"Jose Gonzalez Gomez" <jgonzalez@opentechnet.com> wrote in message
41210F4D.2030904@opentechnet.com">news:41210F4D.2030904@opentechnet.com...
Robert wrote:
There should be something more in the logs indicating the cause of
the errors... a few things that may cause this... not using the
canonical name of the machine, slapd not having access to the keytabs...
I am at the end of my rope here. The logs don't show anything else apart
from [reason=saslauthd internal error].
saslauthd -d -V -m /var/run/saslauthd -a kerberos5
saslauthd[27157] :main : num_procs : 5
saslauthd[27157] :main : mech_option: NULL
saslauthd[27157] :main : run_path : /var/run/saslauthd
saslauthd[27157] :main : auth_mech : kerberos5
saslauthd[27157] :ipc_init : using accept lock file:
/var/run/saslauthd/mux.accept
saslauthd[27157] :detach_tty : master pid is: 0
saslauthd[27157] :ipc_init : listening on socket:
/var/run/saslauthd/mux
saslauthd[27157] :main : using process model
saslauthd[27157] :have_baby : forked child: 27158
saslauthd[27157] :have_baby : forked child: 27159
saslauthd[27157] :have_baby : forked child: 27160
saslauthd[27157] :have_baby : forked child: 27161
saslauthd[27157] :get_accept_lock : acquired accept lock
saslauthd[27157] :rel_accept_lock : released accept lock
saslauthd[27158] :get_accept_lock : acquired accept lock
saslauthd[27157] :do_auth : auth failure: [user=user] [service=ldap]
[realm=KERBEROS.REALMNAME] [mech=kerberos5] [reason=saslauthd internal
error]
On the kerberos side, I get
Aug 17 00:50:41 Pianta-Scramble krb5kdc[750](info): AS_REQ (7 etypes {18 17
16 23 1 3 2}) 192.168.0.1: NEEDED_PREAUTH: user@KERBEROS.REALM for
krbtgt/KERBEROS.REALM@KERBEROS.REALM, Additional pre-authentication required
Aug 17 00:50:41 Pianta-Scramble krb5kdc[750](info): AS_REQ (7 etypes {18 17
16 23 1 3 2}) 192.168.0.1: NEEDED_PREAUTH: user@KERBEROS.REALM for
krbtgt/KERBEROS.REALM@KERBEROS.REALM, Additional pre-authentication required
Aug 17 00:50:41 Pianta-Scramble krb5kdc[750](info): AS_REQ (7 etypes {18 17
16 23 1 3 2}) 192.168.0.1: ISSUE: authtime 1092721841, etypes {rep=16 tkt=16
ses=16}, user@KERBEROS.REALM for krbtgt/KERBEROS.REALM@KERBEROS.REALM
Aug 17 00:50:41 Pianta-Scramble krb5kdc[750](info): AS_REQ (7 etypes {18 17
16 23 1 3 2}) 192.168.0.1: ISSUE: authtime 1092721841, etypes {rep=16 tkt=16
ses=16}, user@KERBEROS.REALM for krbtgt/KERBEROS.REALM@KERBEROS.REALM
The bad thing is that the finish line is right in front of me but I can't
cross it. I can do everything kerberos-wise. I can kinit, klist, kpasswd
as the user. Testsaslauthd still fails.
Please help.