[Date Prev][Date Next] [Chronological] [Thread] [Top]
Problems with OpenLDAP 2.1.4 and Kerberos

To: <openldap-software@OpenLDAP.org>
Subject: Problems with OpenLDAP 2.1.4 and Kerberos
From: "Anthony Brock" <abrock@georgefox.edu>
Date: Wed, 18 Sep 2002 14:27:19 -0700
Content-class: urn:content-classes:message
Thread-index: AcJfWis+YflhAbL5SRuFccNPh3dfJw==
Thread-topic: Problems with OpenLDAP 2.1.4 and Kerberos
I have successfully installed and tested Kerberos 5-1.2.6 and SASL
2.1.7. I am able to login, authenticate and interact using these
protocols (using a W2K Active Directory KDC). However, I am unable to
get this working with OpenLDAP. This is also after reading through and
following the steps outlined at http://www.bayour.com/LDAPv3-HOWTO.html
and at
http://www.microsoft.com/windows2000/techinfo/planning/security/kerbstep
s.asp.

This is the third time I have attempted this, and I have browsed through
most of the mailing list archives for the past 6 months. At this point,
I can successfully perform the following command (and receive results):

ldapsearch -H ldaps://<AD Controller>/ -x -D <AD DN> -W -b <AD Base>
-LLL "SAMAccountName=<AD Login Name>"

However, when I try:

ldapsearch -H ldaps://<AD Controller>/ -I -b <AD Base> -LLL
"SAMAccountName=<AD Login Name>"

I receive "ldap_sasl_interactive_bind_s: Local error (82)". I have
attempted this with the Solaris "truss" command, but am not certain if
this output is informative. I am including a small sample transcript of
the session and the output of a truss command.

Help is greatly appreciated!

Tony


Anthony Brock
Director of Network Services
George Fox University

E-Mail: abrock@georgefox.edu
Phone:  (503) 554-2579
FAX:    (503) 554-3834



***** BEGIN *****

abrock@web ~ 646 $ kinit
Password for abrock@CAMPUS.GEORGEFOX.EDU: 
abrock@web ~ 647 $ klist
Ticket cache: FILE:/tmp/krb5cc_100
Default principal: abrock@CAMPUS.GEORGEFOX.EDU

Valid starting     Expires            Service principal
09/18/02 14:13:20  09/19/02 00:13:20
krbtgt/CAMPUS.GEORGEFOX.EDU@CAMPUS.GEORGEFOX.EDU
abrock@web ~ 648 $ ldapsearch -H ldaps://ads01.campus.georgefox.edu/ -I
-b "OU=Staff,DC=campus,DC=georgefox,DC=edu" -LLL "SAMAccountName=abrock"
ldap_sasl_interactive_bind_s: Local error (82)
abrock@web ~ 649 $ klist
Ticket cache: FILE:/tmp/krb5cc_100
Default principal: abrock@CAMPUS.GEORGEFOX.EDU

Valid starting     Expires            Service principal
09/18/02 14:13:20  09/19/02 00:13:20
krbtgt/CAMPUS.GEORGEFOX.EDU@CAMPUS.GEORGEFOX.EDU
abrock@web ~ 650 $ 

***** END *****


***** BEGIN *****

execve("/usr/local/bin/ldapsearch", 0xFFBEFB7C, 0xFFBEFBA0)  argc = 8
mmap(0x00000000, 8192, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_ANON, -1, 0) = 0xFF3A0000
resolvepath("/usr/lib/ld.so.1", "/usr/lib/ld.so.1", 1023) = 16
stat("/usr/local/bin/ldapsearch", 0xFFBEF8B8)	= 0
open("/var/ld/ld.config", O_RDONLY)		Err#2 ENOENT
open("/usr/local/lib/libresolv.so.2", O_RDONLY)	Err#2 ENOENT
open("/usr/lib/libresolv.so.2", O_RDONLY)	= 3
fstat(3, 0xFFBEF24C)				= 0
mmap(0x00000000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0xFF390000
mmap(0x00000000, 303104, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0xFF340000
mmap(0xFF384000, 15564, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED, 3, 212992) = 0xFF384000
mmap(0xFF388000, 2728, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_ANON, -1, 0) = 0xFF388000
munmap(0xFF374000, 65536)			= 0
memcntl(0xFF340000, 33536, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
close(3)					= 0
open("/usr/local/lib/libsocket.so.1", O_RDONLY)	Err#2 ENOENT
open("/usr/lib/libsocket.so.1", O_RDONLY)	= 3
fstat(3, 0xFFBEF24C)				= 0
mmap(0xFF390000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0)
= 0xFF390000
mmap(0x00000000, 114688, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0xFF320000
mmap(0xFF33A000, 4365, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED, 3, 40960) = 0xFF33A000
munmap(0xFF32A000, 65536)			= 0
memcntl(0xFF320000, 14496, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
close(3)					= 0
open("/usr/local/lib/libssl.so.0.9.6", O_RDONLY) Err#2 ENOENT
open("/usr/lib/libssl.so.0.9.6", O_RDONLY)	= 3
fstat(3, 0xFFBEF24C)				= 0
mmap(0xFF390000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0)
= 0xFF390000
mmap(0x00000000, 286720, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0xFF2D0000
mmap(0xFF310000, 20828, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED, 3, 196608) = 0xFF310000
munmap(0xFF302000, 57344)			= 0
memcntl(0xFF2D0000, 38772, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
close(3)					= 0
open("/usr/local/lib/libcrypto.so.0.9.6", O_RDONLY) Err#2 ENOENT
open("/usr/lib/libcrypto.so.0.9.6", O_RDONLY)	= 3
fstat(3, 0xFFBEF24C)				= 0
mmap(0xFF390000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0)
= 0xFF390000
mmap(0x00000000, 1097728, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0xFF180000
mmap(0xFF27C000, 54416, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED, 3, 966656) = 0xFF27C000
mmap(0xFF28A000, 6128, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_ANON, -1, 0) = 0xFF28A000
munmap(0xFF26E000, 57344)			= 0
memcntl(0xFF180000, 158072, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
close(3)					= 0
open("/usr/local/lib/libgen.so.1", O_RDONLY)	Err#2 ENOENT
open("/usr/lib/libgen.so.1", O_RDONLY)		= 3
fstat(3, 0xFFBEF24C)				= 0
mmap(0xFF390000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0)
= 0xFF390000
mmap(0x00000000, 98304, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0xFF2B0000
mmap(0xFF2C6000, 2335, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED, 3, 24576) = 0xFF2C6000
munmap(0xFF2B6000, 65536)			= 0
memcntl(0xFF2B0000, 6932, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
close(3)					= 0
open("/usr/local/lib/libnsl.so.1", O_RDONLY)	Err#2 ENOENT
open("/usr/lib/libnsl.so.1", O_RDONLY)		= 3
fstat(3, 0xFFBEF24C)				= 0
mmap(0xFF390000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0)
= 0xFF390000
mmap(0x00000000, 696320, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0xFF080000
mmap(0xFF11A000, 32508, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED, 3, 565248) = 0xFF11A000
mmap(0xFF122000, 30672, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_ANON, -1, 0) = 0xFF122000
munmap(0xFF10A000, 65536)			= 0
memcntl(0xFF080000, 81620, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
close(3)					= 0
open("/usr/local/lib/libdl.so.1", O_RDONLY)	Err#2 ENOENT
open("/usr/lib/libdl.so.1", O_RDONLY)		= 3
fstat(3, 0xFFBEF24C)				= 0
mmap(0xFF390000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0)
= 0xFF390000
close(3)					= 0
open("/usr/local/lib/libc.so.1", O_RDONLY)	Err#2 ENOENT
open("/usr/lib/libc.so.1", O_RDONLY)		= 3
fstat(3, 0xFFBEF24C)				= 0
mmap(0x00000000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0xFF2A0000
mmap(0x00000000, 786432, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0xFEF80000
mmap(0xFF038000, 24720, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED, 3, 688128) = 0xFF038000
munmap(0xFF028000, 65536)			= 0
memcntl(0xFEF80000, 112632, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
close(3)					= 0
mmap(0x00000000, 8192, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_ANON, -1, 0) = 0xFF170000
munmap(0xFF170000, 8192)			= 0
mmap(0x00000000, 8192, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_ANON, -1, 0) = 0xFF170000
open("/usr/lib/libmp.so.2", O_RDONLY)		= 3
fstat(3, 0xFFBEF24C)				= 0
mmap(0xFF2A0000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0)
= 0xFF2A0000
mmap(0x00000000, 90112, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0xFF150000
mmap(0xFF164000, 865, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED, 3, 16384) = 0xFF164000
munmap(0xFF154000, 65536)			= 0
memcntl(0xFF150000, 3124, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
close(3)					= 0
open("/usr/platform/SUNW,Ultra-250/lib/libc_psr.so.1", O_RDONLY) = 3
fstat(3, 0xFFBEF0DC)				= 0
mmap(0xFF2A0000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0)
= 0xFF2A0000
mmap(0x00000000, 16384, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0xFF140000
close(3)					= 0
munmap(0xFF2A0000, 8192)			= 0
brk(0x00088118)					= 0
brk(0x0008A118)					= 0
sigaction(SIGPIPE, 0xFFBEF4C0, 0xFFBEF540)	= 0
uname(0xFFBEED58)				= 1
open("/etc/netconfig", O_RDONLY)		= 3
fstat64(3, 0xFFBEEB38)				= 0
brk(0x0008A118)					= 0
brk(0x0008C118)					= 0
ioctl(3, TCGETA, 0xFFBEEAC4)			Err#25 ENOTTY
read(3, " # p r a g m a   i d e n".., 8192)	= 1239
read(3, 0x0008917C, 8192)			= 0
llseek(3, 0, SEEK_CUR)				= 1239
llseek(3, 0, SEEK_SET)				= 0
read(3, " # p r a g m a   i d e n".., 8192)	= 1239
read(3, 0x0008917C, 8192)			= 0
llseek(3, 0, SEEK_CUR)				= 1239
close(3)					= 0
open("/dev/udp", O_RDONLY)			= 3
ioctl(3, 0xC00C6982, 0xFFBEF08C)		= 0
close(3)					= 0
open64("/etc/.name_service_door", O_RDONLY)	= 3
fcntl(3, F_SETFD, 0x00000001)			= 0
door_info(3, 0xFF03E7A0)			= 0
door_call(3, 0xFFBECFF8)			= 0
sysconfig(_CONFIG_OPEN_FILES)			= 256
open("/usr/local/etc/openldap/ldap.conf", O_RDONLY) = 4
fstat64(4, 0xFFBEF188)				= 0
ioctl(4, TCGETA, 0xFFBEF114)			Err#25 ENOTTY
read(4, " #   $ O p e n L D A P :".., 8192)	= 403
brk(0x0008C118)					= 0
brk(0x0008E118)					= 0
read(4, 0x00088DC4, 8192)			= 0
llseek(4, 0, SEEK_CUR)				= 403
close(4)					= 0
open("/export/home/abrock/ldaprc", O_RDONLY)	Err#2 ENOENT
open("/export/home/abrock/.ldaprc", O_RDONLY)	Err#2 ENOENT
open("ldaprc", O_RDONLY)			Err#2 ENOENT
open64("/usr/lib/sasl2", O_RDONLY|O_NDELAY)	= 4
fcntl(4, F_SETFD, 0x00000001)			= 0
fstat64(4, 0xFFBEDDC0)				= 0
getdents64(4, 0x00089380, 1048)			= 272
open("/usr/lib/sasl2/libgssapiv2.la", O_RDONLY)	= 5
llseek(5, 0, SEEK_CUR)				= 0
close(5)					= 0
open("/usr/lib/sasl2/libgssapiv2.la", O_RDONLY)	= 5
fstat64(5, 0xFFBED4D8)				= 0
brk(0x0008E118)					= 0
brk(0x00090118)					= 0
ioctl(5, TCGETA, 0xFFBED464)			Err#25 ENOTTY
read(5, " #   l i b g s s a p i v".., 8192)	= 868
llseek(5, 0xFFFFFFFFFFFFFDA1, SEEK_CUR)		= 261
close(5)					= 0
open("/usr/lib/sasl2/libgssapiv2.so.2", O_RDONLY) = 5
fstat(5, 0xFFBED77C)				= 0
mmap(0x00000000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE, 5, 0) =
0xFF2A0000
mmap(0x00000000, 98304, PROT_READ|PROT_EXEC, MAP_PRIVATE, 5, 0) =
0xFF060000
mmap(0xFF076000, 1260, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED, 5, 24576) = 0xFF076000
munmap(0xFF068000, 57344)			= 0
memcntl(0xFF060000, 3440, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
close(5)					= 0
open("/usr/lib/libgssapi_krb5.so.2", O_RDONLY)	= 5
fstat(5, 0xFFBED6BC)				= 0
mmap(0xFF2A0000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 5, 0)
= 0xFF2A0000
mmap(0x00000000, 139264, PROT_READ|PROT_EXEC, MAP_PRIVATE, 5, 0) =
0xFEF50000
mmap(0xFEF70000, 5095, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED, 5, 65536) = 0xFEF70000
munmap(0xFEF62000, 57344)			= 0
memcntl(0xFEF50000, 16560, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
close(5)					= 0
open("/usr/lib/libkrb5.so.3", O_RDONLY)		= 5
fstat(5, 0xFFBED6BC)				= 0
mmap(0xFF2A0000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 5, 0)
= 0xFF2A0000
mmap(0x00000000, 458752, PROT_READ|PROT_EXEC, MAP_PRIVATE, 5, 0) =
0xFEED0000
mmap(0xFEF3A000, 17790, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED, 5, 368640) = 0xFEF3A000
munmap(0xFEF2C000, 57344)			= 0
memcntl(0xFEED0000, 60360, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
close(5)					= 0
open("/usr/lib/libk5crypto.so.3", O_RDONLY)	= 5
fstat(5, 0xFFBED6BC)				= 0
mmap(0xFF2A0000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 5, 0)
= 0xFF2A0000
mmap(0x00000000, 147456, PROT_READ|PROT_EXEC, MAP_PRIVATE, 5, 0) =
0xFEEA0000
mmap(0xFEEC2000, 4404, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED, 5, 73728) = 0xFEEC2000
munmap(0xFEEB4000, 57344)			= 0
memcntl(0xFEEA0000, 8364, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
close(5)					= 0
open("/usr/lib/libcom_err.so.3", O_RDONLY)	= 5
fstat(5, 0xFFBED6BC)				= 0
mmap(0xFF2A0000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 5, 0)
= 0xFF2A0000
mmap(0x00000000, 73728, PROT_READ|PROT_EXEC, MAP_PRIVATE, 5, 0) =
0xFEE80000
mmap(0xFEE90000, 3788, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED, 5, 0) = 0xFEE90000
munmap(0xFEE82000, 57344)			= 0
memcntl(0xFEE80000, 1672, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
close(5)					= 0
mmap(0x00000000, 8192, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_ANON, -1, 0) = 0xFF130000
munmap(0xFF2A0000, 8192)			= 0
getdents64(4, 0x00089380, 1048)			= 0
close(4)					= 0
door_info(3, 0xFFBECC50)			= 0
door_call(3, 0xFFBECC38)			= 0
door_info(3, 0xFFBECBD0)			= 0
door_call(3, 0xFFBECBB8)			= 0
so_socket(2, 2, 0, "", 1)			= 4
setsockopt(4, 6, 1, 0xFFBEF004, 4, 1)		= 0
fcntl(4, F_GETFL, 0x7FFFFFF0)			= 2
fstat64(4, 0xFFBEED10)				= 0
getsockopt(4, 65535, 8192, 0xFFBEEE10, 0xFFBEEE08, -12854064) = 0
fstat64(4, 0xFFBEED10)				= 0
getsockopt(4, 65535, 8192, 0xFFBEEE10, 0xFFBEEE0C, -12854064) = 0
setsockopt(4, 65535, 8192, 0xFFBEEE10, 4, -12854064) = 0
fcntl(4, F_SETFL, 0x00000082)			= 0
connect(4, 0x0008B460, 16, 1)			Err#150 EINPROGRESS
poll(0xFFBEE6E0, 1, -1)				= 1
getpeername(4, 0xFFBEEDF0, 0xFFBEEDE8, 1)	= 0
fcntl(4, F_GETFL, 0x00000000)			= 130
fstat64(4, 0xFFBEED10)				= 0
getsockopt(4, 65535, 8192, 0xFFBEEE10, 0xFFBEEE08, 0) = 0
fstat64(4, 0xFFBEED10)				= 0
getsockopt(4, 65535, 8192, 0xFFBEEE10, 0xFFBEEE0C, 0) = 0
setsockopt(4, 65535, 8192, 0xFFBEEE10, 4, 0)	= 0
fcntl(4, F_SETFL, 0x00000002)			= 0
getpeername(4, 0xFFBEF020, 0xFFBEF120, 1)	= 0
door_info(3, 0xFFBECD20)			= 0
door_call(3, 0xFFBECD08)			= 0
brk(0x00090118)					= 0
brk(0x00092118)					= 0
time()						= 1032383936
write(4, " 0 >020101 c 904\0\n01\0".., 64)	= 64
poll(0xFFBEEA48, 1, -1)				= 1
read(4, " 084\0\0\0 J020101 d84\0".., 16384)	= 102
time()						= 1032383936
ldap_sasl_interactive_bind_swrite(2, " l d a p _ s a s l _ i n".., 28)
= 28
: write(2, " :  ", 2)				= 2
Local errorwrite(2, " L o c a l   e r r o r", 11)		= 11
 (82write(2, "   ( 8 2", 4)				= 4
)
write(2, " )\n", 2)				= 2
llseek(0, 0, SEEK_CUR)				= 449364
_exit(1)

***** END *****
Follow-Ups:
- Re: Problems with OpenLDAP 2.1.4 and Kerberos
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: Problems with OpenLDAP 2.1.4 and Kerberos
  - From: "Gerald (Jerry) Carter" <jerry@samba.org>
- List Admin
  - From: "Irving Carrion" <icarrion@allinterior.com>
Prev by Date: Re: web address book
Next by Date: Re: Problems with OpenLDAP 2.1.4 and Kerberos
Index(es):
- Chronological
- Thread