[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP + Kerberos on FreeBSD 7.2, close to working but not quite

To: openldap-technical@openldap.org
Subject: Re: OpenLDAP + Kerberos on FreeBSD 7.2, close to working but not quite
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Mon, 10 Aug 2009 08:37:53 +0200
In-reply-to: <358c9f370908091707r638e97c4ka5479eca7acdaab8@mail.gmail.com> (Allan's message of "Sun, 9 Aug 2009 20:07:26 -0400")
References: <358c9f370908091707r638e97c4ka5479eca7acdaab8@mail.gmail.com>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b28 (linux)

Allan <cr4z3d@gmail.com> writes:

> Hello, I've been reading around on OpenLDAP + Kerberos (FreeBSD 7.2) for
> authentication/authorization. I'm a bit confused on how to get it all working
> but I've gotten far enough that I can run getent passwd test.user and it pulls
> down the information from ldap (ran as root and non-root user). I can also
> successfully get a ticket with kinit from various users. Where I run into
> problems, is actually getting services to use GSSAPI. I am currently using
> nss_ldap and pam_ldap to authenticate during ssh login, if there's a better
> alternative please let me know.
>
> Here's the setup I've got:
> Services -> FQDN -> IP
> ldap/kdc -> frisbee.crazy.lan -> 192.168.1.5
> ssh -> cake.crazy.lan -> 192.168.1.6

[...]
> Aug  9 17:47:21 frisbee slapd[86935]: conn=15 fd=11 ACCEPT from IP=
> 192.168.1.6:56955 (IP=0.0.0.0:389)
> Aug  9 17:47:21 frisbee slapd[86935]: conn=15 op=0 EXT oid=
> 1.3.6.1.4.1.1466.20037
> Aug  9 17:47:21 frisbee slapd[86935]: conn=15 op=0 STARTTLS
> Aug  9 17:47:21 frisbee slapd[86935]: conn=15 op=0 RESULT oid= err=0 text=
> Aug  9 17:47:21 frisbee slapd[86935]: conn=15 fd=11 TLS established tls_ssf=
> 256 ssf=256
> Aug  9 17:47:21 frisbee slapd[86935]: conn=15 op=1 BIND dn="" method=163
> Aug  9 17:47:21 frisbee slapd[86935]: SASL [conn=15] Failure: Couldn't find
> mech GSSAPI
> Aug  9 17:47:21 frisbee slapd[86935]: conn=15 op=1 RESULT tag=97 err=7 text=
> SASL(-4): no mechanism available: Couldn't find mech GSSAPI
> Aug  9 17:47:21 frisbee slapd[86935]: conn=15 op=2 UNBIND
> Aug  9 17:47:21 frisbee slapd[86935]: conn=15 fd=11 closed
> ==============================================================
>
> This is where I get a bit confused, it tells me that there's no mechanism for
> GSSAPI.. So I try changing to no SASL options in the configuration file:

What is the output of
ldapsearch -x -H ldap://localhost -b "" -s base supportedSaslMechanisms

-Dieter

-- 
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:8EF7B6C6
53°08'09,95"N
10°08'02,42"E

References:
- OpenLDAP + Kerberos on FreeBSD 7.2, close to working but not quite
  - From: Allan <cr4z3d@gmail.com>

Prev by Date: OpenLDAP + Kerberos on FreeBSD 7.2, close to working but not quite
Next by Date: Re: Secret not in database
Index(es):
- Chronological
- Thread