Working closely with Juan we manged to find the issue. During the process of configuration changed the hostname and I commented old hostname in the /etc/hostname file. Removing the comment helped.
On Thu, Nov 14, 2013 at 11:19 AM, Piotr Kliczewski piotr.kliczewski@gmail.com wrote:
On Thu, Nov 14, 2013 at 11:05 AM, Juan Hernandez jhernand@redhat.com wrote:
On 11/14/2013 11:01 AM, Piotr Kliczewski wrote:
Hello everyone,
I working on configuring OpenLdap 2.4.36 with kerberos for oVirt running on f19.
I follow following instruction: https://bugzilla.redhat.com/show_bug.cgi?id=967327#c5
Please note that the instruction was written for f18. In order to have step 18 working from command line I had to set SASL_NOCANON to off. The reason was that I got:
ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context
When SASL_NOCANON is off I can search the ldap but have the same issue from java code:
I got javax.naming.AuthenticationException: [LDAP: error code 49 - SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context]. Have this when connecting using engine-manage-domains (http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=blob;f=backend/manager/m... line 84).
Can you please point me where is my config issue?
I copied engine-devel for reference.
Do you have the cyrus-sasl-gssapi package installed? That should have been part of step 1. Try this:
# yum -y install cyrus-sasl-gssapi
I think that once that is installed you shouldn't need to set SASL_NOCANON off.
You are right the package was not installed I restarted slapd, krb5kdc and kadmin after installing. I kinit one more time and tried to ldapsearch as in step 18 but with the same result.
-- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.