|
Are you able to kinit? For testing only, please change the /etc/krb5.keytab to 644 ( please change it back to 600 when you finish testing) and then restart slapd. Did it work? Could you tail -f /var/log/syslog? Thank you Amir > From: listbox@hymerfania.com > To: openldap-software@openldap.org > Subject: LDAP config problem with GSSAPI: No such file or directory > Date: Tue, 15 Jan 2008 14:52:07 -0800 > > Hi folks, > I'm having a real hard time debugging this. > I'm a newbie, trying to do a new ldap+kerberos install , on a new Fedora 7 > box. I can't get ldapsearch or ldapwhoami to work locally. I thought it was > a read problem with the keytab files, but I tried setting KRB5_KTNAME to a > keytab file I knew ware readable by slapd, and that did not help. I clso > check permissions on my certificates, and that seems OK too. ldapsearch -x > does work, but ldapsearch -Y GSSAPI does not. > > Any help would be greatly appreciated :) > ******************************************* > ******************************************* > > [installer@trixter ~]$ ldapwhoami -V -Y GSSAPI > ldapwhoami: @(#) $OpenLDAP: ldapwhoami 2.3.34 (Nov 2 2007 08:16:20) $ > > kojibuilder@xenbuilder2.fedora.redhat.com:/builddir/build/BUILD/openldap-2.3 > .34/openldap-2.3.34/build-clients/clients/tools > (LDAP library: OpenLDAP 20333) > SASL/GSSAPI authentication started > ldap_sasl_interactive_bind_s: Invalid credentials (49) > additional info: SASL(-1): generic failure: GSSAPI Error: > Unspecified GSS failure. Minor code may provide more > information (No such file or directory) > > ******************************************* > ******************************************* > > [installer@trixter ~]$ klist > Ticket cache: FILE:/tmp/krb5cc_500 > Default principal: installer@HYMESRUZICKA.ORG > > Valid starting Expires Service principal > 01/15/08 13:11:43 01/16/08 13:11:43 > krbtgt/HYMESRUZICKA.ORG@HYMESRUZICKA.ORG > 01/15/08 13:12:35 01/16/08 13:11:43 > ldap/trixter.hymesruzicka.org@HYMESRUZICKA.ORG > > > Kerberos 4 ticket cache: /tmp/tkt500 > klist: You have no tickets cached > > ******************************************* > ******************************************* > > [installer@trixter ~]$ cat /etc/openldap/ldap.conf > # > # LDAP Defaults > # > # This file should be world readable but not world writable. > BASE dc=hymesruzicka,dc=org > URI ldap://trixter.hymesruzicka.org:11562 > ldaps://trixter.hymesruzicka.org:636 > TLS_CACERTDIR /etc/openldap/cacerts/ > TLS_REQCERT allow > #SIZELIMIT 12 > TIMELIMIT 5 > #DEREF never > > > ******************************************* > ******************************************* > > > ******************************************* > ******************************************* > > > I tried running strace on ldapwhoami, slapd and krb5kdc, but strace does not > show which resource is not accessable. Actually I'm surprized that strace > does no show any attempts to open the keytabs or anything in > /etc/openldap/cacerts... > > > Thanks! > > Listbox > > Express yourself instantly with MSN Messenger! MSN Messenger |