[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap_sasl_interactive_bind_s: Local error (-2) for SASL/GSS-SPNEGO

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: ldap_sasl_interactive_bind_s: Local error (-2) for SASL/GSS-SPNEGO
From: Debashis Chaki <Debashis.Chaki@proquest.com>
Date: Fri, 28 Feb 2020 14:26:55 +0000
Accept-language: en-GB, en-US
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=proquest.com; dmarc=pass action=none header.from=proquest.com; dkim=pass header.d=proquest.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ebni2y88nZ2cQsOsFhIuMedwo9kGZuRE6sUo2KM3F+s=; b=kVosLgxfD8Rksh2Qnny4qz2d1Bfu0V/MbXZB35QGF38egB34mnmsSxZfC7Z9/3/lide7vd3jSkBVkajeVvR7gvmZUd9Je2CQ9cDh5iAEWbu9EAnMmF/iGACVe+sRO6KsLfBbUKBh2T0JAfFAu5HA+SXAF8ItYB6Qi9lpv4xU7r3D6Hp1aAwJusErZl7c4UdBWGBmZoSSbAbZ7uOcaQcv+xy6t+i9suOs6AnM8xhyqjKf6jQciymHV9wPR0KydBVGq4Ms+Zx0L3s1PwsFwi/hycLUiewn6MxB3tXUl57vI1Oc6Fzg+AO5IXr7je600TKNR5APp5s4JWOfKbTwQDgSJQ==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BIyAd/ECJ2MCzh4MtRzbNPDmJZa64xx1qWuxcv0Y022gBk64j8jpVOLPzBWGIXR9udMyWOqvD0eihpVr8MT/gUTi2mSGc0Rhb/GFMN5QoPBMOGUrvtHGXXMUNFp9qKWxj5ClIlNBUvOy7bYSd2jz31NU8VroZ+5iLrVh+h99qOrVU+kbTMK8vXQx49EhYSKBZa7HqdX9DSVTaEOXa3OIpK5wmtXHRa/XKIxaNUENAjtcekv1MOeMHAacFj0ldNIxNO/g+x3i3KcKQR+ubnARZ02XzMAkEtSoDt5aJ9wDB5jX7PBn9a0KXHnwv4xv/gBAyv8SpiSFdNnjSitfrxL0ZA==
Authentication-results: spf=none (sender IP is ) smtp.mailfrom=Debashis.Chaki@proquest.com;
Content-id: <DA87B73DF600284A94813405B4DE42DA@namprd08.prod.outlook.com>
Content-language: en-US
Thread-index: AQHV7kMgijXRxbdtWU+vEMVdu/VVLw==
Thread-topic: ldap_sasl_interactive_bind_s: Local error (-2) for SASL/GSS-SPNEGO
User-agent: Microsoft-MacOutlook/10.22.0.200209

Hi ,

I have installed openldap but I am getting the following error while executing some basic command using SASL/GSS-SPNEGO authentication
Where as SASL/EXTERNAL authentication working perfectly.

[root@dtgldap103 LdapCfg]# ldapsearch
SASL/GSS-SPNEGO authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
	additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (SPNEGO cannot find mechanisms to negotiate)

[root@dtgldap103 LdapCfg]# ldapwhoami
SASL/GSS-SPNEGO authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
	additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (SPNEGO cannot find mechanisms to negotiate)

[root@dtgldap103 LdapCfg]# ldapsearch -LLL -s base  -b '' '(objectClass=*)' +
SASL/GSS-SPNEGO authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
	additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (SPNEGO cannot find mechanisms to negotiate)

[root@dtgldap103 LdapCfg]# ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config olcDatabase=config
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: olcDatabase=config
# requesting: ALL
#

# {0}config, config
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external
 ,cn=auth" manage by * none

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

 [root@dtgldap103 openldap]# rpm -qa | grep ldap
sssd-ldap-1.15.2-50.el7_4.2.x86_64
openldap-clients-2.4.44-5.el7.x86_64
openldap-servers-sql-2.4.44-5.el7.x86_64
openldap-servers-2.4.44-5.el7.x86_64
compat-openldap-2.3.43-5.el7.x86_64
openldap-devel-2.4.44-5.el7.x86_64
openldap-2.4.44-5.el7.x86_64
nss-pam-ldapd-0.8.13-8.0.1.el7.x86_64

Please help me how can I get out of this issue ?
I am not able to proceed further for our openldap project without that.

Please let me know if you need any more details.

Thanks & Regards
 
 <http://www.proquest.com/>
Debashis Chaki
ProQuest | The Quorum, Barnwell Road | Cambridge | CB5 8SW | UK
debashis.chaki@proquest.com  tel: +44 (0)1223 271257
Better research. Better learning. Better insights.

Follow-Ups:
- Re: ldap_sasl_interactive_bind_s: Local error (-2) for SASL/GSS-SPNEGO
  - From: Quanah Gibson-Mount <quanah@symas.com>

Prev by Date: Antw: [EXT] With MDB Openldap seems to be pretty slower in Windows
Next by Date: Re: With MDB Openldap seems to be pretty slower in Windows
Index(es):
- Chronological
- Thread