[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP config problem with GSSAPI: No such file or directory

To: <openldap-software@openldap.org>
Subject: LDAP config problem with GSSAPI: No such file or directory
From: "Listbox" <listbox@hymerfania.com>
Date: Tue, 15 Jan 2008 14:52:07 -0800
Organization: hymerfania.com
Thread-index: AchXyUE5TWKd6Ob2TM+CIJJn7VS2cA==

Hi folks,
I'm having a real hard time debugging this.
I'm a newbie, trying to do a new ldap+kerberos install , on a new Fedora 7
box. I can't get ldapsearch or ldapwhoami to work locally. I thought it was
a read problem with the keytab files, but I tried setting  KRB5_KTNAME to a
keytab file I knew ware readable by slapd, and that did not help. I clso
check permissions on my certificates, and that seems OK too. ldapsearch -x
does work, but ldapsearch -Y GSSAPI does not.

Any help would be greatly appreciated :)
*******************************************
*******************************************
 
[installer@trixter ~]$  ldapwhoami -V  -Y GSSAPI
ldapwhoami: @(#) $OpenLDAP: ldapwhoami 2.3.34 (Nov  2 2007 08:16:20) $
 
kojibuilder@xenbuilder2.fedora.redhat.com:/builddir/build/BUILD/openldap-2.3
.34/openldap-2.3.34/build-clients/clients/tools
        (LDAP library: OpenLDAP 20333)
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
        additional info: SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure.  Minor code may provide more 
information (No such file or directory)

*******************************************
*******************************************

[installer@trixter ~]$ klist
Ticket cache: FILE:/tmp/krb5cc_500
Default principal: installer@HYMESRUZICKA.ORG

Valid starting     Expires            Service principal
01/15/08 13:11:43  01/16/08 13:11:43
krbtgt/HYMESRUZICKA.ORG@HYMESRUZICKA.ORG
01/15/08 13:12:35  01/16/08 13:11:43
ldap/trixter.hymesruzicka.org@HYMESRUZICKA.ORG


Kerberos 4 ticket cache: /tmp/tkt500
klist: You have no tickets cached

*******************************************
*******************************************

[installer@trixter ~]$ cat /etc/openldap/ldap.conf
#
# LDAP Defaults
#
# This file should be world readable but not world writable.
BASE    dc=hymesruzicka,dc=org
URI     ldap://trixter.hymesruzicka.org:11562
ldaps://trixter.hymesruzicka.org:636
TLS_CACERTDIR /etc/openldap/cacerts/
TLS_REQCERT allow
#SIZELIMIT      12
TIMELIMIT       5
#DEREF          never


*******************************************
*******************************************


*******************************************
*******************************************


I tried running strace on ldapwhoami, slapd and krb5kdc, but strace does not
show which resource is not accessable. Actually I'm surprized that strace
does no show any attempts to open the keytabs or anything in
/etc/openldap/cacerts...


Thanks!

Listbox

Follow-Ups:
- RE: LDAP config problem with GSSAPI: No such file or directory
  - From: Amir Saad <eng__amir@hotmail.com>

Prev by Date: N-Way Multi-Master when one server down
Next by Date: openldap becomes unresponsive
Index(es):
- Chronological
- Thread