[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GSSAPI Failure: gss_accept_sec_context



Kurt D. Zeilenga wrote:

Have you gotten the Cyrus SASL sample client/server code to
work properly when the GSSAPI mechanism is selected?


At 10:49 AM 6/5/2004, The Shell wrote:


Dear all,

I m not sure whether this is ldap or SASL problem , so I sent to both mailing list.
The command I used to test is "ldapwhoami -Y GSSAPI."

I want to test the setup of OpenLdap (2.2.2b) with SASL.



.2b? You should consider upgrading to the latest 2.2 release, .12.





But it appeared as failed with the following error:
...............
ber_dump: buf=0x082b3c00 ptr=0x082b3e51 end=0x082b3e51 len=0
conn=1 op=0 BIND dn="" method=163
==> sasl_bind: dn="" mech=GSSAPI datalen=565
send_ldap_result: err=49 matched="" text="SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context"
conn=1 op=0 RESULT tag=97 err=49 text=SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context
daemon: activity on 1 descriptors
daemon: activity on: 14r
daemon: read activity on 14
connection_get(14)
daemon: removing 14

I turned on debug mode when starting slapd, so I got the above message shown on the console.
Where should I look into in order to troubleshoot the problem?

Thanks
sam







And I don't know why I am getting localhost.REALM in the returned message of the ldapwhoami:
2004-06-06T03:17:37 AS-REQ Manager@XYZ.COM from IPv4:192.168.1.1 for krbtgt/XYZ.COM@XYZ.COM
2004-06-06T03:17:37 Using des3-cbc-sha1/des3-cbc-sha1
2004-06-06T03:17:37 sending 615 bytes to IPv4:192.168.1.1
2004-06-06T03:18:00 TGS-REQ Manager@XYZ.COM from IPv4:192.168.1.1 for ldap/localhost.xyz.com@XYZ.COM
^^^^^^^
2004-06-06T03:18:00 sending 632 bytes to IPv4:192.168.1.1