RoboHelp 6 Authentication to Server

Similar Messages

• I get error message: "An error occurred with the  publication of album...Authentication with server failed...whenever I open a facebook file in my iPhoto. In each file, most of my photos have disappeared. What do I need to do?

  I get error message: "An error occurred with the  publication of album...Authentication with server failed. Please check your login and password information" whenever I open a facebook file in my iPhoto. In each file, most of my photos have disappeared. I am hoping I can retrieve these "lost" files. What do I need to do?

  Message was edited by: leroydouglas
  better yet, try this solution:
  https://discussions.apple.com/message/12351186#12351186

• Prime 1.4 - no aaa authentication tacacs+ server

  Anybody know the equivalent command "no aaa authentication tacacs+ server" on PI 1.4. I saw this command on PI 2.2 but I can´t find something similar on 1.4.
  Thanks in advanced.

  Check the following Command line manual for PI 1.4
  http://www.cisco.com/c/en/us/td/docs/wireless/prime_infrastructure/1-4/command/reference/cli14.html
  Apart from that I found this ,let me know if it helps.
  Select a command
      Add TACACS+ Server—See the “Add TACACS+ Server” section.
      Delete TACACS+ Server—Select a server or servers to be deleted, select this command, and click Go to delete the server(s) from the database.
  Add TACACS+ Server
  Choose Administration > AAA > TACACS+ from the left sidebar menu to access this page. From the Select a command drop-down list choose Add TACACS+ Server , and click Go to access this page.
  This page allows you to add a new TACACS+ server to Prime Infrastructure.
      Server Address—IP address of the TACACS+ server being added.
      Port—Controller port.
      Shared Secret Format—ASCII or Hex.
      Shared Secret—The shared secret that acts as a password to log in to the TACACS+ server.
      Confirm Shared Secret—Reenter TACACS+ server shared secret.
      Retransmit Timeout—Specify retransmission timeout value for a TACACS+ authentication request.
      Retries—Number of retries allowed for authentication request. You can specify a value between 1 and 9.
      Authentication Type—Two authentication protocols are provided. Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP).
  Command Buttons
      Submit
      Cancel
  Note • Enable the TACACS+ server with the AAA Mode Settings. See the “Configuring AAA Mode” section.
      You can add only three servers at a time in Prime Infrastructure.

• Send email from OWB with authenticated SMTP server (AUTH_LOGIN)

  Hi all,
  I want to send email from Oracle Warehouse Builder 11.2.0.2 using a SMTP server with basic authentication (AUTH_LOGIN).
  I've created an ACL for OWBSYS user according to note ID 1229769.1 in support.oracle.com.
  But, I need to configure again the ACL to connect to the SMTP server using user and password.
  I read the article in metalink, *How to Send an Email Using SMTP over an SSL Connection [ID 1323140.1]*+
  but I don't know how can I configure again the ACL for use in OWB.
  How OWB is able to authenticate with the SMTP server?
  Thanks!
  Maximiliano.

  Duplicate -
  How to send email from OSB with Mail server that requires SSL or STARTTLS
  Regards,
  Anuj

• External Authentication with Server 2008 R2

  Has anyone had success configuring External Authentication on Windows Server 2008 R2? We are using Hyperion Enterprise 6.5.1.
  Thank you.

  Was there ever an answer on this, having problems with setup using same versions

• Anyone got ACS SE 4.2.1 authenticating against server 2008 R2 via LDAP?

  Hi, I'm working on a new network implementation where the customer has ACS SE and wants to use AD for machine based authentication of wired 802.1x clients.
  As the support for 2008 R2 server (64-bit OS used here) using remote agent is not yet released they are attempting to set this up using an LDAP connection. The final goal is to use certificate based authentication, and I have had a message indicating this authentication type may not work due to an issue with binary comparison, so we started with basic username/password accounts first.
  So far the ACS is populating its external user database fields with the domains setup on AD, but user authentication is failing.
  Briefly we started with basic username/password usng MD5-CHAP on XP to an account configured on ACS, that worked fine. Then set up the external user database to use an LDAP connection to AD, and an unknown user policy, this dosent work. It looks like the issue could be do with the LDAP attributes not being set correctly.
  Has anyone used LDAP as an authentication mechanism against 2008 R2 based AD and got it working?

  Aacole,
  The above error message says that your external database that is LDAP doesn't support EAP-MD5 and that is quite true.
  You may check the below listed link for protocol and database compatibility.
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/Overvw.html#wp824733
  Since you are using LDAP its only supports EAP-GTC.
  Do let me know if you need any further suggestions.
  Regds,
  JK
  Do rate helpful posts-

• WPA2-Enterprise Radius Authentication Windows Server 2008 R2

  Hello,
  I have tried a few online tutorials for providing secure wireless access.  I currently have a server running Server 2008 R2 that has RRAS, NAP, and AD CS installed on it.  My goal is to create a wireless SSID that utilizes WPA2-Entperise for users
  to connect.  Their AD credentials would need to belong to my "Wireless Users" group.  I have seen tutorials that involved certificates, and some tutorials that simply added the RADIUS clients along with the network/connection policies,
  and then added the settings to the router.  When I've tried both ways, the wireless network never connects to the network.  If I un-check the "Use Windows login credentials" a username/password field pops up.  I enter the credentials
  (tried both username and domain\username) of an account that is part of "Wireless Users".  When I hit OK it sits for a few moments, and then pops back up again.  When I do check "Use Windows login credentials" it says it can't
  connect.
  I have tried different firmware on the router, and I know the router is not the issue.  This server is joined to my domain controller.  It feels like the NAP server is not reaching the domain to authenticate credentials.  Am I doing anything
  wrong that I should be made aware of?  In NAP if I right click the server, the "register in active directory" is greyed out, which I assume is because it's already joined to the domain.
  I appreciate any help you can provide.
  -Ken

  I've searched in "Event Viewer" on the NPS server, and came across an interesting error.  I have Google'd the error, and there are only a select few articles about it.  If I try to connect, often times I will get two information events:
  Event ID 4400 "A LDAP connection with domain controller DC-VPN-IIS-01.dc.cooper.org for domain COOPER is established."
  And now...the issue
  Event ID 6273
  Network Policy Server denied access to a user.
  Contact the Network Policy Server administrator for more information.
  User:
  Security ID: COOPER\LAPTOP3-W7$
  Account Name: host/laptop3-w7.dc.cooper.org
  Account Domain: COOPER
  Fully Qualified Account Name: COOPER\LAPTOP3-W7$
  Client Machine:
  Security ID: NULL SID
  Account Name: -
  Fully Qualified Account Name: -
  OS-Version: -
  Called Station Identifier: c0c1c074bfb6
  Calling Station Identifier: 00216a902b70
  NAS:
  NAS IPv4 Address: 172.16.4.2
  NAS IPv6 Address: -
  NAS Identifier: c0c1c074bfb6
  NAS Port-Type: Wireless - IEEE 802.11
  NAS Port: 11
  RADIUS Client:
  Client Friendly Name: CiscoAP
  Client IP Address: 172.16.4.2
  Authentication Details:
  Connection Request Policy Name: Use Windows authentication for all users
  Network Policy Name: Connections to other access servers
  Authentication Provider: Windows
  Authentication Server: dc-vpn-iis-01.dc.cooper.org
  Authentication Type: EAP
  EAP Type: -
  Account Session Identifier: -
  Logging Results: Accounting information was written to the local log file.
  Reason Code: 65
  Reason: The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.
  Clearly, when I try to connect, it's completely bypassing the network policy I created, but going to the "Connections to other access servers", which by default denys access.  I've tried everything....removed and re-added the security policy...added
  2 network policies for wireless.  Does anyone know why the network policy I create for wireless is not being recognized?

• Error with integrated authentication (sql server)

  Hi,
  I need to connect Lumira 1.23 with sql server instances (of sql 2008 and 2012). In this case I need to use windows users and it seems there is a problem with the integrated authentication.
  In some blogs and articles I have seen that the sqljdbc_auth.dll file has to be copied in one or more folder but I haven't clear this point.
  Can anybody help to fix the problem?
  Thanks in advance.
  Regards.

  I am very new to SQL Server and I am trying to access sql server from my .net web application. The environment is Windows 8 and SQL Server  2012 
  I have tried some of the blog solutions but could not open SQL Server Configuration tool in windows 8.
  Hi Sraven,
  According to your description, SQL Server Configuration Manager is a snap-in for the Microsoft Management Console program and not a stand-alone program, SQL Server Configuration Manager not does not appear as an application when running Windows
  8. To open SQL Server Configuration Manager, in the Search charm, under
  Apps, type SQLServerManager11.msc (for SQL Server 2012) or
  SQLServerManager10.msc for (SQL Server 2008), and then press Enter.
  In addition, there is a similar issue about connect .NET4.0 C# application to SQL Server 2012 database, you can review the following article.
  http://visualstudiomagazine.com/articles/2013/11/01/hooking-aspnet-apps-into-sql-server-2012.aspx
  Regards,
  Sofiya Li
  If you have any feedback on our support, please click here.
  Sofiya Li
  TechNet Community Support

• MAC Authentication + Windows Server 2008 R2 Radius server

  Hello there,
  I have been trying to configure the MAC Authentication on Windows Server Network Policy Server but no success. Details on my configuration can be find below.
  I have firstly enabled the Mac Authentication on 3com switch 4400 model.
  enabling  -> Mac-authentication
  enabling authentication mode -> UsernameAsMacAddress
  configuring a domain - mac-authentication domain abc.local.
  I left the default Vlan (Vlan1)
  While on my DC, I created a user
  username: 00-00-00-00-00-00
  password: 00-00-00-00-00-00
  Lastly on the NPS Server, I configured the 802.1x Wired configuration, I configured the NAS (Radius Client) whici is the 3com Switch.
  After completing the configurations, I turned on my computer with and logged on to the domain abc\00-00-00-00-00-00 with the password. But there was no success when the computer tried to connect to the network looking for DHCP services to obtain IP address.
  On the NPS event service, I got:
  User:
  Security ID:
  NULL SID
  Account Name:
  [email protected]
  Account Domain:
  abc
  Fully Qualified Account Name:
  abc\00-00-00-00-00-00
  Client Machine:
  Security ID:
  NULL SID
  Account Name:
  Fully Qualified Account Name:
  OS-Version:
  Called Station Identifier:
  Calling Station Identifier:
  0000-0000-0000
  NAS:
  NAS IPv4 Address:
  xxx.xxx.xx.xx
  NAS IPv6 Address:
  NAS Identifier:
  00aa00aa00aa
  NAS Port-Type:
  Ethernet
  NAS Port:
  12345678
  RADIUS Client:
  Client Friendly Name:
  3com
  Client IP Address:
  xxx.xxx.xx.xx
  Authentication Details:
  Connection Request Policy Name:
  NAP 802.1X (Wired) 2
  Network Policy Name:
  Authentication Provider:
  Windows
  Authentication Server:
    server.abc.local
  Authentication Type:
  PAP
  EAP Type:
  Account Session Identifier:
  Logging Results:
  Accounting information was written to the local log file.
  Reason Code:
  16
  Reason:
  Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
  All I could find was " Authentication failed due to the reason appeared in the reason code but I am very sure that the name and the password are the same. I hope someone can help me out. 
  Thanks.

  Hi,
  Thanks for your post.
  MAC address authorization is performed when the user does not type in any user name or password, and refuses to use any valid authentication method. In this case, Network Policy Server (NPS) receives the Calling-Station-ID attribute, and no user name and
  password. To support MAC address authorization, Active Directory Domain Services (AD DS) must have user accounts that contain MAC addresses as user names.
  For more detailed information about MAC Address Authorization, please refer to the below article. Hope it helps.
  MAC Address Authorization
  http://technet.microsoft.com/en-us/library/dd197535(WS.10).aspx
  Best Regards,
  Aiden
  Aiden Cao
  TechNet Community Support

• Rassdk authentication to server

  Currently, we are using rassdk to send our report to the server for population.  This option works the best for us considering how often our reports change and the batch process of generating the reports.  However, we realize that the server has the Guest account enabled in order to allow this process.  We'd like to use an authenticated account and turn off the Guest account.
  Is there a way to authenticate to the server while using the rassdk protocol to send our report?  If there is, what code changes will be necessary?  Also, what privileges and setup will be necessary for the user on the server? 
  We are using Crystal Reports Server 2008 (version 12.0)
  Below you'll find our relevant code for our process.
  Thanks in advance,
  // Create a report object and open the report
  ReportClientDocument reportClientDoc = new ReportClientDocument();
  // Set the RAS server to be used.
  String CRServerName = "servername";
  String CRServerPort = "port";
  reportClientDoc.setReportAppServer(CRServerName + ":" + CRServerPort);
  Level level = log.getParent().getLevel();
  // the rassdk:// protocol makes the sdk send the report to the server
  //  from a locally accessible location.
  this.reportFilename = "rassdk://" + this.reportFilename;
  reportClientDoc.open(this.reportFilename, OpenReportOptions._openAsReadOnly);
  log.getParent().setLevel(level);

  Not with unmanaged RAS reporting.  It won't manage authentication for you.
  Sincerely,
  Ted Ueda

• MobileMe not authenticating on server accounts...

  Hello all,
  This is a crosspost from the MobileMe support forums, and I've been banging my head against a wall on this one. I can't seem to figure out what's going wrong here.
  Summary: MobileMe accounts not syncing on any of my portable home directories or server accounts due to authentication error.
  My theory is that it somehow relates to a kerberos problem, but have no way to verify...
  Original thread:
  https://discussions.apple.com/message/15067462#15067462
  Thanks all!

  After much trial and error, I was able to fix the issues.
  I had to uncheck SSL, and the port switched to Port 143...now MobileMe is working with Mail, and MobileMe on my MBP...
  Can anyone explain why I need to do this? And is it secure?
  Thx

• No cleartext SMTP authentication in Server 3.0?

  I am currently running OS X Server 2.2.2 on OS X 10.8. I have several Windows clients that use the eM Client E-mail/CalDAV/CardDAV client for mail, calendar and contacts (thsi is just about the only Windows client that works well for all these with OS XServer). Unfortunately this client can only use cleartext authentication for SMTP (it supports MD5 digest for IMAP). I am able to have this working fine via SSL/TLS to OS X Server 2.2.2 for users hosted in Open Directory.
  I am now testing OS X Server 3.0.1 running on OS X 10.9.1 and I find to my horror that the SMTP authentication no longer works. IMAP authentication still works okay. It seems either there has been soem change to how SSL/TLS autnentication works on 3.0.1 or cleartest authentication is no longer allowed for SMTP...
  Does anyone know if this is indeed a change on the server side? And is there any way to override it and force it to allow cleartext authentication, for Open Directory hosted users, for SMTP (over SSL of course)? If I can't solve this then I am caught between a rock and a hard place.
  Thanks for any insights...

  Hello MrHoffman,
  Thanks for your reply. I have indeed already enabled all those options; my configuration has not changed from 10.8.2/2.2.2 where it all worked just fine (with the same client configuration)  :-(
  Here is the output from my 10.9.1/3.0.1 server:
  bash-3.2# postconf -c /Library/Server/Mail/Config/postfix smtpd_client_restrictions
  smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_rbl_client zen.spamhaus.org permit
  bash-3.2# postconf -c /Library/Server/Mail/Config/postfix smtpd_pw_server_security_options
  smtpd_pw_server_security_options = cram-md5,digest-md5,gssapi,login,plain
  and
  bash-3.2# telnet xxx.yyyyyyyyyy.org.uk 25
  Trying 10.0.200.6...
  Connected to xxx.yyyyyyyyyyy.org.uk.
  Escape character is '^]'.
  220 xxx.yyyyyyyyyyyy.org.uk ESMTP Postfix
  EHLO aaa.yyyyyyyyyyyyyy.org.uk
  250-xxx.yyyyyyyyyyyy.org.uk
  250-PIPELINING
  250-SIZE 31457280
  250-VRFY
  250-ETRN
  250-STARTTLS
  250-AUTH LOGIN PLAIN CRAM-MD5 DIGEST-MD5 GSSAPI
  250-ENHANCEDSTATUSCODES
  250-8BITMIME
  250-DSN
  250-BINARYMIME
  250 CHUNKING
  The problem seems to definitely be related to authentication. If I (temporarily) allow unauthenticated submission on port 25 and set the client to not send any credentials then it connects and sumbits successfully.
  In 'mail.log' I see these messages (many times):
  Jan  2 18:56:13 xxx.yyyyyyyyyyyyy.org.uk postfix/postscreen[13851]: CONNECT from [10.0.200.68]:49293 to [10.0.200.6]:25
  Jan  2 18:56:13 xxx.yyyyyyyyyyyyy.org.uk postfix/postscreen[13851]: WHITELISTED [10.0.200.68]:49293
  Jan  2 18:56:13 xxx.yyyyyyyyyyyyy.org.uk postfix/smtpd[13852]: connect from aaa.yyyyyyyyyyyyy.org.uk[10.0.200.68]
  Jan  2 18:56:13 xxx.yyyyyyyyyyyyy.org.uk postfix/smtpd[13852]: error: verify password: error: Credentials could not be verified, username or password is invalid.
  Jan  2 18:56:13 www.thejenkinsfamily.org.uk postfix/smtpd[13852]: error: verify password: authentication failed: user=ddddd
  I know this user/password is okay since (a) it can login as a network usr authenticated by Open Directory and (b) it can send mail from OS X Mail authenticating using CRAM-MD5 over SSL.
  The eM Client SMTP log shows this...
  16:15:51.477|023|   SMTP S: 220 xxx.yyyyyyyyyy.org.uk ESMTP Postfix
  16:15:51.477|023|   SMTP C: EHLO [10.0.2.15]
  16:15:51.477|023|   SMTP S: 250-xxx.yyyyyyyyyy.org.uk
  16:15:51.477|023|   SMTP S: 250-PIPELINING
  16:15:51.477|023|   SMTP S: 250-SIZE 31457280
  16:15:51.477|023|   SMTP S: 250-VRFY
  16:15:51.477|023|   SMTP S: 250-ETRN
  16:15:51.477|023|   SMTP S: 250-STARTTLS
  16:15:51.477|023|   SMTP S: 250-ENHANCEDSTATUSCODES
  16:15:51.477|023|   SMTP S: 250-8BITMIME
  16:15:51.477|023|   SMTP S: 250-DSN
  16:15:51.477|023|   SMTP S: 250-BINARYMIME
  16:15:51.477|023|   SMTP S: 250 CHUNKING
  16:15:51.477|023|   SMTP C: STARTTLS
  16:15:51.477|023|   SMTP S: 220 2.0.0 Ready to start TLS
  16:15:51.477|023|   SMTP C: EHLO [10.0.2.15]
  16:15:51.477|023|   SMTP S: 250-xxx.yyyyyyyyyy.org.uk
  16:15:51.477|023|   SMTP S: 250-PIPELINING
  16:15:51.477|023|   SMTP S: 250-SIZE 31457280
  16:15:51.477|023|   SMTP S: 250-VRFY
  16:15:51.477|023|   SMTP S: 250-ETRN
  16:15:51.477|023|   SMTP S: 250-AUTH LOGIN PLAIN CRAM-MD5 DIGEST-MD5 GSSAPI
  16:15:51.477|023|   SMTP S: 250-ENHANCEDSTATUSCODES
  16:15:51.477|023|   SMTP S: 250-8BITMIME
  16:15:51.477|023|   SMTP S: 250-DSN
  16:15:51.477|023|   SMTP S: 250-BINARYMIME
  16:15:51.477|023|   SMTP S: 250-CHUNKING
  16:15:51.477|023|   SMTP S: 250 BURL
  16:15:51.493|023|   SMTP C: AUTH LOGIN
  16:15:51.493|023|   SMTP S: 334 VXNlcm5hbWU6
  16:15:51.493|023|   SMTP C: Y2hyaXM=
  16:15:51.493|023|   SMTP S: 334 UGFzc3dvcmQ6
  16:15:51.493|023|   SMTP C: d2VhdmV3MQ==
  16:15:51.555|023|   SMTP S: 535 Error: authentication failed
  16:15:53.895|023|   SMTP C: AUTH LOGIN
  16:15:53.895|023|   SMTP S: 334 VXNlcm5hbWU6
  16:15:53.895|023|   SMTP C: Y2hyaXM=
  16:15:53.895|023|   SMTP S: 334 UGFzc3dvcmQ6
  16:15:53.895|023|   SMTP C: d2VhdmV3MQ==
  16:15:53.942|023|   SMTP S: 535 Error: authentication failed
  16:15:54.488|023|   SMTP C: AUTH LOGIN
  16:15:54.488|023|   SMTP S: 334 VXNlcm5hbWU6
  16:15:54.488|023|   SMTP C: Y2hyaXM=
  16:15:54.504|023|   SMTP S: 334 UGFzc3dvcmQ6
  16:15:54.504|023|   SMTP C: d2VhdmV3MQ==
  16:15:54.550|023|   SMTP S: 535 Error: authentication failed
  Do you have any insights? I am somewhat stumped at this point... I am wonderign is some subtle change (in OS X Server) has resulted in an incompatibility between eM Client and OS X Server 3.0.
  Regards,
  Chris

• E70 is not authenticating to server ... so mail is...

  I setup my email account on E70, set credentials on both incoming and outgoing settings.
  I can retrieve/fetch mail from IMAP server.
  PROBLEM: I cannot send outgoing emails because authentication is not happening.
  Tests done:
  -) the server accepts authentication
  -) authentication works with pc email client
  -) sniffed network and found E70 is not attempting authentication
  Firmware is latest: 3.0633.09.04
  Nokia Model: E70-1
  CODE: 0526646
  following is the sniffed exchange
  220 ESMTP service ready Sat, 9 Jun 2007 11:21:42 +0200
  EHLO [10.10.10.120]
  250-mx2.acme.com Hello [10.10.10.120] ([x.y.z.33]), pleased to meet you
  250-AUTH LOGIN
  250-DSN
  250-SIZE
  250-8BITMIME
  250 PIPELINING
  RSET
  250 Reset state
  MAIL FROM:[email protected]
  250 [email protected].. Sender OK
  RCPT TO:[email protected]
  554 Relay rejected for policy reasons.
  QUIT
  Any help is appreciated

  nop, I lost my E70, and changed to an E90 Communicator.
  I do not have this problem on Communicator, although I have another old annoying problem I have had with many E series Nokia phones: from time to time, the account gets messed up (i.e. it does not download mail anymore) and there is no way to recover it except deleting it and recreating from scratch. I once called Nokia support and the operator answer was: "let's try to create a new account and see if it works" That was exactly the thing I was complaining about, so I gently terminated the conversation and concluded there is no support from Nokia to end users. I have tested iPhone, and as a phone, it is still immature, but the email client is a lot better. I am really looking into next releases of iPhone to see if I can switch away from Nokia. I hope Nokia gets a wake up call from posts like these before it gets it from sales ...

• Distributed Authentication Service Server or Reverse Proxy

  My environment have two layers firewall in place. The DMZ is sitting on the first-tier firewall as general web sites while I plan to put Access Manager server on the second-tier firewall. As we know that, AM have to send SSO token back to the browser after authenticated. In this configuration, based on security policy we don't allow direct connection between the browser and AM. That's why we put DSSS or Reverse proxy on the DMZ zone and act as the gateway for internal & exteranl traffic.
  Can anyone post the comparison, pros and cons between DSSS and Reverse Proxy? Which one is better in term of features and easy-to-implement?
  Finally, Is there any other alternatives if don't want to use both DSSS and Reverse proxy? I ask this question because AM will be single point of failure of the whole system. If AM have been attacted from whether direct or indirect, all services will be unaccessable.
  Best Regards,
  mthekid

  Bernhard,
  Thanks for your response. Because my major concern is security so I want to prevent denial of service on Access Manager. It look like writing my own dist-auth equal mechanism will help. However, I have 3 different platforms in single sign-on environment. Does this mean I have to create 3 dist-auth-like ones ?
  Do you think if they are worth to do (I hope I can find documentation and guideline at http://docs.sun.com) ? Please tell me frankly. I am semi-technical and presales. If they are too complex and time consuming, I may decide to with dist-auth.

• Authentication via server running OpenLDAP

  Client: OSX 10.5.6
  Server: ubuntu-server 8.04 running slapd (no TLS)
  I am posting here as a last resort and after a week of frustration. I am not able to log in as any LDAP user. I have configured LDAPv3 on Leopard via Directory Utility. I can successfully contact the LDAP server, the proof is below. I am using SSH to test logging in. I am able to switch to the user by doing "sudo su elvis," which hardly matters because it wouldn't ask for a password anyway, but I just thought I would mention that for further proof that communication with the LDAP server is at least somewhat working.
  $ sudo tail -f -n 0 /var/log/secure.log
  Feb 19 22:53:49 iMac com.apple.SecurityServer[21]: checkpw() returned -2; failed to authenticate user elvis (uid 1002).
  Feb 19 22:53:49: --- last message repeated 1 time ---
  Feb 19 22:53:49 iMac com.apple.SecurityServer[21]: Failed to authorize right system.login.tty by client /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
  Feb 19 22:53:49 iMac sshd[2470]: error: PAM: Authentication failure for elvis from XXXXXXXXXXXXXXX
  $ finger elvis
  Login: elvis Name: Elvis Presley
  Directory: /home/elvis Shell: /bin/bash
  Never logged in.
  No Mail.
  No Plan.
  $ sudo su elvis
  bash: /home/elvis/.bashrc: Input/output error
  bash-3.2$ whoami
  elvis
  $ ldapsearch -x -h u-god -b "uid=elvis,dc=mydomain,dc=com"
  # extended LDIF
  # LDAPv3
  # base <uid=elvis,dc=mydomain,dc=com> with scope subtree
  # filter: (objectclass=*)
  # requesting: ALL
  # elvis, mydomain.com
  dn: uid=elvis,dc=mydomain,dc=com
  authAuthority: ;basic;
  uid: elvis
  cn: Elvis Presley
  homeDirectory: /home/elvis
  uidNumber: 1002
  objectClass: posixAccount
  objectClass: shadowAccount
  objectClass: person
  objectClass: inetOrgPerson
  objectClass: apple-user
  gidNumber: 100
  gecos: Elvis Presley
  sn: Elvis Presley
  loginShell: /bin/bash
  # search result
  search: 2
  result: 0 Success
  # numResponses: 2
  # numEntries: 1

  ttt