ldapsearch using GSSAPI failed to run from other machine ... - openldap-software

10 Feb 2010


      hello All,
Finally I had the "openldap-2.2.5 + cyrus-sasl-2.1.23 + krb5-1.6.3"
running on my AS5_64 machine. But now I can only do ldapsearch with
GSSAPI on the same machine as the slapd and other suite running, if I
ran it from other machine, then it failed with (Unknown code krb5 7).
Of course, simple auth worked well.
This is a dummy question. I just newly contacted with sasl+krb5 with
ldap. Can anyone else kindly people tell me how to make ldapsearch
working from other machine? E.g, what kind of setup/procedure I should
do on the other machine before I can do ldapsearch with gssapi
effectively?
FYI, on the other machine, I had the same version of
"cyrus+krb5+openldap" installed, so I think the "ldapsearch" links to
the enough libraries to do sasl.
Output when run on the different machine
=============================
/tmp_proj/cyrus-sasl-2.1.23/sample>ldapsearch -h 10.230.34.88 -p 9001
-Y gssapi -U admin  -b "sn=admin,ou=People,o=Acme" '(objectclass=*)'
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
        additional info: SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure.  Minor code may provide more information
(Unknown code krb5 7)
Run on the same machine, it seems working.
=======================
/tmp_proj/test/cyrus-sasl-2.1.23/sample>kinit lablogin
Password for lablogin@IC.ACME.COM:
/tmp_proj/test/cyrus-sasl-2.1.23/sample>ldapsearch -h 10.230.34.88 -p
9001 -Y gssapi -U admina@iclab062.ic.acme.com -b
"sn=admin,ou=People,o=Acme" '(objectclass=*)'
SASL/GSSAPI authentication started
SASL username: lablogin@IC.ACME.COM
SASL SSF: 56
SASL installing layers
# extended LDIF
#
# LDAPv3
# base <sn=admin,ou=People,o=Acme> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#
# admin, People, Acme
dn: sn=admin,ou=People,o=Acme
objectClass: top
objectClass: person
objectClass: organizationalPerson
userPassword:: e1NTSEF9bGZMNXZNNFR1T1VrSm51eVk3RGJWODJFUUpvYVRNWWY=
cn: Administrator
sn: admin
# search result
search: 4
result: 0 Success
# numResponses: 2
# numEntries: 1