I have successfully installed and tested Kerberos 5-1.2.6 and SASL
2.1.7. I am able to login, authenticate and interact using these
protocols (using a W2K Active Directory KDC). However, I am unable to
get this working with OpenLDAP. This is also after reading through and
following the steps outlined at http://www.bayour.com/LDAPv3-HOWTO.html
and at
http://www.microsoft.com/windows2000/techinfo/planning/security/kerbstep
s.asp.
This is the third time I have attempted this, and I have browsed through
most of the mailing list archives for the past 6 months. At this point,
I can successfully perform the following command (and receive results):
ldapsearch -H ldaps://<AD Controller>/ -x -D <AD DN> -W -b <AD Base>
-LLL "SAMAccountName=<AD Login Name>"
However, when I try:
ldapsearch -H ldaps://<AD Controller>/ -I -b <AD Base> -LLL
"SAMAccountName=<AD Login Name>"
I receive "ldap_sasl_interactive_bind_s: Local error (82)". I have
attempted this with the Solaris "truss" command, but am not certain if
this output is informative. I am including a small sample transcript of
the session and the output of a truss command.