Am Sun, 12 Jun 2016 17:34:47 +0300 schrieb l@avc.su:
Hi Dieter. I've tried performing this search from CentOS6 machine, with my own UPN, with machine UPN, and it were successful. Accessing SPN ldap/dc.contoso.com@CONTOSO.COM Keytab is located in /etc/krb5.keytab, owned by root, access mode 0600. Dumped traffic from the problem server. On myTGS-REQ, DC responds with 'krb5kdc_err_svc_unavailable' packet. 12.06.2016, 10:41, "Dieter Klünter" dieter@dkluenter.de:
Am Sat, 11 Jun 2016 14:27:26 +0300 schrieb l@avc.su:
[...]
the user, slapd runs as, needs to read keytab. Check with klist whether a ldap service principal ticket is available.
-Dieter