It's been awhile since I posted this, but for the record (and if anyone encounters this in the future), this was a problem with the ldap/fqdn principal keytab on the DS server. It needed to have a weaker enctype (des-cbc-crc worked, though others probably do, as well), or else apparently Solaris couldn't handle it. -- Andrew Deason adeason2@uiuc.edu On Wed, 31 Jan 2007 17:35:47 -0600 Andrew Deason <adeason2@uiuc.edu> wrote: > I am trying to use OpenLDAP's ldapsearch to connect to a Sun DS 5.2 > server using SASL/GSSAPI to authenticate. The setup works perfectly > fine on Solaris clients, but not on Linux ones using OpenLDAP's > ldapsearch (Debian sid on x86). Instead, it always gives the following > error: > > SASL/GSSAPI authentication started > ldap_sasl_interactive_bind_s: Invalid credentials (49) > additional info: SASL(-13): authentication failure: GSSAPI > Error: Unspecified GSS failure. Minor code may provide more > information (Unknown code 188) > > This error is coming from the DS server (right?), so I know this may > not be OpenLDAP's problem. I was just wondering if anyone else had > encountered this problem, or if there are any workarounds or anything, > or if this is known to just not work at all. > > I'm using the Cyrus SASL implementation with MIT Kerberos. I tried > this with ldapsearch 2.3.30 and 2.2.23. > > -- > Andrew Deason > adeason2@uiuc.edu >
Attachment:
pgpNX0rWMsMzR.pgp
Description: PGP signature