Maxwell Bottiger wrote:
Hello all,
I've found lots of information about problems related to mine in the FAQ and around the net, but I don't have a solution yet. Here's my setup:
Open Ldap 2.2 MIT Kerberos SASL 2.1.20
MIT Kerberos is known to work very poorly with OpenLDAP slapd. Heimdal is known to work well. On the client side, either one will work, but generally I would recommend using Heimdal.
I'm using ldap to provide directory services and user info to some linux workstations. This was working, but after upgrading a test machine to Fedora 6 I've started having some serious problems.
[sleepylight@minitop ~]$ ldapsearch -H ldap://ns.jive-turkey.net -Y GSSAPI SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context
I figure this is one of three possible problems. 1 - saslauthd isn't working right
SASL-enabled servers don't talk to saslauthd to perform GSSAPI authentication, so that is out of the equation.
2 - ldap isn't talking to sasl correctly
unlikely.
3 - I've done something wrong with my ldap quires.
possible.
Kerberos seems to work fine. I can get my credentials with kinit, and the GSSAPI credentials are working for ssh logins. Also, I can use testsaslauthd and get a success from the authd server.
Since you say kinit works, what tickets does klist show you having?