slapconfig -setauthmechanisms equivalent in OS X 10.9 ?

Question

slapconfig -setauthmechanisms equivalent in OS X 10.9 ?

After creating an Open Directory using commandline slapconfig -createldapmasterandadmin I am missing SMB authentication for users created in OD.

Logs on server running file sharing service confirm that:

Node: /LDAPv3/example.com, Module: AppleODClientPWS - Audit - Credential method not supported (5100) - Modify password for record type Users 'testuser' node '/LDAPv3/example.com', using method dsAuthNodeNTLMv2

I tried running slapconfig -getauthmechanisms and slapconfig -setauthmechanisms commands, but these options seems to be missing since Lion.

dscl /LDAPv3/127.0.0.1 read / AuthMethod on master directory server gives me this:

AuthMethod: dsAuthMethodStandard:dsAuthGetGlobalPolicy dsAuthMethodStandard:dsAuthGetPolicy dsAuthMethodStandard:dsAuthSetGlobalPolicy dsAuthMethodStandard:dsAuthSetPolicyAsRoot dsAuthMethodStandard:dsAuthNodeCRAM-MD5 dsAuthMethodStandard:dsAuthSetPasswd dsAuthMethodStandard:dsAuthSetPasswdAsRoot dsAuthMethodStandard:dsAuthChangePasswd dsAuthMethodStandard:dsAuthClearText dsAuthMethodStandard:dsAuthCrypt dsAuthMethodStandard:dsAuthNodeNativeCanUseClearText dsAuthMethodStandard:dsAuthNodeNativeCannotUseClearText

While on another test installation with Open Directory created using Server.app GUI - and SMB authentication working - this dscl command results in:

AuthMethod: dsAuthMethodStandard:dsAuthGetGlobalPolicy dsAuthMethodStandard:dsAuthGetPolicy dsAuthMethodStandard:dsAuthSetGlobalPolicy dsAuthMethodStandard:dsAuthSetPolicyAsRoot dsAuthMethodStandard:dsAuthNodeCRAM-MD5 dsAuthMethodStandard:dsAuthSMBNTKey dsAuthMethodStandard:dsAuthNTWithSessionKey dsAuthMethodStandard:dsAuthMSCHAP2 dsAuthMethodStandard:dsAuthMPPEMasterKeys dsAuthMethodStandard:dsAuthNodeDIGEST-MD5 dsAuthMethodStandard:dsAuthNodeNTLMv2 dsAuthMethodStandard:dsAuthNodeNTLMv2WithSessionKey dsAuthMethodStandard:dsAuthAPOP dsAuthMethodStandard:dsAuthSetPasswd dsAuthMethodStandard:dsAuthSetPasswdAsRoot dsAuthMethodStandard:dsAuthChangePasswd dsAuthMethodStandard:dsAuthClearText dsAuthMethodStandard:dsAuthCrypt dsAuthMethodStandard:dsAuthNodeNativeCanUseClearText dsAuthMethodStandard:dsAuthNodeNativeCannotUseClearText

Notice a lot more authentication methods available.

So, how I can add missing authentication mechanisms?

Posted on Apr 2, 2014 8:37 AM

Reply

Answer 1

Top-ranking reply

Witold Oleksiak Author

Level 2

170 points

Apr 3, 2014 7:04 AM in response to Witold Oleksiak

Found the solution myself.

dscl -u diradmin -p /LDAPv3/127.0.0.1 -append /Config/dirserv apple-enabled-auth-mech SMB-NTLMv2

Then Open Directory service restart. That does the trick.

Reply