Re: sasl problem with Scientific Linux / RedHat but not with debian?!

[Oliver Liebel <oliver@itc.li>]

BjÃrn Nachtwey schrieb:
> dear all,
>
> Oliver Liebel wrote:
>   
> > you should be more specific when posting your questions:
> > used versions of openldap, cyrus sasl and kerberos (at last: mit / heimdal?)
> >     
>
> openldap:      2.3.27
> cyrus sasl:    2.1.22 (binary package and sources)
> kerberos:      k5 heimdal
> mod_auth_kerb: 5.1.3
> krb5-server:   1.6.1-17 (on kerberos-server, runs on a different server)
> without any information about your config-files and posting of
> a log-output with a high debug-level, it is quite difficult to answer
> this at all.
>   
>
> running saslauthd with "-d", I got:
>
> saslauthd[9800] :get_accept_lock : acquired accept lock
> saslauthd[9800] :rel_accept_lock : released accept lock
> saslauthd[9800] :do_auth         : auth failure: [user=nachtwey]
> [service=imap] [realm=] 
empty realm?

maybe this could be helpful:
http://www.openldap.org/faq/data/cache/944.html
http://www.semicomplete.com/articles/openldap-with-saslauthd/#id2244822
> [mech=kerberos5] [reason=saslauthd internal
> error]
> saslauthd[9800] :get_accept_lock : acquired accept lock,
>
> I just wonder, because no /etc/sasl2db was created on the SL-machine
> (but was on debian)
>   
if you want to store your user/passwords in openldap,
you dont need sasldb2 at all

>   
> > maybe you should take a look at the debug-output of slapd first.
> >     
>
> as long as sasl does not work, i do not mention slapd ;-)
> but: slapd runs fine if I neglect the authentification problem by sasl
>
>   
> > BjÃrn Nachtwey schrieb:
> >     
> > > Dear all,
> > >
> > > I set up a ldap server and want to use sasl/kerberos5 for
> > > authetification.
> > >   
> > >       
> > you mean: gssapi
> >     
>
> no, i mean kerberos5
>
>   
> > > well, using debian/etch it works fine.
> > > using scientific linux 5.1 (SL5.1) it does not work, not even
> > > testsaslauthd works.
> > >
> > > the configuration of both systems is the same, 
> > >       
> > snippets of the config-files...
> >     
>
> cat /etc/krb5.conf @ SL-machine:
>
> [realms]
>  TU-BS.de = {
>   kdc = rzkrb1.rz.tu-bs.de
>   kdc = rzkrb2.rz.tu-bs.de
>   admin_server = rzafs7.rz.tu-bs.de
>  }
>
> [domain_realm]
>  tu-bs.de = TU-BS.de
>  .tu-bs.de = TU-BS.de
>
> cat /etc/krb5.conf @ Debian/Etch:
>
> [realms]
>         TU-BS.DE = {
>                 kdc = rzkrb1.rz.tu-bs.de
>                 admin_server = rzafs7.rz.tu-bs.de
>         }
>
> [domain_realm]
>         .tu-bs.de = TU-BS.DE
>         tu-bs.de = TU-BS.DE
>
>
> cat /etc/default/saslauthd @ Debian/Etch:
>
> START=yes
> MECHANISMS="kerberos5"
> MECH_OPTIONS=""
> THREADS=3
> OPTIONS="-c"
>
> cat /etc/sysconfig/saslauthd @ SL51
>
> SOCKETDIR=/var/run/saslauthd
>   
correct owner/rights on socketdir and socket ?
(typical  /var/run/saslauthd/mux  )
just a guess...
> MECH=kerberos5
> FLAGS=
>
> but it's the same if I do the saslauthd start with
>
> saslauthd -a kerberos5 -n 1
>
> on both maschines: debian works, SL does not :-(
>
>
> thanks,
>
> BjÃrn
>
>   
> > > besides hostname gives on
> > > debian just the name and on SL5.1 the FQN.
> > >
> > > i also tried to compile cyrus/sasl from sources -- just the same.
> > >
> > > sl being a clone of RHEL, does anyone have the same problem?
> > > does anyone have any idea?
> > >
> > > thanks & best regards,
> > >
> > > BjÃrn
> > >   
> > >       
> > ____________
> > Virus checked by G DATA AntiVirusKit
> > Version: AVK 18.4023 from 05.06.2008
> > Virus news: www.antiviruslab.com
> >
> >
> >     

____________
Virus checked by G DATA AntiVirusKit
Version: AVK 18.4024 from 05.06.2008
Virus news: www.antiviruslab.com