[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
openLDAP/SASL/KerberosV(heimdal)
Hello,
I am having trouble with GSSAPI. I can authenticate and work locally,
but whenever I attempt to ldapsearch from another box, it fails.
I tested the kerberosV to ensure it is working (using ktelnet). The
sample-server and sample-client properly talk GSSAPI as well.
It seems to be acting as if there were no local ticket issued by
kerberos, yet other kerberized apps work fine.
Any help would be greatly appreciated
--chris
cmaxwell@themanor.net
slapd.conf: (highlights only)
sasl-host machineB.domain.tld
sasl-realm DOMAIN.TLD
access to *
by users write
by anonymous read
by * read
rootdn "uid=root@DOMAIN.TLD"
Two machines. Both are openBSD 3.2 boxes, running OpenLDAP 2.0.27, and
Cyrus-SASL 1.5.27. KerberosV is heimdal.
Machine B is the kerberosV keyserver, and openldap server.
Machine A is a kerberosV client (using machineB as its kdc), and has a
test openldap server installed locally to ensure SASL is working
correctly (for a baseline).
---
[local] When I run ldapsearch from machine-B (to machine-B), the request
works, initializes SASL, and returns "GSSAPI" as the supported
mechanism.
[local]When I run ldapsearch from machine-A (to machine-A), the request
works, initializes SASL, etc.
[remote]When I run ldapsearch from machine-A (to machine-B), the request
fails!
ldap_sasl_interactive_bind_s: Local error
Machine "B":
192.168.0.232
-KDC
-OpenLDAP server
Before Running "kinit" (for reference)
/usr/local/bin/ldapsearch -Y GSSAPI -H ldap://<machineB> -b '' -s base
-LLL supportedSASLMechanisms
ldap_sasl_interactive_bind_s: Local error
After Running "kinit"
SASL/GSSAPI authentication started
SASL SSF: 56
SASL installing layers
dn:
supportedSASLMechanisms: GSSAPI