[Date Prev][Date Next]
Re: LDAP + Kerberos not allowing simple binds
"Jose Gonzalez Gomez" <firstname.lastname@example.org> wrote in message
> Robert wrote:
> Sorry, but I don't know what else you would check... from my
> experience those internal errors are produced by some misconfiguration.
> Common causes for this: service ticket not found in keytab, server not
> able to access to keytab, using an alias instead of the canonical name
> of the machine, name of the machine not correctly configured in DNS
> (forward and reverse resolution needed),...
Jose, I finally figured out what it was. I was also following the thread
from the sasl list:
Apparently, James Madill was having the exact same problem that I had.
There was a suggestion to run kinit -k. I did that and I got an error
saying that the principal wasn't found. To my surprise the missing
principal turned out to be host/pianta-scramble. Shouldn't it be
My /etc/hosts file contails
127.0.0.1 pianta-scramble localhost.localdomain localhost
My dns server has both forward and reverse mappings. A lookup on the ip
address on the machine returns the fully qualified domain name of the
machine. Is yours configured with the fully qualified domain name?
Another question: How long does it take for saslauthd to authenticate a
kerberos user? Mine takes a good 10+ seconds to return success. If I use
the incorrect password, it returns failure in a split second. How does
yours compare to this? Can you think of why it is taking so long?