[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GSSAPI Failure: gss_accept_sec_context

The Shell wrote:

Kurt D. Zeilenga wrote:

Have you gotten the Cyrus SASL sample client/server code to
work properly when the GSSAPI mechanism is selected?
At 10:49 AM 6/5/2004, The Shell wrote:

Dear all,

I m not sure whether this is ldap or SASL problem , so I sent to both mailing list.
The command I used to test is "ldapwhoami -Y GSSAPI."

I want to test the setup of OpenLdap (2.2.2b) with SASL.

.2b?  You should consider upgrading to the latest 2.2 release, .12.

But it appeared as failed with the following error:
ber_dump: buf=0x082b3c00 ptr=0x082b3e51 end=0x082b3e51 len=0
conn=1 op=0 BIND dn="" method=163
==> sasl_bind: dn="" mech=GSSAPI datalen=565
send_ldap_result: err=49 matched="" text="SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context"
conn=1 op=0 RESULT tag=97 err=49 text=SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context
daemon: activity on 1 descriptors
daemon: activity on: 14r
daemon: read activity on 14
daemon: removing 14

I turned on debug mode when starting slapd, so I got the above message shown on the console.
Where should I look into in order to troubleshoot the problem?


And I don't know why I am getting localhost.REALM in the returned message of the ldapwhoami:
2004-06-06T03:17:37 AS-REQ Manager@XYZ.COM from IPv4: for krbtgt/XYZ.COM@XYZ.COM
2004-06-06T03:17:37 Using des3-cbc-sha1/des3-cbc-sha1
2004-06-06T03:17:37 sending 615 bytes to IPv4:
2004-06-06T03:18:00 TGS-REQ Manager@XYZ.COM from IPv4: for ldap/localhost.xyz.com@XYZ.COM
2004-06-06T03:18:00 sending 632 bytes to IPv4:

Sorry, the above message is not generated by ldapwhoami.
I just noticed that there is no message written to /var/log/krb5kde.log file when ldapwhoami executed unccessfully.
This might be not the error caused by Kerberos 5. Then what stop ldap communicate with Kerberos?