[17068]: conn=267 op=0 SRCH base="dc=mydomain,dc=fr" scope=0 deref=0 filter="(objectClass=*)"
Apr 2 09:52:40 server_annu slapd[17068]: conn=267 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
Apr 2 09:52:40 server_annu slapd[17068]: conn=267 op=1 UNBIND
Apr 2 09:52:40 server_annu slapd[17068]: conn=267 fd=10 closed
1) I add DUAConfigProfile.schema and solaris.schema on my openldap server.
2) I add a nisDomainObject at the root DN (see the result of the ldapsearch above)
3) I Add ACL in slapd.conf to allow reading of rootDSE.
access to dn.base="" by ssf=128 * read
4) I launch on my solaris client
crle -u -s /usr/lib/mps
crle -64 -u -s /usr/lib/mps/64
5) I can't apply result.c patch on my openldap server (production server!) then I can't create /var/ldap/ldap_client_file and /var/ldap/ldap_client_cred by using ldapclient command. Then I create manually /var/ldap/ldap_client_file and /var/ldap/ldap_client_cred : the syntax is correct because the "ldapclient list" command works :
+# ldapclient list+
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= uid=toto,ou=People,dc=people1,dc=mydomain,dc=fr
+NS_LDAP_BINDPASSWD= {NS1}ecfa88f3a945c411+
NS_LDAP_SERVERS= server_annu
NS_LDAP_SEARCH_BASEDN= dc=mydomain,dc=fr
NS_LDAP_AUTH= tls:simple
NS_LDAP_CREDENTIAL_LEVEL= anonymous
NOTE : I've had to add NS_LDAP_BINDDN and NS_LDAP_BINDPASSWD even if I use anonymous credential level because I get an error when I launch ldap client process.
Then here, everything is apparently OK but when I enable ldap client process the cachemgr process is running about 30s then it crashes:
FROM CLIENT_ANNU:
svcadm disable /network/ldap/client;svcadm enable /network/ldap/client
+/etc/init.d/nscd stop;/etc/init.d/nscd start+
LOG FROM SERVER_ANNU:
Apr 2 09:54:59 server_annu slapd[17068]: conn=268 fd=10 ACCEPT from IP=172.30.69.216:36021 (IP=0.0.0.0:389)
Apr 2 09:54:59 server_annu slapd[17068]: conn=268 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Apr 2 09:54:59 server_annu slapd[17068]: conn=268 op=0 SRCH attr=supportedControl supportedsaslmechanisms
Apr 2 09:54:59 server_annu slapd[17068]: conn=268 op=0 SEARCH RESULT tag=101 err=0 nentries=0 text=
Apr 2 09:54:59 server_annu slapd[17068]: conn=268 op=1 UNBIND
Apr 2 09:54:59 server_annu slapd[17068]: conn=268 fd=10 closed
Apr 2 09:54:59 server_annu slapd[17068]: conn=269 fd=10 ACCEPT from IP=172.30.69.216:36022 (IP=0.0.0.0:389)
Apr 2 09:54:59 server_annu slapd[17068]: conn=269 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Apr 2 09:54:59 server_annu slapd[17068]: conn=269 op=0 SRCH attr=supportedControl supportedsaslmechanisms
Apr 2 09:54:59 server_annu slapd[17068]: conn=269 op=0 SEARCH RESULT tag=101 err=0 nentries=0 text=
Apr 2 09:54:59 server_annu slapd[17068]: conn=269 op=1 UNBIND
Apr 2 09:54:59 server_annu slapd[17068]: conn=269 fd=10 closed...
FROM CLIENT ANNU :
+# /usr/lib/ldap/ldap_cachemgr -g+
cachemgr configuration:
server debug level 0
server log file "/var/ldap/cachemgr.log"
number of calls to ldapcachemgr 2
cachemgr cache data statistics:
Configuration refresh information:
Previous refresh time: 2008/04/02 09:58:12
Next refresh time: 2008/04/02 21:58:12
Server information:
Previous refresh time: 2008/04/02 09:58:32
Next refresh time: 2008/04/02 09:58:33
server: server_annu, status: ERROR
error message: No root DSE data returned.*
Cache data information:
Maximum cache entries: 256
Number of cache entries: 0
My problem is why I get the following error message : No root DSE data returned.
Thanks in advance for your help!Hi
Is your OpenLDAP server configured to allow anonymous read of the rootDSE attributes ?
Regards,
Ludovic. -
Mounting Remote Shares with the Same Name
I am accessing shares on remote servers and can mount volumes with no problems initially, using command+k and setting the Server Address to smb://ServerNameOrIP/SharePoint. This mounts a volume with the name of the share point. The problem I've run into is at work I need to mount 2 volumes on 2 different servers with the same share point name. These are shared servers, and for unrelated reasons the folder names on either server can not be changed. This doesn't work well for me. It creates the first volume with the name "Share" and a second one that in finder appears to be called "Share" as well, but if I use "Get Info" or in Terminal run ls /Volumes I can see that it actually gets mounted as "Share-1".
Is it possible to change the name of one (or both) of these mounts? Mostly so I can see which one I'm on when browsing though Finder. I changed some settings in Finder so that the title bar allows me to see whether I'm on "Share" or "Share-1" but that doesn't actually tell me what server I'm on. Any ideas?I just discovered this after trying frivolously to get 2 shares of the same name from 2 different NAS drives to auto mount ....
limitation with autofs or something ? it should really be painless, as it is in windows. but it seems on the mac side, OS X won't allow shares with the same name to auto mount .... -
Solaris 10 automount against OpenLDAP server
Hi ya'll,
Another Solaris question that I'm searching around about...
I'm using Solaris's native LDAP client on Soalris 10 6/06. My LDAP server is an OpenLDAP server under Fedora Core 5. The Solaris client can talk to the server fine, everything is cool except for the fact that automounting isn't working. I'm guessing it's a schema issue but I'm not sure where to go... I'll post a few examples of my config and maybe someone can see something wrong:
From /etc/nsswitch.conf:
automount: files ldap
/etc/auto_master:
/projects auto.projects
/home auto.home
/- auto.direct -rw,hard,intr
from nis.schema file on OpenLDAP server:
attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
SUP name )
attributetype ( 1.3.6.1.1.1.1.27 NAME 'NisMapEntry'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} SINGLE-VALUE )
objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' SUP top STRUCTURAL
DESC 'A generic abstraction of a NIS map'
MUST nisMapName
MAY description )
objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top STRUCTURAL
DESC 'An entry in a NIS map'
MUST ( cn $ NisMapEntry $ nisMapName )
MAY description )
On the LDAP server the automounts are listed as "nisMapName=auto.home" etc.
I read somewhere that in the nis.schema file, all references to "nisMapEntry" need to be changed to all lowercase, ie "nismapentry", but I tried that and restarted the LDAP server, restarted autofs on the client, still nothing. Does anyone know what schema changes need to be made? Or maybe changes that need to be made to something else that I'm not aware of? Or do I need to make any other schema changes to my Solaris 10 native LDAP client as well?
This is a clip from the OpenLDAP log on the OpenLDAP server. It seems like the automount information request is getting through, but maybe the data it returns to Solaris is in an unrecognizable format or something?
do_search
ber_scanf fmt (miiiib) ber:
dnPrettyNormal: <nisMapName=auto.projects,dc=soe,dc=ucsc,dc=edu><<< dnPrettyNormal: <nisMapName=auto.projects,dc=soe,dc=ucsc,dc=edu>, <nisMapName=auto.projects,dc=soe,dc=ucsc,dc=edu>ber_scanf fmt ({mm) ber:
ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({M}}) ber:
==> limits_get: conn=35 op=0 dn="[anonymous]"
=> bdb_search
bdb_dn2entry("nisMapName=auto.projects,dc=soe,dc=ucsc,dc=edu")
search_candidates: base="nisMapName=auto.projects,dc=soe,dc=ucsc,dc=edu" (0x0000070d) scope=1
=> bdb_equality_candidates (objectClass)
=> key_read
<= bdb_index_read: failed (-30989)
<= bdb_equality_candidates: id=0, first=0, last=0
=> bdb_dn2idl("nisMapName=auto.projects,dc=soe,dc=ucsc,dc=edu")
<= bdb_dn2idl: id=111 first=1806 last=1916
=> bdb_equality_candidates (objectClass)
=> key_read
<= bdb_index_read: failed (-30989)
<= bdb_equality_candidates: id=0, first=0, last=0
bdb_search_candidates: id=0 first=1806 last=0
bdb_search: no candidates
send_ldap_result: conn=35 op=0 p=3
send_ldap_response: msgid=1 tag=101 err=0
ber_flush: 14 bytes to sd 18
daemon: activity on 1 descriptor
daemon: activity on: 18r
daemon: read active on 18
connection_get(18): got connid=35
connection_read(18): checking for input on id=35
ber_get_next
ber_get_next: tag 0x30 len 5 contents:
ber_get_next
ber_get_next on fd 18 failed errno=0 (Success)
connection_read(18): input error=-2 id=35, closing.
connection_closing: readying conn=35 sd=18 for close
connection_close: deferring conn=35 sd=18
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: select: listen=9 active_threads=0 tvp=NULL
daemon: select: listen=10 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on:
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: select: listen=9 active_threads=0 tvp=NULL
daemon: select: listen=10 active_threads=0 tvp=NULL
do_unbind
Linux clients work out of the box without any config changes (but then again these linux clients come stock with an openldap client so I'm not surprised they would communicate with one of their own kind).
Thanks in advance for any insight!!!
ciao, erichHi Gary,
i've got the automounter working with OpenLDAP, but not the SSD
here are my results:
$ ldaplist auto_master
dn: cn=/home,ou=NFSMounts,dc=m-x
dn: cn=/data,ou=NFSMounts,dc=m-x
$ ldaplist auto_home
dn: automountMapName=auto_home,uid=bill,ou=People,dc=m-x
$ ldaplist auto_data
dn: automountMapName=auto_data,uid=bill,ou=People,dc=m-x
$ ls -l /home
total 2
dr-xr-xr-x 1 root root 1 Nov 16 11:13 billdata
dr-xr-xr-x 1 root root 1 Nov 16 11:13 billhome
$ ls -l /data
total 2
dr-xr-xr-x 1 root root 1 Nov 16 11:13 billdata
dr-xr-xr-x 1 root root 1 Nov 16 11:13 billhome
and here are my configs:
/var/ldap/ldap_client_file:
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= xxx
NS_LDAP_SEARCH_BASEDN= dc=m-x
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_SCOPE= sub
NS_LDAP_CACHETTL= 3600
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=m-x
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=Group,dc=m-x
NS_LDAP_SERVICE_SEARCH_DESC= auto_master:ou=NFSMounts,dc=m-x
NS_LDAP_SERVICE_SEARCH_DESC= auto_data:ou=People,dc=m-x?sub?nisMapName=auto_data
NS_LDAP_SERVICE_SEARCH_DESC= auto_home:ou=People,dc=m-x?sub?nisMapName=auto_home
NS_LDAP_ATTRIBUTEMAP= automount:automountKey=cn
NS_LDAP_ATTRIBUTEMAP= automount:automountInformation=nisMapEntry
NS_LDAP_ATTRIBUTEMAP= automount:automountMapName=nisMapName
NS_LDAP_ATTRIBUTEMAP= passwd:gecos=cn
NS_LDAP_OBJECTCLASSMAP= automount:automount=nisObject
NS_LDAP_OBJECTCLASSMAP= automount:automountMap=nisMap
ldif entries:
dn: nisMapName=auto_home,uid=bill,ou=People,dc=m-x
objectClass: top
objectClass: nisObject
nisMapEntry: host1:/export/home/bill
nisMapName: auto_home
cn: billhome
dn: nisMapName=auto_data,uid=bill,ou=People,dc=m-x
objectClass: top
objectClass: nisObject
cn: billdata
nisMapEntry: host1:/export/data/bill
nisMapName: auto_data
snooping the network, i see that the calls from ldaplist include the nisMapName=auto_* filter, while the calls made by the automounter don't
is there a way to get the automounter to respect the SSD?
thank you,
Billy -
Problem with OpenLDAP and JNDI
I'm having problem working with OpenLDAP and JNDI.
First I have changed LDAP's slapd.conf file:
suffix "dc=antipodes,dc=com"
rootdn cn=Manager,dc=antipodes,dc=com
directory "C:/Program Files/OpenLDAP/data"
rootpw secret
schemacheck offthan i used code below, to create root context:
package test;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.naming.NameAlreadyBoundException;
import javax.naming.directory.*;
import java.util.*;
public class MakeRoot {
final static String ldapServerName = "localhost";
final static String rootdn = "cn=Manager,dc=antipodes,dc=com";
final static String rootpass = "secret";
final static String rootContext = "dc=antipodes,dc=com";
public static void main( String[] args ) {
// set up environment to access the server
Properties env = new Properties();
env.put( Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory" );
env.put( Context.PROVIDER_URL, "ldap://" + ldapServerName + "/" );
env.put( Context.SECURITY_PRINCIPAL, rootdn );
env.put( Context.SECURITY_CREDENTIALS, rootpass );
try {
// obtain initial directory context using the environment
DirContext ctx = new InitialDirContext( env );
// now, create the root context, which is just a subcontext
// of this initial directory context.
ctx.createSubcontext( rootContext );
} catch ( NameAlreadyBoundException nabe ) {
System.err.println( rootContext + " has already been bound!" );
} catch ( Exception e ) {
System.err.println( e );
}this worked fine, I could see that by using "LDAP Browser/Editor".
and then I tried to create group with code:
package test;
import java.util.Hashtable;
import javax.naming.*;
import javax.naming.ldap.*;
import javax.naming.directory.*;
public class MakeGroup
public static void main (String[] args)
Hashtable env = new Hashtable();
String adminName = "cn=Manager,dc=antipodes,dc=com";
String adminPassword = "secret";
String ldapURL = "ldap://127.0.0.1:389";
String groupName = "CN=Evolution,OU=Research,DC=antipodes,DC=com";
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
//connect to my domain controller
env.put(Context.PROVIDER_URL,ldapURL);
try {
// Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,null);
// Create attributes to be associated with the new group
Attributes attrs = new BasicAttributes(true);
attrs.put("objectClass","group");
attrs.put("samAccountName","Evolution");
attrs.put("cn","Evolution");
attrs.put("description","Evolutionary Theorists");
//group types from IAds.h
int ADS_GROUP_TYPE_GLOBAL_GROUP = 0x0002;
int ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = 0x0004;
int ADS_GROUP_TYPE_LOCAL_GROUP = 0x0004;
int ADS_GROUP_TYPE_UNIVERSAL_GROUP = 0x0008;
int ADS_GROUP_TYPE_SECURITY_ENABLED = 0x80000000;
attrs.put("groupType",Integer.toString(ADS_GROUP_TYPE_UNIVERSAL_GROUP + ADS_GROUP_TYPE_SECURITY_ENABLED));
// Create the context
Context result = ctx.createSubcontext(groupName, attrs);
System.out.println("Created group: " + groupName);
ctx.close();
catch (NamingException e) {
System.err.println("Problem creating group: " + e);
}got the error code: Problem creating group: javax.naming.directory.InvalidAttributeIdentifierException: [LDAP: error code 17 - groupType: attribute type undefined]; remaining name 'CN=Evolution,OU=Research,DC=antipodes,DC=com'
I tried by creating organizational unit "ou=Research" from "LDAP Browser/Editor", and then running the same code -> same error.
also I have tried code for adding users:
package test;
import java.util.Hashtable;
import javax.naming.ldap.*;
import javax.naming.directory.*;
import javax.naming.*;
import javax.net.ssl.*;
import java.io.*;
public class MakeUser
public static void main (String[] args)
Hashtable env = new Hashtable();
String adminName = "cn=Manager,dc=antipodes,dc=com";
String adminPassword = "secret";
String userName = "cn=Albert Einstein,ou=Research,dc=antipodes,dc=com";
String groupName = "cn=All Research,ou=Research,dc=antipodes,dc=com";
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
//connect to my domain controller
env.put(Context.PROVIDER_URL, "ldap://127.0.0.1:389");
try {
// Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,null);
// Create attributes to be associated with the new user
Attributes attrs = new BasicAttributes(true);
//These are the mandatory attributes for a user object
//Note that Win2K3 will automagically create a random
//samAccountName if it is not present. (Win2K does not)
attrs.put("objectClass","user");
attrs.put("samAccountName","AlbertE");
attrs.put("cn","Albert Einstein");
//These are some optional (but useful) attributes
attrs.put("giveName","Albert");
attrs.put("sn","Einstein");
attrs.put("displayName","Albert Einstein");
attrs.put("description","Research Scientist");
attrs.put("userPrincipalName","[email protected]");
attrs.put("mail","[email protected]");
attrs.put("telephoneNumber","999 123 4567");
//some useful constants from lmaccess.h
int UF_ACCOUNTDISABLE = 0x0002;
int UF_PASSWD_NOTREQD = 0x0020;
int UF_PASSWD_CANT_CHANGE = 0x0040;
int UF_NORMAL_ACCOUNT = 0x0200;
int UF_DONT_EXPIRE_PASSWD = 0x10000;
int UF_PASSWORD_EXPIRED = 0x800000;
//Note that you need to create the user object before you can
//set the password. Therefore as the user is created with no
//password, user AccountControl must be set to the following
//otherwise the Win2K3 password filter will return error 53
//unwilling to perform.
attrs.put("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED+ UF_ACCOUNTDISABLE));
// Create the context
Context result = ctx.createSubcontext(userName, attrs);
System.out.println("Created disabled account for: " + userName);
//now that we've created the user object, we can set the
//password and change the userAccountControl
//and because password can only be set using SSL/TLS
//lets use StartTLS
StartTlsResponse tls = (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());
tls.negotiate();
//set password is a ldap modfy operation
//and we'll update the userAccountControl
//enabling the acount and force the user to update ther password
//the first time they login
ModificationItem[] mods = new ModificationItem[2];
//Replace the "unicdodePwd" attribute with a new value
//Password must be both Unicode and a quoted string
String newQuotedPassword = "\"Password2000\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED)));
// Perform the update
ctx.modifyAttributes(userName, mods);
System.out.println("Set password & updated userccountControl");
//now add the user to a group.
try {
ModificationItem member[] = new ModificationItem[1];
member[0]= new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("member", userName));
ctx.modifyAttributes(groupName,member);
System.out.println("Added user to group: " + groupName);
catch (NamingException e) {
System.err.println("Problem adding user to group: " + e);
//Could have put tls.close() prior to the group modification
//but it seems to screw up the connection or context ?
tls.close();
ctx.close();
System.out.println("Successfully created User: " + userName);
catch (NamingException e) {
System.err.println("Problem creating object: " + e);
catch (IOException e) {
System.err.println("Problem creating object: " + e); }
}same error.
I haven't done any chages to any schema manually.
I know I'm missing something crucial but have no idea what. I have tried many other code from tutorials from net, but they are all very similar and throwing the same error I showed above.
thanks in advance for help.I've solved this.
The problem was that all codes were using classes from Microsoft Active Directory, and they are not supported in OpenLDAP (microsoft.schema in OpenLDAP is just for info). Due to this some fields are not the same in equivalent classes ("user" and "person").
so partial code for creating user in root would be:
import java.util.Hashtable;
import javax.naming.ldap.*;
import javax.naming.directory.*;
import javax.naming.*;
import javax.net.ssl.*;
import java.io.*;
public class MakeUser
public static void main (String[] args)
Hashtable env = new Hashtable();
String adminName = "cn=Manager,dc=antipodes,dc=com";
String adminPassword = "secret";
String userName = "cn=Albert Einstein,ou=newgroup,dc=antipodes,dc=com";
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
//connect to my domain controller
env.put(Context.PROVIDER_URL, "ldap://127.0.0.1:389");
try {
// Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,null);
// Create attributes to be associated with the new user
Attributes attrs = new BasicAttributes(true);
attrs.put("objectClass","user");
attrs.put("cn","Albert Einstein");
attrs.put("userPassword","Nale");
attrs.put("sn","Einstein");
attrs.put("description","Research Scientist");
attrs.put("telephoneNumber","999 123 4567");
// Create the context
Context result = ctx.createSubcontext(userName, attrs);
System.out.println("Successfully created User: " + userName);
catch (NamingException e) {
System.err.println("Problem creating object: " + e);
}hope this will help anyone. -
Connecting to a remote OpenLDAP server over SSL.
I've been trying for several weeks now to get a remote OpenLDAP server up and running; configured in such a way that it only allows SSL and requires certificate validation.
I've created a CA with a self-signed certificate.
I used that CA to create a server and client certificate.
The server certificate is in /etc/ssl/certs, has a link by the name of its hash.0 pointing to it; permissions are all correct and /etc/ssl/slapd.conf point to it and the CA certificate.
The client certificate is on my MacBook Pro in /etc/ssl/certs along with the CA certificate; each of which also has its hash linked to it. /etc/ssl/ldap.conf is set up properly, the permissions are correct, and the following test command ran as my user produces a successful result:
ldapsearch -v -x -H ldaps://ldap.foo.org -b "dc=foo,dc=org" -d -1
Now the problem part. I open Directory Utility; go to Services with Advanced Settings enabled. After unlocking it, I click the LDAPv3 and the pencil icon.
I hit New... in the window that pops up and use ldap.foo.org as servername, SSL box ticked. I hit Continue, and behold; nothing happens.
It is to say; Directory Utility hangs for a while; after which it goes back to the box I clicked Continue in without any error or warning popping up; but obviously hasn't advanced.
The server logs indicate my Mac had actually connected; received the server certificate; but didn't send a client certificate at which point the TLS connection got aborted for some reason and the session ended.
My Mac Console shows something even more bizare, though:
11/09/08 23:09:22 com.apple.DirectoryServices[97123] Assertion failed: (ld != NULL), function ldapsearchext, file search.c, line 76.
My suspicion is that Directory Utility can't verify the server certificate and aborts the TLS connection. I expect it also uses /etc/openldap/ldap.conf? How can I diagnose the root of this problem?
Thanks a lot for your assistance; I just can't figure this out and any hint or pointer would be greatly appreciated. It now just looks like OSX does not support a secure LDAP over SSL configuration.
Though it currently isn't set up to be that way, I'd like to have my client also provide a certificate (CN=lhunath.foo.org) and have the server validate that. For now I've got the server set to:
TLSVerifyClient never
(And of course, the client:)
TLS_REQCERT demand
Message was edited by: lhunathBy the way; about the assertion error I get in Console; here's the relevant source of ldap.c. Looks like ld is not set; probably something going wrong before that with setting up the TLS connection, perhaps? Or not?
* ldapsearchext - initiate an ldap search operation.
* Parameters:
* ld LDAP descriptor
int
ldapsearchext(
LDAP *ld,
assert( ld != NULL ); -
How can I modify datas on one OpenLDAP server
Hello, I am testing Leopard server 10.5.2 ; we have one open ldap server on our network with more than 700 users and I can access to it on the workgroup manager. Unfortunately I can't modify the datas which are on the open ldap server (only with Workgroup manager) but I have no authentification problem using Safari and a php module (cn=admin.....+ password). Is it normal ? Can I import the accounts on my OD Server. This one is setup as a OD Master. As we have a lot of people on the Openldap server I don't want to recreate them manualy.
Thank you.Hi
Yes you should be able to do this. Passwords will probably not be transferred over. However once transferred you can specify a password policy for all users to change their passwords at next log in.
You don't say which existing LDAP server you have. It may be advisable to you use a 3rd-Party application to transfer Users etc over. I've heard that Excel can be used although I have always used Passenger.
Tony -
No longer mount NFS volumes with 2010.q1 release:
Has anyone else seen this? I can no longer mount any of my NFS volumes with root squash since upgrading to 2010.q1. I have a ticket open with Sun (72644622), but everyone is apparently off/away.
Before they all went off, Sun Eng. suggested setting max supported NFS version to 3, but this of course did not work. Hosts trying to mount the volumes error out with:
call_verify: server HOST_IP_HERE requires stronger authentication.
I have double checked that the atuh is set to sys (not krb), but it looks like the nfsd is not respecting this.
Of course this has knocked all our VMware mounts offline as well, and using krb for these is out of the question....
Had to update to support the new FC card...which works great...but me needs me nfs shares....
Fishworks doods, stop yelling at drives and help a brother out ;)I wish I could tell you, but it seems we lost a CIM card. Worse yet, this failure was completely SILENT. Not a single "problem" listed in the logs. However, when attaching another J4400, I noticed an alarm LED on the failed CIM and verified that the storage was only seen by 1 path. Kind of disconcerting that availability could be reduced significantly without so much as an email.
I'll let you know if we can get to the new release later this week.
Charles -
[SOLVED] mount.nfs4: access denied by server
Hi folks. I seem to be having a bit of a problem getting nfs4 to work. I am trying to mount a share from alpha (my fileserver) onto charlie (my workstation). Both of these are new Arch systems and I haven't had any nfs working yet, although I have with other distros on the same hardware.
Fileserver (alpha) config:
# /etc/exports
/files 192.164.1.0/24(rw,sync,fsid=0,no_subtree_check)
# /etc/hosts.allow
sshd: 192.168.1.0/255.255.255.0
nfsd: 192.168.1.0/255.255.255.0
rpcbind: 192.168.1.0/255.255.255.0
mountd: 192.168.1.0/255.255.255.0
idmapd: 192.168.1.0/255.255.255.0
statd: 192.168.1.0/255.255.255.0
[General]
Verbosity = 3
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = localdomain
[Mapping]
Nobody-User = nobody
Nobody-Group = nobody
[Translation]
Method = nsswitch
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
none /dev/pts devpts defaults 0 0
none /dev/shm tmpfs defaults 0 0
#/dev/cdrom /media/cd auto ro,user,noauto,unhide 0 0
#/dev/dvd /media/dvd auto ro,user,noauto,unhide 0 0
#/dev/fd0 /media/fl auto user,noauto 0 0
/dev/sda1 /boot ext3 defaults 0 1
/dev/sda2 swap swap defaults 0 0
/dev/sda5 / ext3 defaults 0 1
/dev/sda6 /var ext3 defaults 0 1
/dev/sda7 /home ext3 defaults 0 1
/dev/sda8 /files ext3 defaults 0 1
rpc_pipefs /var/lib/nfs/rpc_pipefs rpc_pipefs defaults 0 0
nfsd /proc/fs/nfsd nfsd rw,nodev,noexec,nosuid 0 0
DAEMONS=(syslog-ng network netfs rpcbind nfs-common nfs-server hal @alsa @crond @openntpd @sshd)
[root@alpha ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda5 19228276 879492 17372036 5% /
none 507792 140 507652 1% /dev
none 507792 0 507792 0% /dev/shm
/dev/sda1 93307 15887 72603 18% /boot
/dev/sda6 19228276 372632 17878896 3% /var
/dev/sda7 19228276 176224 18075304 1% /home
/dev/sda8 902688436 204872 856629640 1% /files
[root@alpha ~]#
Workstation (charlie) config:
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
none /dev/pts devpts defaults 0 0
none /dev/shm tmpfs defaults 0 0
#/dev/cdrom /media/cd auto ro,user,noauto,unhide 0 0
#/dev/dvd /media/dvd auto ro,user,noauto,unhide 0 0
#/dev/fd0 /media/fl auto user,noauto 0 0
UUID=437982b2-5c84-4f53-954d-cf43f8b4e707 / ext3 defaults 0 1
UUID=97d79d76-357a-4f4e-8513-f181bff6af62 /boot ext3 defaults 0 1
UUID=d8525095-9b97-4439-932f-8f4e0236cce1 /home ext3 defaults 0 1
UUID=ffba933b-af93-407c-b1b8-69d1cc5be146 swap swap defaults 0 0
rpc_pipefs /var/lib/nfs/rpc_pipefs rpc_pipefs defaults 0 0
alpha:/ /files nfs4 defaults 0 0
[General]
Verbosity = 3
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = localdomain
[Mapping]
Nobody-User = nobody
Nobody-Group = nobody
[Translation]
Method = nsswitch
DAEMONS=(syslog-ng network crond alsa hal fam rpcbind nfs-common netfs)
[root@charlie ~]# mount -a
mount.nfs4: access denied by server while mounting alpha:/
[root@charlie ~]#
This happens even after both systems are rebooted. Can anyone spot what I am missing?
Thanks for looking.
Last edited by dgregory46 (2009-10-21 01:04:09)Now I really feel stupid. A little proofreading would have saved me a big headache. In /etc/exports I was exporting to 192.164.1.0/24 while my network is the more standard 192.168.1.0/24.
It works fine now, although I did take phaul's suggestion and added my main share "inside" the nfs4 root. -
Anyone witnessed Server Side Copy in action with Yosemite Server 4.0.3?
Hi,
Just curious if anyone can validate the following for me before I upgrade.
1. Client is Mac OS X 10.10.2 client
2. Server is Mac OS X 10.10.2 running Server 4.0.3
3. Server is sharing out two shares via SMB only which for argument sake have faster I/O than gigabit network.
/Volumes/ShareA
/Volumes/ShareB
4. Client mounts both shares with read and write ability.
5. Client duplicates a 10GB file on ShareA.
a). Does ServerSideCopy kick in here and thus the task is very quick? or
b). does the data have to traverse the network still?
6. Client copies a 10GB file from ShareA to ShareB
a). Does ServerSideCopy kick in here as well and thus the task is very quick? or
b). Once again, does the data have to traverse the network still?
Thanks,Yes, sorry. 5a.
Now, the test might have been a bit superficial. I did a
dd if=/dev/zero of=10g.dat bs=1 count=0 seek=10g
to create the original file, so it was a sparse file full of zeroes. However, I can confirm that the duplicate (5a) was fast and the copy (6b) was slow.
I just retried with
dd if=/dev/urandom of=10g.dat bs=1m count=10k
and I can confirm that 5 does not go over the network (i.e., 5a is confirmed as true), but 6b remains true (does go over the network).
The duplicate of the file with random data was much slower than that of the sparse, zero-filled file, but it absolutely did not do either duplicate over the network. -
Cisco ISE v1.1.3 intergration with OpenLdap
Hi Guys,
We are trying to intergrate our ISE server with a Secondary OpenLdap server (Zentyal). The current primary server we are using for authentication is Active directory. We have managed to test the binding to the Secondary server successfully and added it in the Identity source sequences.
The error we are getting when authenticating the OpenLdap end user machine is as below:
1006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12304 Extracted EAP-Response containing PEAP challenge-response
11808 Extracted EAP-Response containing EAP-MSCHAP challenge-response for inner method and accepting EAP-MSCHAP as negotiated
Evaluating Identity Policy
15006 Matched Default Rule
15013 Selected Identity Store - Zentyal
22043 Current Identity Store does not support the authentication method; Skipping it
Anyone who has experienced such an issue?
Please helpHi Salodh,
You were right!!! We installed a 3rd party supplicant that supported GTC on the Windows machine and the authentication succeeded. Next step is now Profiling the machine otherwise Thanks so much for your help and time.
Maybe you are looking for
-
My IPad 6.1.3 is not allowing me to upgrade to 7.0.2 (not that I want to after the horror stories) but I would like your advice on what to do. It's not memory because I have 23.3gb available. Also, my delete button in photos does not appear to be wor
-
Itunes crashed -- all my music wiped out
Just upgraded my PC with newest version of ITunes one hour later, the entire library vanished no songs to be found anywhere on my C Drive (lost over 2000 songs) Any ideas on what I should do? Thanks a lot.
-
(URGENT) Skining problem of components (datagrid & combobox)
Hi, I m using FLASH CS3, I used Datagrid and Combobox component from components panel, and simply add some data inside in that. setupComboBox(); function setupComboBox():void cb.setSize(200, 22); cb.prompt = "Select a Credit Card"; cb.add
-
Crystal Report Enterprise 4.0 reports on SAP BW 7.1 Qry with Analysis Auth.
hello everyone, We have created a crystal report using CR Enterprise 4.0 using a connection published (SSO enabled) in BOE repoitory on a SAP BW 7.0 EHP1 SP6 query. The underlying query has Analysis Authorization at place and variables are processed
-
Why the Itune is not showing my iphone in it???
I m using Iphone 5s and i want to copy songs and some other stuff from my pc to my iphone. I searched for it on google and read some discussion on the official site of APPLE, acc. to them i need Itune to do so. I downloaded it from the apple site but