Hello,
I have authentication problems while accessing the LDAP database. Each attempt to view or modify the DB leads to this error:
[root@mysystem]~> ldapwhoami SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No credentials cache found)
On the other hand users can log on, change their passwords and so on - all that's working fine.
I found some similar problems in the web but no answer to those helped me to solve this. I suppose it's not a big thing and apologize for my limited understanding of ldap and authentification procedures.
Thanks for any help Best regards
Fred
Frederick Kramer wrote:
[root@mysystem]~> ldapwhoami SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No credentials cache found)
It seems you don't have a file with the TGT. Did you invoke kinit before? What does the output of klist look like?
On the other hand users can log on, change their passwords and so on - all that's working fine.
Whatever that means in your system environment. We could only guess but that's not helpful without further information.
Ciao, Michael.
Frederick Kramer kramer@ikf.uni-frankfurt.de writes:
Hello,
I have authentication problems while accessing the LDAP database. Each attempt to view or modify the DB leads to this error:
[root@mysystem]~> ldapwhoami SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No credentials cache found)
On the other hand users can log on, change their passwords and so on - all that's working fine.
I found some similar problems in the web but no answer to those helped me to solve this. I suppose it's not a big thing and apologize for my limited understanding of ldap and authentification procedures.
Du you use kerberos at all? If so, check krb5 file permissions. Did you create a service principal and a host principal? What is the output of klist?
-Dieter
openldap-software@openldap.org
-
Dieter Kluenter -
Frederick Kramer -
Michael Ströder