[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Kerberos, GSSAPI Miscellaneous failure





--On Friday, September 16, 2005 8:11 PM -0400 nclark1@gmu.edu wrote:


Trying to get openldap working with MIT Kerberos authentication but keep getting the following error when connecting:

SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
(80)         additional info: SASL(-1): generic failure: GSSAPI Error:
Miscellaneous failure (Resource temporarily unavailable)

I have created and set proper permissions on the ldap.keytab so that
slapd can see it

I see the following in slapd.conf:
Sep 16 20:05:52 socrates slapd[6365]: SASL [conn=9] Failure: GSSAPI
Error: Miscellaneous failure (Resource temporarily unavailable)  Sep 16
20:05:52 socrates slapd[6365]: send_ldap_result: conn=9 op=1 p=3  Sep 16
20:05:52 socrates slapd[6365]: send_ldap_result: err=80 matched=""
text="SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure
(Resource temporarily unavailable)"

I suggest using the cyrus-sasl client & server programs to get your SASL/GSSAPI authentication working before trying to get it working with OpenLDAP.


Note that the kerberos on the OL system is likely trying to find the ldap/* principal in the krb5.keytab file.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin