I'm trying to test SASL EXTERNAL to an AD server, which saying support EXTERNAL. the command I ran is: ldapwhoami -H ldap://example.com:389 -YEXTERNAL but it returned: ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available: what does this error message mean?
I already installed the necessary package, here is my dpkg return: ~$ dpkg -l | grep sasl ii libauthen-sasl-perl 2.1600-1 all Authen::SASL - SASL Authentication framework ii libsasl2-2:amd64 2.1.27~101-g0780600+dfsg-3ubuntu2 amd64 Cyrus SASL - authentication abstraction library ii libsasl2-dev 2.1.27~101-g0780600+dfsg-3ubuntu2 amd64 Cyrus SASL - development files for authentication abstraction library ii libsasl2-modules:amd64 2.1.27~101-g0780600+dfsg-3ubuntu2 amd64 Cyrus SASL - pluggable authentication modules ii libsasl2-modules-db:amd64 2.1.27~101-g0780600+dfsg-3ubuntu2 amd64 Cyrus SASL - pluggable authentication modules (DB) ii libsasl2-modules-gssapi-mit:amd64 2.1.27~101-g0780600+dfsg-3ubuntu2 amd64 Cyrus SASL - pluggable authentication modules (GSSAPI)
and I can run ldapwhoami with SASL GSSAPI against the above mentioned AD server successfully. the error seems the "EXTERNAL" is not even supported, is not about invalid credential. I also tried to created a new certificate with the server credential, and modified the .ldaprc to point to the new certificate. still does not work.
who can tell me how ?
Thanks ahead!
Peter