Dear All:
I have OpenLDAP working for plaintext
authentication. Now I have installed Kerberos for LDAP authentication, Kerberos
issues tickets.
But I get this error:
pdc:~# ldapsearch SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context This is what was done:
I added the following line to
slapd.conf
rootdn
"uid=ldapadmin,cn=RMSNET.COM,cn=gssapi,cn=auth"
and removed the old
#rootdn
"cn=manager,dc=rmsnet,dc=com"
#rootpw {SSHA}8hsL4HphuJn9RIzc1IGlghqRyq5uNCHy parts which were working. This was the only thing I did on the LDAP
part.
On the MIT Kerberos side:
I have a Kerberos principle ldapadmin@RMSNET.COM, how
and the following setup:
kdb5_util create -r RMSNET.COM -s (gave
a password)
kadmin.local -q "ktadd -k /usr/local/var/krb5kdc/kadm5.keytab kadmin/admin" kadmin.local -q "ktadd -k /usr/local/var/krb5kdc/kadm5.keytab kadmin/changepw" kadmin.local -q "addprinc krbadm@RMSNET.COM" kadmin.local -q "addprinc ldapadmin@RMSNET.COM" kadmin.local -q "addprinc -randkey ldap/pdc.rmsnet.com@RMSNET.COM" kadmin.local -q "ktadd ldap/pdc.rmsnet.com" kadmin.local -q "ktadd root@RMSNET.COM" kadmin.local -q "addprinc root@RMSNET.COM" kadmin.local -q "ktadd root@RMSNET.COM" then /usr/local/var/krb5kdc/kadm5.acl
the I start kinit ldapadmin@RMSNET.COM Then klist
Valid starting
Expires
Service principal
08/19/04 10:29:49 08/19/04 20:29:49 krbtgt/RMSNET.COM@RMSNET.COM renew until 08/20/04 10:29:47 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached and then I do a test: pdc:~# ldapsearch
SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context And this is where I am stuck.....Please help......is it a Kerberos issue of do I have to do something on the LDAP side like mapping Kerberos principle ldapadmin@RMSNET.COM to DN Please help.
Thanks in advance
Mohan (mohan@roomsnet.com)
|