Ldap login mac os x

I can see the home directory but can't enter it. The biggest difference between the test tree and the production tree is that there are several sub ou's in nthe tree whereas the test tree only has users at the organization container level. I have been using the same NFS exports with Linux clients for some time without a permissions issue.

Subscribe to RSS

They are authenticating to an NIS server. Any thoughts as to why the home directory can't be accessed? It is mounted in the correct path and appropriate permissions appear to be set but OS X isn't buying all of it.


  • IS&T Contributions.
  • What is LDAP?.
  • setup up LDAP client on Mac OS X - Wilson's Notes.
  • LDAP Authentication from MAC OSX - Support - NethServer Community.
  • All replies.

Labels 1. Labels Native File Access.

Mac OS X, Ldap authentication, and Home directories - Micro Focus Community -

All forum topics Previous Topic Next Topic. Hi, Back at the problem again. I had some ideas about the cause of the problem; 1 The netware name of the volume that student home directories are on is "VOL1" but the AFP name is "studentHdrive".

CERT Coordination Center

Could this have an effect on finding the home directory? I am using an NFS static mount. That would explain the inability to access the home directory.


  • configure joystick mac os x.
  • What can we do for you??
  • Navigation menu.
  • best twitter desktop client mac.
  • How to Configure LDAP Authentication for macOS Directory Services | Barracuda Campus!
  • show pictures on apple tv from mac.

I have used the ldap browser to compare the information being read in my test tree with the info being read in my production tree. Nothing there jumps out at me as being a problem. I don't understand why one works and the other doesn't with virtually identical NFAP setups.

How do I add LDAP authentication for Mac OS X 10.11 & newer?

Thanks Dave. This is strange as the export is not setup to do that and it works fine from Linux boxes. Any thoughts?

Community supported Mac special interest group at Stanford University

I forgot to mention the syntax of my export. A vulnerability in the way some of these versions of MacOS X handle authentication in certain environments could expose user's passwords in plaintext as they're transmitted across the network. Client systems using Kerberos login passwords and integration with an LDAP server may inadvertently send the account password over the network to the LDAP server in clear text format.

If the "authentication authority" attribute is not set on the LDAP server, the loginwindow application will try to authenticate the account to the configured LDAP server. After trying to authenticate the user with an encrypted password, the loginwindow application falls back to trying a Bind using an AuthenticationChoice of simple on the server.

This fallback action causes the account password to be transmitted over the network in clear text. This vulnerability is exposed strictly in an environment where clients are configured to use Kerberos for authentication and LDAP for lookup of other user records. This configuration is not the default for MacOS X, but is commonly recommended and used for environments with a large userbase.

Apple Open Directory

An attacker who has the ability to sniff packets as they cross the network or has access to logs on the LDAP servers can acquire the plaintext passwords of users authenticating to the Kerberos system. The attacker could subsequently use these passwords to impersonate the corresponding users and gain the privileges of that principle in the Kerberos realm.

Patches and workarounds are available for this vulnerability. Please see the vendors section of this document for more details. If you have feedback, comments, or additional information about this vulnerability, please send us email.

admin