Here a test. I didn't receive my own mail.
This mail was it received by the list ?
-------- Original Message -------- Subject: ldap_sasl_interactive_bind_s: Other (e.g., implementation specific ) error (80) Date: Tue, 05 Jul 2011 17:52:54 +0200 From: Fabien COMBERNOUS fcombernous@kezia.com To: openldap-technical@openldap.org
Hi There,
I have an openldap master (hosted by server) and an openldap replica (hosted by replica). Authentication use SASL/GSSAPI with kerberos.
On the master i get the following output : server:~ admin$ kinit root Please enter the password for root@SERVER.LAN: server:~ admin$ ldapsearch -b cn=mounts,dc=server,dc=lan SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Other (e.g., implementation specific ) error (80)
On the replica all looks fine : replica:~ admin$ kinit root Please enter the password for root@SERVER.LAN: server:~ admin$ ldapsearch -b cn=mounts,dc=server,dc=lan SASL/GSSAPI authentication started SASL username: root@SERVER.LAN SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base<cn=mounts,dc=server,dc=lan> with scope subtree # filter: (objectclass=*) # requesting: ALL # etc ...
I saw some thread on mailing list that say to take care of owner, groups and permissions of files krb5.keytab and database. All looks good in this side.
Any other areas to check ?
Regards,