[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Ldap_sasl_interactive_bind_s: Local error (-2)



see its #4102.  its seems you are using AD2003 so you can use digest-md5 which provides encryption as well.

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Gareth Ansell
Sent: Friday, November 25, 2005 11:09 AM
To: openldap-software@OpenLDAP.org
Subject: Ldap_sasl_interactive_bind_s: Local error (-2)


Dear List,

I am trying to get Linux to Authenticate against AD by using the methods
described in:

http://www.tkk.fi/cc/docs/kerberos/nss_ldap.html

After a week or two of fiddling and compiling, I got this to work OK.  I
then decided to start from scratch, and document the methods used, as
they varied somewhat from the above document.  However when I rebuilt it
I con no longer do a ldap/sasl search.

I can do an ldapsearch of the nature:
Ldapsearch -Hldap://baldrick.coventry.devel -x -W -b "" -s base ...

And also one using SSL, like so:
Ldapsearch -Hldaps://baldrick.coventry.devel -x -W -b "" -s base ...

However, whenever I try to try to run it with the sasl authentication
like this:

Ldapsearch -Hldap://baldrick.coventry.devel -b "" -s base -Omaxssf=0

I get the message:
SASL/GSSAPI authentication started
Ldap_sasl_interactive_bind_s: Local error (-2)

Which is not informative.  I have run it through strace, as well as gdb
and with the -d1 option, and it all seems like it should work.  The
connection is made to the server, messages exchanged, and then it just
appears to free any data structures it created and fails with the above
message.  I have included the output from the -d1 option below, theres a
lot odf it, but I didn't want to miss out anything important.

If this means anything to anyone I would really appreciate some help.

ldap_create
ldap_url_parse_ext(ldap://baldrick.coventry.devel)
ldap_pvt_sasl_getmech
ldap_search
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP baldrick.coventry.devel:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.255.19:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_open_defconn: successful
ldap_send_server_request
ber_flush: 64 bytes to sd 3
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: baldrick.coventry.devel  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Fri Nov 25 09:27:11 2005

** Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 1, all 1
ber_get_next
ber_get_next: tag 0x30 len 96 contents:
ldap_read: message type search-entry msgid 1, original id 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: baldrick.coventry.devel  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Fri Nov 25 09:27:11 2005

** Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
 * msgid 1,  type 100
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 1, all 1
ber_get_next
ber_get_next: tag 0x30 len 16 contents:
ldap_read: message type search-result msgid 1, original id 1
ber_scanf fmt ({iaa) ber:
read1msg:  0 new referrals
read1msg:  mark request completed, id = 1
request 1 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt 1
adding response id 1 type 101:
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (}) ber:
ldap_get_values
ber_scanf fmt ({x{{a) ber:
ber_scanf fmt ([v]) ber:
ldap_msgfree
ldap_sasl_interactive_bind_s: server supports: GSSAPI GSS-SPNEGO
EXTERNAL DIGEST-MD5
ldap_int_sasl_bind: GSSAPI GSS-SPNEGO EXTERNAL DIGEST-MD5
ldap_int_sasl_open: host=baldrick
SASL/GSSAPI authentication started
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_flush: 1185 bytes to sd 3
ldap_result msgid 2
ldap_chkResponseList for msgid=2, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 2
wait4msg continue, msgid 2, all 1
** Connections:
* host: baldrick.coventry.devel  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Fri Nov 25 09:27:11 2005

** Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=2, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 2, all 1
ber_get_next
ber_get_next: tag 0x30 len 151 contents:
ldap_read: message type bind msgid 2, original id 2
ber_scanf fmt ({iaa) ber:
read1msg:  0 new referrals
read1msg:  mark request completed, id = 2
request 2 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_sasl_bind_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (O) ber:
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (x) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
sasl_client_step: 1
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_flush: 22 bytes to sd 3
ldap_result msgid 3
ldap_chkResponseList for msgid=3, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 3
wait4msg continue, msgid 3, all 1
** Connections:
* host: baldrick.coventry.devel  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Fri Nov 25 09:27:11 2005

** Outstanding Requests:
 * msgid 3,  origid 3, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=3, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 3, all 1
ber_get_next
ber_get_next: tag 0x30 len 71 contents:
ldap_read: message type bind msgid 3, original id 3
ber_scanf fmt ({iaa) ber:
read1msg:  0 new referrals
read1msg:  mark request completed, id = 3
request 3 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 3, msgid 3)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_sasl_bind_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (O) ber:
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (x) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
sasl_client_step: 0
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_flush: 77 bytes to sd 3
ldap_result msgid 4
ldap_chkResponseList for msgid=4, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 4
wait4msg continue, msgid 4, all 1
** Connections:
* host: baldrick.coventry.devel  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Fri Nov 25 09:27:11 2005

** Outstanding Requests:
 * msgid 4,  origid 4, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=4, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 4, all 1
ber_get_next
ber_get_next: tag 0x30 len 18 contents:
ldap_read: message type bind msgid 4, original id 4
ber_scanf fmt ({iaa) ber:
read1msg:  0 new referrals
read1msg:  mark request completed, id = 4
request 4 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 4, msgid 4)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_sasl_bind_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (O) ber:
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (x) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_perror
ldap_sasl_interactive_bind_s: Local error (-2)



thanks

Gareth Ansell
UNIX Team
Infrastructure
Computing Services
Coventry University
024 7688 8641 
 
NOTICE: This E-mail may contain confidential information. If you are not
the addressee or the intended recipient please do not read this E-mail
and please immediately delete this e-mail message and any attachments
from your workstation or network mail system. If you are the addressee
or the intended recipient and you save or print a copy of this E-mail,
please place it in an appropriate file, depending on whether
confidential information is contained in the message.