[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP+kerboros -> win2k AD
On Tue, 21 Aug 2001, Stephan Siano wrote:
> On Tuesday, 21. August 2001 14:57, you wrote:
> > I'm having troubles with setting up a Linux RedHat 7.1 machine as a
> > ldap-client using ldapsearch with kerberos autenthication for accessing
> > win2k Active Directory.
> >
> > I'we tried to search the archives for a solution for my problem but I
> > have't found one. I only know that it should be possible (at least
> > according to http://diswww.mit.edu:8008/menelaus.mit.edu/kerberos/14603).
> >
> > I'm using MIT Kerberos V which ought to be set up right while kinit gets a
> > tiket from the Windows KDC.
> >
> > Trying to use ldapsearch -k gives this error message:
> > ldap_bind: Not Supported
> >
> > The man pages only say that OpenLDAP needs to be compiled with kerberos
> > support for the -k option to work, but not how it should be done. I'we
> > compiled with --with-kerberos but it doesn't help. I can't really see that
> > it should be the win2k AD that doesn't support kerberos.
>
> --with-kerberos is Kerberos 4 (and AD kind of Kerberos 5). To make OpenLDAP
> work with Kerberos 5 you need to compile LDAP with SASL-Support and install
> the GSSAPI-SASL Mechanism on the machine. You also need a principal for
> ldap/host@REALM and the appropriate keytab file on the LDAP-Server.
Ok, this makes sense. I'we installed GSSAPI-SASL but trying to compile
with sasl-support gives this error:
openldap-2.0.11# ./configure --with-cyrus-sasl --enable-spasswd --enable-kpasswd
Copyright 1998-2001 The OpenLDAP Foundation, All Rights Reserved.
Restrictions apply, see COPYRIGHT and LICENSE files.
Configuring OpenLDAP 2.0.11-Release ...
...
...
...
checking for krb5.h... no
checking for krb.h... no
checking for des.h... no
checking for krb-archaeology.h... no
configure: error: Kerberos detection failed
Which package should these headers come with/which installation hasn't
been properly done? locate gives this:
openldap-2.0.11# locate krb5.h
/usr/src/openldap-2.0.11/include/ac/krb5.h
/usr/kerberos/include/gssapi/gssapi_krb5.h
/usr/kerberos/include/krb5.h
Kerberos is as far as I can see properly set up while i get a ticket from
the win2k KDC.
Regards,
Pontus Fred