On 03/04/12 15:04 +0000, luxInteg wrote:
Greetings,
i am new to this list. I have a computer with these:- cpu: amd64 2 cores os linux 64bit distro=cblfs kernel-3.2.1, gcc-4.5.2 auth progs: MIT-kerberos-1.10, sasl-2.1.25. openldap-2.4.29
( I have an inhouse CA and generated a signed Certicate/Key pair on this machine running openssl-0.9.8 I transferred these and the cacert.pem file securely to the machine above and these are included in the slapd.conf file )
I verified ldap is running without sasl with the ldapsearch command like so:- ldapsearch -xWLLL "ou=people" -H ldaps://tester.example.com
When I tried the same command for a sasl bind:- ldappsearch -LLL "ou=people" -H ldaps://tester.example.com
I get this ################################################### SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context ###################################################
Check your kdc logs. Research what 'gss_accept_sec_context' and 'res_matched' mean, since those appear to be errors returned from your krb5 library.
Make sure you are not hitting this bug in cyrus sasl:
https://bugzilla.cyrusimap.org/show_bug.cgi?id=3480
One way to determine if you are, is to perform your gssapi bind without ldaps or starttls-over-ldap.
read1msg: ld 0x2018010 0 new referrals read1msg: mark request completed, ld 0x2018010 msgid 1 request done: ld 0x2018010 msgid 1 res_errno: 49, res_error: <SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_int_sasl_bind: <null> ldap_parse_sasl_bind_result ber_scanf fmt ({eAA) ber: ber_dump: buf=0x20eb750 ptr=0x20eb753 end=0x20eb7a5 len=82