[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GSSAPI Error: Miscellaneous failure (see text) (Message stream modified)



Hi Michael,

--On Dienstag, 20. April 2004 14:03 +0200 Michael Ströder <michael@stroeder.com> wrote:

HI!

I'd like to access a W2K3 Active Directory with OpenLDAP tools.


$ ldapsearch -P 3 -H ldap://bdb1.xxx.local -b "" -s base -Y GSSAPI SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (see text) (Message stream modified)

I had the same problem. I then recompiled everything (openldap 2.2.10, cyrus-sasl 2.0.18 and heimdal 0.6.1) and now it works - mostly. ldapsearch hangs after displaying the last entry if maxssf > 0:


/usr/local/openldap/bin/ldapsearch -h thinkpad.ad.local -s base -b "" -Y
GSSAPI -O maxssf=1 -d 1 supportedSASLMechanisms  2>&1 |less
ldap_create
ldap_url_parse_ext(ldap://thinkpad.ad.local)
ldap_sasl_interactive_bind_s: user selected: GSSAPI
ldap_int_sasl_bind: GSSAPI
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP thinkpad.ad.local:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 10.10.9.4:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_int_sasl_open: host=thinkpad.ad.local
SASL/GSSAPI authentication started
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_flush: 1162 bytes to sd 3
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: thinkpad.ad.local  port: 389  (default)
 refcnt: 2  status: Connected
 last used: Sun Apr 25 19:11:22 2004

** Outstanding Requests:
* msgid 1,  origid 1, status InProgress
  outstanding referrals 0, parent count 0
** Response Queue:
  Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 1, all 1
ber_get_next
ber_get_next: tag 0x30 len 154 contents:
ldap_read: message type bind msgid 1, original id 1
ber_scanf fmt ({iaa) ber:
read1msg:  0 new referrals
read1msg:  mark request completed, id = 1
request 1 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_sasl_bind_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (O) ber:
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (x) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
sasl_client_step: 1
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_flush: 22 bytes to sd 3
ldap_result msgid 2
ldap_chkResponseList for msgid=2, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 2
wait4msg continue, msgid 2, all 1
** Connections:
* host: thinkpad.ad.local  port: 389  (default)
 refcnt: 2  status: Connected
 last used: Sun Apr 25 19:11:22 2004

** Outstanding Requests:
* msgid 2,  origid 2, status InProgress
  outstanding referrals 0, parent count 0
** Response Queue:
  Empty
ldap_chkResponseList for msgid=2, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 2, all 1
ber_get_next
ber_get_next: tag 0x30 len 68 contents:
ldap_read: message type bind msgid 2, original id 2
ber_scanf fmt ({iaa) ber:
read1msg:  0 new referrals
read1msg:  mark request completed, id = 2
request 2 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_sasl_bind_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (O) ber:
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (x) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
sasl_client_step: 0
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_flush: 74 bytes to sd 3
ldap_result msgid 3
ldap_chkResponseList for msgid=3, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 3
wait4msg continue, msgid 3, all 1
** Connections:
* host: thinkpad.ad.local  port: 389  (default)
 refcnt: 2  status: Connected
 last used: Sun Apr 25 19:11:22 2004

** Outstanding Requests:
* msgid 3,  origid 3, status InProgress
  outstanding referrals 0, parent count 0
** Response Queue:
  Empty
ldap_chkResponseList for msgid=3, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 3, all 1
ber_get_next
ber_get_next: tag 0x30 len 18 contents:
ldap_read: message type bind msgid 3, original id 3
ber_scanf fmt ({iaa) ber:
read1msg:  0 new referrals
read1msg:  mark request completed, id = 3
request 3 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 3, msgid 3)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_sasl_bind_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (O) ber:
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (x) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
SASL username: norbert@AD.LOCAL
SASL SSF: 1
SASL installing layers
ldap_pvt_sasl_install
ldap_search_ext
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_send_initial_request
ldap_send_server_request
ber_flush: 64 bytes to sd 3
ldap_result msgid -1
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid -1
wait4msg continue, msgid -1, all 0
** Connections:
* host: thinkpad.ad.local  port: 389  (default)
 refcnt: 2  status: Connected
 last used: Sun Apr 25 19:11:22 2004

** Outstanding Requests:
* msgid 4,  origid 4, status InProgress
  outstanding referrals 0, parent count 0
** Response Queue:
  Empty
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid -1, all 0
ber_get_next
ber_get_next: tag 0x30 len 96 contents:
ldap_read: message type search-entry msgid 4, original id 4
ldap_get_dn_ber
ber_scanf fmt ({ml{) ber:
ldap_dn2ufn
ldap_dn_normalize
=> ldap_bv2dn(,0)
=> ldap_dn2bv(64)
ber_scanf fmt ({xx) ber:
ldap_get_attribute_ber
ber_scanf fmt ({mM}) ber:
ldap_get_attribute_ber
ldap_msgfree
ldap_result msgid -1
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid -1
wait4msg continue, msgid -1, all 0
** Connections:
* host: thinkpad.ad.local  port: 389  (default)
 refcnt: 2  status: Connected
 last used: Sun Apr 25 19:11:22 2004

** Outstanding Requests:
* msgid 4,  origid 4, status InProgress
  outstanding referrals 0, parent count 0
** Response Queue:
  Empty
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
read1msg: msgid -1, all 0
ber_get_next
ber_get_next: tag 0x30 len 16 contents:
ldap_read: message type search-result msgid 4, original id 4
ber_scanf fmt ({iaa) ber:
read1msg:  0 new referrals
read1msg:  mark request completed, id = 4
request 4 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 4, msgid 4)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_int_select

Norbert