On 12/06/2010 01:22 AM, Indexer wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 05/12/2010, at 00:51, Matej Zagiba wrote:
SASL [conn=1003] Failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Configuration file does not specify default realm)
Do you mind showing us your slapd configuration, and also your sasl configuration?
in /etc/ldap/slapd.conf I have:
# setup SASL and authentification identities mapping sasl-host my.ldap.host sasl-realm MY.KRB.REALM
authz-regexp uid=([^,/])([^,/]*),cn=my.krb.realm,cn=gssapi,cn=auth ldap:///ou=$1,ou=people,dc=domain,dc=top??one?(&(uid=$1$2)(objectClass=posixAccount))
authz-regexp uid=([^,/])([^,/]*),cn=gssapi,cn=auth ldap:///ou=$1,ou=people,dc=gomain,dc=top??one?(&(uid=$1$2)(objectClass=posixAccount))
in /etc/krb5.conf I have:
[libdefaults] default_realm = MY.KRB.REALM kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true
[realms] MY.KRB.REALM = { kdc = krb1.my.domain kdc = krb2.my.domain admin_server = krb1.my.domain database_name = /var/lib/krb5kdc/principal iprop_enable = true iprop_master_ulogsize = 2048 iprop_slave_poll = 30 iprop_port = 755 }
[domain_realm] .my.domain = MY.KRB.REALM my.domain = MY.KRB.REALM
[logging] kdc = FILE:/var/log/kdc5.log admin_server = FILE:/var/log/kadm5.log default = FILE:/var/log/krb5.log
I've generated keytab file with ldap/my.ldap.host principal and put it in /etc/ldap/ldap.keytab
Because I don't use {SASL} password scheme, there is no special SASL configuration. Usage is like this (client):
ldapsearch -Y GSSAPI SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Configuration file does not specify default realm)
server logs: Dec 6 13:01:16 ldaphost slapd[30828]: conn=13532 fd=45 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi) Dec 6 13:01:16 ldaphost slapd[30828]: conn=13532 op=0 BIND dn="" method=163 Dec 6 13:01:16 ldaphost slapd[30828]: SASL [conn=13532] Failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Configuration file does not specify default realm) Dec 6 13:01:16 ldaphost slapd[30828]: conn=13532 op=0 RESULT tag=97 err=80 text=SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Configuration file does not specify default realm) Dec 6 13:01:16 ldaphost slapd[30828]: conn=13532 fd=45 closed (connection lost)
I tried google the problem, but it didn't help.
William Brown
pgp.mit.edu
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQIcBAEBAgAGBQJM/CyyAAoJEHF16AnLoz6JvI8P/1JliyuejJntiwfsGAbanVay sj6UaXSd4M9V6X7zd3/MlUpAS7/Bm30iPCkfIgrjb63sLvCqDXX0ZeMSvKXHIpmX zkyZP32mU7OEm8WMCUM5rl/OkVw7e6DQ1ikRhxi3isusZzBGtd2LBQO4aHU2aoeQ ZI4RNqJYnUhcN4DWPk+NJfu6gSYPJjCfkzEnQUuwvdJiibe8pE6lBbTQG6W7GqHY k+2A+XYC5JEmk5pmV9iklviipvgxIN39/Gg/PefpgxxcYbDo4e09uSJVDXA2LjlD B5CIltk8kvD7ibc5SG/xJ7PhRaTFnFuT9oca7L7TLO8ZIPSBB+uILR80vA8guyaT 6Z7S4Q/UaQ1owBBfGCV/ovqmzMiRb0TEO9EcnEoj15KxIJCkIHa3FEZhp+pf3hfI 1KlkgeHhD2Ez4ewRCwi01mH8vWW8zLeWxlxV7PHzzpo1pttTcykZdUR6EmKY7Y5x lkMjn6vGJRrkiI55xA0Un3nqgmrHoHkwF3WuU6Bm0P4x/zZGdNlKKIu53t7VcOzb RtaGE+33dPMoXZ+asgo/JUaS+3UstmOJ3VITAyQKy8H43rK101i6UViFkZGLA3a0 9gESpUqLZ5dh1sQdM/shTgsZpBpOktmYU99rYqTQvnESHTWI2ZRyjco7eEdCNcRF 4pSO3jb4q+dQ1hoPKlpt =rfTQ -----END PGP SIGNATURE-----