我尝试过本指南在我的 FreeIPA 域中注册一台运行 OS X 10.13.6 的 Mac,我的家庭网络上的所有 Linux 机器都是如此。
所有步骤均有效,但我无法以任何 freeipa 用户身份登录(甚至无法通过 ssh 登录)。
并且由于某种原因,当我将 LDAPv3 设置为使用 SSL 时,ipa 服务器在系统偏好设置中显示为离线,但是当我关闭 SSL 时,它可以正常连接。
答案1
检查 LDAP 的 SASL
/usr/libexec/PlistBuddy -c "add ':module options:ldap:Denied SASL Methods:' string DIGEST-MD5" /Library/Preferences/OpenDirectory/Configurations/LDAPv3/freeipa.genomics.local.plist
/usr/libexec/PlistBuddy -c "add ':module options:ldap:Denied SASL Methods:' string CRAM-MD5" /Library/Preferences/OpenDirectory/Configurations/LDAPv3/freeipa.genomics.local.plist
/usr/libexec/PlistBuddy -c "add ':module options:ldap:Denied SASL Methods:' string NTLM" /Library/Preferences/OpenDirectory/Configurations/LDAPv3/freeipa.genomics.local.plist
/usr/libexec/PlistBuddy -c "add ':module options:ldap:Denied SASL Methods:' string GSSAPI" /Library/Preferences/OpenDirectory/Configurations/LDAPv3/freeipa.genomics.local.plist
/usr/libexec/PlistBuddy -c "add ':module options:ldap:Denied SASL Methods:' string DIGEST-MD5" /Library/Preferences/OpenDirectory/Configurations/LDAPv3/freeipa.genomics.local.plist
/usr/libexec/PlistBuddy -c "add ':module options:ldap:Denied SASL Methods:' string CRAM-MD5" /Library/Preferences/OpenDirectory/Configurations/LDAPv3/freeipa.genomics.local.plist
/usr/libexec/PlistBuddy -c "add ':module options:ldap:Denied SASL Methods:' string NTLM" /Library/Preferences/OpenDirectory/Configurations/LDAPv3/freeipa.genomics.local.plist
/usr/libexec/PlistBuddy -c "add ':module options:ldap:Denied SASL Methods:' string GSSAPI" /Library/Preferences/OpenDirectory/Configurations/LDAPv3/freeipa.genomics.local.plist