[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Preauth error ldap heimdal kerberos



On 19/03/10 12:39 +0200, Μανόλης Βλαχάκης wrote:
Hallo there everyone

i hope you can help me with my issue cause it really bothers me for a week

i set up an ldap on gentoo and after modifying heimdal kerberos and tls
i am stuck to that point:
i get these errors...

additional info: SASL(-13): authentication failure: GSSAPI Failure:
gss_accept_sec_context

+

AS-REQ host/proof.teipir.gr@TEIPIR.GR <http://teipir.gr/> from
IPv4:10.0.0.12 for krbtgt/TEIPIR.GR
<http://teipir.gr/>@TEIPIR.GR<http://teipir.gr/>
2010-03-18T16:32:58 Client sent patypes: none
2010-03-18T16:32:58 Looking for ENC-TS pa-data -- host/proof.teipir.gr@
TEIPIR.GR <http://teipir.gr/>
2010-03-18T16:32:58 No preauth found, returning PREAUTH-REQUIRED -- host/
proof.teipir.gr@TEIPIR.GR <http://teipir.gr/>
2010-03-18T16:32:58 sending 268 bytes to IPv4:10.0.0.12

Is there one host involved or two, and do they both have valid credential
caches (klist)?

Does your openldap user have access to /etc/krb5.keytab? What does your
cyrus sasl config look like (if it exists)?

Assuming you're using an ldapsearch command from the client, what options
are you passing?

Do you have any custom SASL config items in your openldap config
(sasl-host, sasl-realm or sasl-secprops)?

--
Dan White