On 19/03/10 12:39 +0200, Μανόλης Βλαχάκης wrote:
Hallo there everyone
i hope you can help me with my issue cause it really bothers me for a week
i set up an ldap on gentoo and after modifying heimdal kerberos and tls i am stuck to that point: i get these errors...
additional info: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context
AS-REQ host/proof.teipir.gr@TEIPIR.GR http://teipir.gr/ from IPv4:10.0.0.12 for krbtgt/TEIPIR.GR http://teipir.gr/@TEIPIR.GRhttp://teipir.gr/ 2010-03-18T16:32:58 Client sent patypes: none 2010-03-18T16:32:58 Looking for ENC-TS pa-data -- host/proof.teipir.gr@ TEIPIR.GR http://teipir.gr/ 2010-03-18T16:32:58 No preauth found, returning PREAUTH-REQUIRED -- host/ proof.teipir.gr@TEIPIR.GR http://teipir.gr/ 2010-03-18T16:32:58 sending 268 bytes to IPv4:10.0.0.12
Is there one host involved or two, and do they both have valid credential caches (klist)?
Does your openldap user have access to /etc/krb5.keytab? What does your cyrus sasl config look like (if it exists)?
Assuming you're using an ldapsearch command from the client, what options are you passing?
Do you have any custom SASL config items in your openldap config (sasl-host, sasl-realm or sasl-secprops)?