[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SASL GSSAPI authentication error -please help
Dear All:
I have OpenLDAP, and Kerberos working
I added the following line to slapd.conf
rootdn "uid=ldapadmin,cn=RMSNET.COM,cn=gssapi,cn=auth"
and removed the old
#rootdn "cn=manager,dc=rmsnet,dc=com"
#rootpw {SSHA}8hsL4HphuJn9RIzc1IGlghqRyq5uNCHy
parts which were working.
This was the only thing I did on the LDAP part.
On the MIT Kerberos side:
I have a Kerberos principle ldapadmin@RMSNET.COM, how
and the following setup:
kdb5_util create -r RMSNET.COM -s (gave a password)
kadmin.local -q "ktadd -k /usr/local/var/krb5kdc/kadm5.keytab kadmin/admin"
kadmin.local -q "ktadd -k /usr/local/var/krb5kdc/kadm5.keytab
kadmin/changepw"
kadmin.local -q "addprinc krbadm@RMSNET.COM"
kadmin.local -q "addprinc ldapadmin@RMSNET.COM"
kadmin.local -q "addprinc -randkey ldap/pdc.rmsnet.com@RMSNET.COM"
kadmin.local -q "ktadd ldap/pdc.rmsnet.com"
kadmin.local -q "ktadd root@RMSNET.COM"
kadmin.local -q "addprinc root@RMSNET.COM"
kadmin.local -q "ktadd root@RMSNET.COM"
then /usr/local/var/krb5kdc/kadm5.acl
kadmin/admin@RMSNET.COM *
ldapadmin@RMSNET.COM *
mohan@RMSNET.COM *
root@RMSNET.COM *
*/*@RMSNET.COM i
the I start kinit ldapadmin@RMSNET.COM
result: pdc:~# kinit ldapadmin@RMSNET.COM
Password for ldapadmin@RMSNET.COM:
pdc:~#
Then klist
pdc:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: ldapadmin@RMSNET.COM
Valid starting Expires Service principal
08/19/04 10:29:49 08/19/04 20:29:49 krbtgt/RMSNET.COM@RMSNET.COM
renew until 08/20/04 10:29:47
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
and then I do a test:
pdc:~# ldapsearch
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): authentication failure: GSSAPI Failure:
gss_accept_sec_context
And this is where I am stuck.....Please help......is it a Kerberos issue of
do I have to do something on the LDAP side
like mapping Kerberos principle ldapadmin@RMSNET.COM to DN
Thanks in advance
Mohan (mohan@roomsnet.com)