[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slapd 2.4.23 SASL/GSSAPI problem
On 12/06/2010 01:22 AM, Indexer wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/12/2010, at 00:51, Matej Zagiba wrote:
SASL [conn=1003] Failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Configuration file does not specify default realm)
Do you mind showing us your slapd configuration, and also your sasl configuration?
in /etc/ldap/slapd.conf I have:
# setup SASL and authentification identities mapping
sasl-host my.ldap.host
sasl-realm MY.KRB.REALM
authz-regexp
uid=([^,/])([^,/]*),cn=my.krb.realm,cn=gssapi,cn=auth
ldap:///ou=$1,ou=people,dc=domain,dc=top??one?(&(uid=$1$2)(objectClass=posixAccount))
authz-regexp
uid=([^,/])([^,/]*),cn=gssapi,cn=auth
ldap:///ou=$1,ou=people,dc=gomain,dc=top??one?(&(uid=$1$2)(objectClass=posixAccount))
in /etc/krb5.conf I have:
[libdefaults]
default_realm = MY.KRB.REALM
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
[realms]
MY.KRB.REALM = {
kdc = krb1.my.domain
kdc = krb2.my.domain
admin_server = krb1.my.domain
database_name = /var/lib/krb5kdc/principal
iprop_enable = true
iprop_master_ulogsize = 2048
iprop_slave_poll = 30
iprop_port = 755
}
[domain_realm]
.my.domain = MY.KRB.REALM
my.domain = MY.KRB.REALM
[logging]
kdc = FILE:/var/log/kdc5.log
admin_server = FILE:/var/log/kadm5.log
default = FILE:/var/log/krb5.log
I've generated keytab file with ldap/my.ldap.host principal and put it in /etc/ldap/ldap.keytab
Because I don't use {SASL} password scheme, there is no special SASL configuration. Usage is like this (client):
ldapsearch -Y GSSAPI
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)
additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Configuration file does not specify default realm)
server logs:
Dec 6 13:01:16 ldaphost slapd[30828]: conn=13532 fd=45 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi)
Dec 6 13:01:16 ldaphost slapd[30828]: conn=13532 op=0 BIND dn="" method=163
Dec 6 13:01:16 ldaphost slapd[30828]: SASL [conn=13532] Failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Configuration file does not specify default realm)
Dec 6 13:01:16 ldaphost slapd[30828]: conn=13532 op=0 RESULT tag=97 err=80 text=SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Configuration file does not specify default realm)
Dec 6 13:01:16 ldaphost slapd[30828]: conn=13532 fd=45 closed (connection lost)
I tried google the problem, but it didn't help.
William Brown
pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQIcBAEBAgAGBQJM/CyyAAoJEHF16AnLoz6JvI8P/1JliyuejJntiwfsGAbanVay
sj6UaXSd4M9V6X7zd3/MlUpAS7/Bm30iPCkfIgrjb63sLvCqDXX0ZeMSvKXHIpmX
zkyZP32mU7OEm8WMCUM5rl/OkVw7e6DQ1ikRhxi3isusZzBGtd2LBQO4aHU2aoeQ
ZI4RNqJYnUhcN4DWPk+NJfu6gSYPJjCfkzEnQUuwvdJiibe8pE6lBbTQG6W7GqHY
k+2A+XYC5JEmk5pmV9iklviipvgxIN39/Gg/PefpgxxcYbDo4e09uSJVDXA2LjlD
B5CIltk8kvD7ibc5SG/xJ7PhRaTFnFuT9oca7L7TLO8ZIPSBB+uILR80vA8guyaT
6Z7S4Q/UaQ1owBBfGCV/ovqmzMiRb0TEO9EcnEoj15KxIJCkIHa3FEZhp+pf3hfI
1KlkgeHhD2Ez4ewRCwi01mH8vWW8zLeWxlxV7PHzzpo1pttTcykZdUR6EmKY7Y5x
lkMjn6vGJRrkiI55xA0Un3nqgmrHoHkwF3WuU6Bm0P4x/zZGdNlKKIu53t7VcOzb
RtaGE+33dPMoXZ+asgo/JUaS+3UstmOJ3VITAyQKy8H43rK101i6UViFkZGLA3a0
9gESpUqLZ5dh1sQdM/shTgsZpBpOktmYU99rYqTQvnESHTWI2ZRyjco7eEdCNcRF
4pSO3jb4q+dQ1hoPKlpt
=rfTQ
-----END PGP SIGNATURE-----